Recent changes to this wiki:

Delete usbhidctl possible problem, no longer able to reproduce that.
Index: wikisrc/users/leot/aarch64_problems.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/users/leot/aarch64_problems.mdwn,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- wikisrc/users/leot/aarch64_problems.mdwn	18 Jun 2018 12:42:27 -0000	1.2
+++ wikisrc/users/leot/aarch64_problems.mdwn	18 Jun 2018 13:16:53 -0000	1.3
@@ -4,16 +4,6 @@
 investigation in order to write proper PR or better yet to fix them!
 
 
-## `usbhidctl` and NetBSD crashes on Pinebook
-
-At least by running:
-
-    # usbhidctl -f uhid4 -r
-
-it is possible to crash the Pinebook. Investigate why and if possible get a
-complete backtrace.
-
-
 ## `mpv` and NetBSD crashes
 Just by invoking `mpv` via:
 

Sync with htdocs/global.css,v 1.67
Worth differences:
- .whiteOnBlack is still present because used on wikisrc
- Google CSE styles doesn't seem no longer used, they were deleted
Members: 
	global.css:1.3->1.4 

Index: wikisrc/global.css
===================================================================
RCS file: /cvsroot/wikisrc/global.css,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- wikisrc/global.css	28 Jun 2016 08:56:14 -0000	1.3
+++ wikisrc/global.css	18 Jun 2018 12:56:09 -0000	1.4
@@ -1,13 +1,12 @@
+/* $NetBSD: global.css,v 1.4 2018/06/18 12:56:09 leot Exp $ */
+
 /* ##### Common Styles ##### */
 
 body {
   background-color: #ffffff;
   color: #000000;
-  font-family: Tahoma, sans-serif;
-  font-size: small;
-  line-height: 1.3em;
+  font-family: 'Roboto', Tahoma, sans-serif;
   margin: 0;
-  padding: 0;
 }
 
 acronym, .titleTip {
@@ -22,12 +21,12 @@
 }
 
 a:link {
-  color: #b84e0d;
+  color: #fd6720;
   text-decoration: none;
 }
 
 a:hover {
-  color: #f26711;
+  color: #fd6720;
   text-decoration: underline;
 }
 
@@ -37,10 +36,14 @@
 }
 
 a:visited:hover {
-  color: #f26711;
+  color: #fd6720;
   text-decoration: underline;
 }
 
+h1 {
+  line-height: 1em;
+}
+
 h3 {
   color: #777777;
 }
@@ -49,6 +52,10 @@
   color: #777777;
 }
 
+pre {
+  white-space: pre-wrap;
+}
+
 .doNotDisplay {
   display: none !important;
 }
@@ -121,7 +128,7 @@
 }
 
 #logo #slogan a {
-  color: #F26711;
+  color: #fd6720;
   font-style: italic;
   font-size: 21px;
 }
@@ -130,71 +137,21 @@
   text-decoration: none;
 }
 
-#headerLangs a {
-  color: #777777;
-  background-color: transparent;
-  text-decoration: none;
-  margin: 0;
-  padding: 0 0 0.5ex 0;
-}
-
-#headerLangs a:hover {
-  color: #f26711;
-  background-color: transparent;
-  text-decoration: underline;
-}
-
-#headerLangs {
-  position: absolute;
-  top: 2.5em;
-  right: 1em;
-  white-space: nowrap;
-}
-
 .whiteOnBlack {
   background-color: #ffffff !important;
   color: #000000 !important;
 }
 
-#headerMirrors select {
-  font-size: 12px;
-}
-
-#headerTools {
-  text-align: right;
-  position: absolute;
-  top: 20px;
-  right: 1em;
-  margin: 0;
-  width: 22em;
-}
-
-#headerTools input {
-  background-color: #eeeeee;
-  color: #555555;
-  border: 1px solid #d4d4d4;
-  padding: 1px 5px 1px 5px;
-  font-size: small;
-  width: 5em;
-}
-
-#headerTools input[type=text] {
-  margin-right: 5px;
-  width: 13em;
-}
-
 #navBar {
   font-size: 14px;
-  font-weight: bold;
-  min-width: 900px;
-  background: url("./images/navbar-gradient.png") repeat-x scroll 0% 0% rgb(54, 54, 54);
-  background-color: rgb(54, 54, 54);
+  min-width: 1050px;
+  background-color: #444;
 }
 
 #navBar a {
   display: block;
   color: #ffffff;
-  padding: 0.7em 0.5em 0.7em 0.5em;
+  padding: 1em;
 }
 
 #navBar ul {
@@ -205,6 +162,8 @@
 }
 
 #navBar ul li {
+  border: solid rgba(0, 0, 0, .05);
+  border-width: 0 1px 0 0;
   display: inline-block;
   position: relative;
   *display: inline; /* for IE 7 compatibility */
@@ -229,27 +188,27 @@
 
 #navBar ul li ul li a {
   min-width: 8em;
-  border-left:  1px solid #F26711;
-  border-right: 1px solid #F26711;
+  border-left:  1px solid #fd6720;
+  border-right: 1px solid #fd6720;
 }
 
 #navBar ul li ul li:first-child a {
-  border-top: 1px solid #F26711;
+  border-top: 1px solid #fd6720;
 }
 
 #navBar ul li ul li:last-child a {
-  border-bottom: 1px solid #F26711;
+  border-bottom: 1px solid #fd6720;
 }
 
 #navBar ul li:hover ul li a {
   text-decoration: none;
-  color: #F26711;
+  color: #fd6720;
   background-color: #FFF2E1;
 }
 
 #navBar ul li:hover ul li a:hover {
   color: #FFFFFF;
-  background-color: #F26711;
+  background-color: #fd6720;
 }
 
 #navBar ul li ul li, #navBar ul li:hover ul {
@@ -383,7 +342,7 @@
 }
 

(Diff truncated)
Code blocks syntax is 4 spaces or 1 tab, not four `!
Index: wikisrc/users/leot/aarch64_problems.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/users/leot/aarch64_problems.mdwn,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- wikisrc/users/leot/aarch64_problems.mdwn	18 Jun 2018 12:30:36 -0000	1.1
+++ wikisrc/users/leot/aarch64_problems.mdwn	18 Jun 2018 12:42:27 -0000	1.2
@@ -8,9 +8,7 @@
 
 At least by running:
 
-````
-# usbhidctl -f uhid4 -r
-````
+    # usbhidctl -f uhid4 -r
 
 it is possible to crash the Pinebook. Investigate why and if possible get a
 complete backtrace.
@@ -19,9 +17,7 @@
 ## `mpv` and NetBSD crashes
 Just by invoking `mpv` via:
 
-````
-$ mpv
-````
+    $ mpv
 
 It is possible to completely crash NetBSD on aarch64. Investigate why and if
 possible get a complete backtrace.
@@ -32,40 +28,34 @@
 ## Python `import requests` SIGILLs
 Doing a (please note that also `python36` is affected):
 
-````
-$ python2.7 -c 'import requests'
-Illegal instruction (core dumped)
-Exit 132
-````
+    $ python2.7 -c 'import requests'
+    Illegal instruction (core dumped)
+    Exit 132
 
 leads to a SIGILL. Trying to reduce the test case this also happens with just a:
 
-````
-$ python2.7 -c 'import OpenSSL'
-Illegal instruction (core dumped)
-Exit 132
-````
+    $ python2.7 -c 'import OpenSSL'
+    Illegal instruction (core dumped)
+    Exit 132
 
 Trying to debug this a bit further we can see:
 
-````
-% cat asi.py
-import OpenSSL
-% python2.7 -m trace --trace asi.py
-[...]
-binding.py(88):     for attr in dir(lib):
-binding.py(89):         if attr not in excluded_names:
-binding.py(90):             setattr(conditional_lib, attr, getattr(lib, attr))
-binding.py(88):     for attr in dir(lib):
-binding.py(89):         if attr not in excluded_names:
-binding.py(90):             setattr(conditional_lib, attr, getattr(lib, attr))
-binding.py(88):     for attr in dir(lib):
-binding.py(89):         if attr not in excluded_names:
-binding.py(90):             setattr(conditional_lib, attr, getattr(lib, attr))
-binding.py(88):     for attr in dir(lib):
-binding.py(92):     return conditional_lib
-binding.py(126):                 cls._lib_loaded = True
-binding.py(128):                 cls.lib.SSL_library_init()
-Illegal instruction (core dumped)
-Exit 132
-````
+    % cat asi.py
+    import OpenSSL
+    % python2.7 -m trace --trace asi.py
+    [...]
+    binding.py(88):     for attr in dir(lib):
+    binding.py(89):         if attr not in excluded_names:
+    binding.py(90):             setattr(conditional_lib, attr, getattr(lib, attr))
+    binding.py(88):     for attr in dir(lib):
+    binding.py(89):         if attr not in excluded_names:
+    binding.py(90):             setattr(conditional_lib, attr, getattr(lib, attr))
+    binding.py(88):     for attr in dir(lib):
+    binding.py(89):         if attr not in excluded_names:
+    binding.py(90):             setattr(conditional_lib, attr, getattr(lib, attr))
+    binding.py(88):     for attr in dir(lib):
+    binding.py(92):     return conditional_lib
+    binding.py(126):                 cls._lib_loaded = True
+    binding.py(128):                 cls.lib.SSL_library_init()
+    Illegal instruction (core dumped)
+    Exit 132

Add a wiki page with some aarch64/Pinebook problems that needs further
investigations.
--- /dev/null	2018-06-18 12:30:02.000000000 +0000
+++ wikisrc/users/leot/aarch64_problems.mdwn	2018-06-18 12:30:54.000000000 +0000
@@ -0,0 +1,71 @@
+# Various (possible) problems of aarch64
+
+Here a list of possible problems of NetBSD/evbarm aarch64 that needs further
+investigation in order to write proper PR or better yet to fix them!
+
+
+## `usbhidctl` and NetBSD crashes on Pinebook
+
+At least by running:
+
+````
+# usbhidctl -f uhid4 -r
+````
+
+it is possible to crash the Pinebook. Investigate why and if possible get a
+complete backtrace.
+
+
+## `mpv` and NetBSD crashes
+Just by invoking `mpv` via:
+
+````
+$ mpv
+````
+
+It is possible to completely crash NetBSD on aarch64. Investigate why and if
+possible get a complete backtrace.
+
+(Is it PaX MPROTECT related?)
+
+
+## Python `import requests` SIGILLs
+Doing a (please note that also `python36` is affected):
+
+````
+$ python2.7 -c 'import requests'
+Illegal instruction (core dumped)
+Exit 132
+````
+
+leads to a SIGILL. Trying to reduce the test case this also happens with just a:
+
+````
+$ python2.7 -c 'import OpenSSL'
+Illegal instruction (core dumped)
+Exit 132
+````
+
+Trying to debug this a bit further we can see:
+
+````
+% cat asi.py
+import OpenSSL
+% python2.7 -m trace --trace asi.py
+[...]
+binding.py(88):     for attr in dir(lib):
+binding.py(89):         if attr not in excluded_names:
+binding.py(90):             setattr(conditional_lib, attr, getattr(lib, attr))
+binding.py(88):     for attr in dir(lib):
+binding.py(89):         if attr not in excluded_names:
+binding.py(90):             setattr(conditional_lib, attr, getattr(lib, attr))
+binding.py(88):     for attr in dir(lib):
+binding.py(89):         if attr not in excluded_names:
+binding.py(90):             setattr(conditional_lib, attr, getattr(lib, attr))
+binding.py(88):     for attr in dir(lib):
+binding.py(92):     return conditional_lib
+binding.py(126):                 cls._lib_loaded = True
+binding.py(128):                 cls.lib.SSL_library_init()
+Illegal instruction (core dumped)
+Exit 132
+````

Fix the anchor (hopefully).
Index: wikisrc/users/leot.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/users/leot.mdwn,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- wikisrc/users/leot.mdwn	18 Jun 2018 12:14:42 -0000	1.1
+++ wikisrc/users/leot.mdwn	18 Jun 2018 12:16:52 -0000	1.2
@@ -4,4 +4,4 @@
 
 If you are looking for information about myself, patches, misc
 files, etc. please give a look to:
-[[leot homepage at www.NetBSD.org|//www.NetBSD.org/~leot/]].
+[[leot homepage at www.NetBSD.org|https://www.NetBSD.org/~leot/]].

Add a leot wiki page.
Nothing interesting ATM but it will probably contain TODO/WIP notes.
Members: 
	users/leot.mdwn:INITIAL->1.1 

--- /dev/null	2018-06-18 12:14:01.000000000 +0000
+++ wikisrc/users/leot.mdwn	2018-06-18 12:14:58.000000000 +0000
@@ -0,0 +1,7 @@
+[[!meta title="Leonardo Taccari (leot)"]]
+
+Welcome to this wiki page!
+
+If you are looking for information about myself, patches, misc
+files, etc. please give a look to:
+[[leot homepage at www.NetBSD.org|//www.NetBSD.org/~leot/]].

Index: wikisrc/ports/xen/howto.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/ports/xen/howto.mdwn,v
retrieving revision 1.142
retrieving revision 1.143
diff -u -r1.142 -r1.143
--- wikisrc/ports/xen/howto.mdwn	29 May 2018 01:09:16 -0000	1.142
+++ wikisrc/ports/xen/howto.mdwn	17 Jun 2018 21:11:00 -0000	1.143
@@ -1170,7 +1170,7 @@
 Amazon
 ------
 
-See the [Amazon EC2 page](../amazon_ec2/).
+See the [Amazon EC2 page](/amazon_ec2/).
 
 Using npf
 ---------

Move BSDCan to past events.
Index: wikisrc/events.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/events.mdwn,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -r1.59 -r1.60
--- wikisrc/events.mdwn	22 Mar 2018 16:12:27 -0000	1.59
+++ wikisrc/events.mdwn	16 Jun 2018 09:04:40 -0000	1.60
@@ -11,18 +11,6 @@
 Future Events
 -------------
 
-### `Jun 2018` - BSDCan 2018, Ottawa, Canada
-
-*June 6 - 9, 2018, University of Ottawa, Ottawa, Canada*
-
-[BSDCan](https://www.bsdcan.org/2018/), a BSD conference held in
-Ottawa, Canada, quickly established itself as the technical conference
-for people working on and with 4.4BSD based operating systems and
-related projects. The organizers have found a fantastic formula
-that appeals to a wide range of people from extreme novices to
-advanced developers.
-
-
 ### `Jul 2018` - pkgsrcCon 2018, Berlin, Germany
 
 *July 7 - 8, 2018, Berlin, Germany*
@@ -50,6 +38,18 @@
 Past Events
 -----------
 
+### `Jun 2018` - BSDCan 2018, Ottawa, Canada
+
+*June 6 - 9, 2018, University of Ottawa, Ottawa, Canada*
+
+[BSDCan](https://www.bsdcan.org/2018/), a BSD conference held in
+Ottawa, Canada, quickly established itself as the technical conference
+for people working on and with 4.4BSD based operating systems and
+related projects. The organizers have found a fantastic formula
+that appeals to a wide range of people from extreme novices to
+advanced developers.
+
+
 ### `Mar 2018` - AsiaBSDCon 2018, Tokyo, Japan
 
 *March 8 - 11, Tokyo University of Science, Tokyo, Japan*

Some backports in netbsd-8, and add a note about the missing parts of
retpoline/rsb.
Index: wikisrc/security/meltdown_spectre.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/meltdown_spectre.mdwn,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- wikisrc/security/meltdown_spectre.mdwn	23 May 2018 07:47:07 -0000	1.36
+++ wikisrc/security/meltdown_spectre.mdwn	14 Jun 2018 14:40:40 -0000	1.37
@@ -37,9 +37,9 @@
 [[!table data="""
 Port		|Vendor/Model	|Spectre (V2)	|NetBSD-7	|NetBSD-8	|NetBSD-current
 amd64		|Intel		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigB] [MitigD]
-amd64		|AMD		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigC] [MitigD]
+amd64		|AMD		|Vulnerable	|Not fixed	|Fixed [MitigC] [MitigD]	|Fixed [MitigC] [MitigD]
 i386		|Intel		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigD]
-i386		|AMD		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigC] [MitigD]
+i386		|AMD		|Vulnerable	|Not fixed	|Fixed [MitigC] [MitigD]	|Fixed [MitigC] [MitigD]
 mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 mips		|MIPS (others)	|Not vulnerable	|		|		|
@@ -86,10 +86,10 @@
 
 [[!table data="""
 Port		|Vendor/Model	|Spectre (V4)	|NetBSD-7	|NetBSD-8	|NetBSD-current
-amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigE]
-amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigF]
-i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigE]
-i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigF]
+amd64		|Intel		|Vulnerable	|Not fixed	|Fixed [MitigE]	|Fixed [MitigE]
+amd64		|AMD		|Vulnerable	|Not fixed	|Fixed [MitigF]	|Fixed [MitigF]
+i386		|Intel		|Vulnerable	|Not fixed	|Fixed [MitigE]	|Fixed [MitigE]
+i386		|AMD		|Vulnerable	|Not fixed	|Fixed [MitigF]	|Fixed [MitigF]
 arm		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 arm		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 arm		|ARM Cortex-A73	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
@@ -138,6 +138,9 @@
 Software mitigation. It is enabled by default in GENERIC. When enabled,
 the "swmitigated" sysctl is set to one.
 
+Note: there is no retpoline for the ASM parts, and no RSB-stuffing either
+for Skylake.
+
 ### Mitigations E, F
 
 There are two available mitigations for SpectreV4. Their availability

Spelling and punctuation fixes
Index: wikisrc/Installation_on_UEFI_systems.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/Installation_on_UEFI_systems.mdwn,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- wikisrc/Installation_on_UEFI_systems.mdwn	12 Jun 2018 11:06:18 -0000	1.1
+++ wikisrc/Installation_on_UEFI_systems.mdwn	13 Jun 2018 07:30:36 -0000	1.2
@@ -33,7 +33,7 @@
         # sysctl hw.disknames
         hw.disknames = wd0 dk0 dk1 dk2 dk3 sd0 dk4 dk5
 
-Here the internal SSD is showing up as wd0, and has Windows pre installed (dk0 .. dk3). The install image USB stick again shows up as sd0 with two wedges dk4 and dk5.
+Here the internal SSD is showing up as wd0, and has Windows pre-installed (dk0 .. dk3). The install image USB stick again shows up as sd0 with two wedges dk4 and dk5.
 
 Just to be sure let us check which device the installer booted from:
 
@@ -68,7 +68,7 @@
         wd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA moded 6 (Ultra/133)
         wd0(ahcisata1:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 6 (Ultra/133) (using DMA)
 
-**NOTE** for this tutorial screenshots have been created using VirtualBox. The following example uses a strange tiny 30 GB (virtual) hard disk. Also on VirtualBox it is quite tricky (or impossible?) to actually boot from a USB device - instead the USB install image was converted to a virtual disk image and the machine booted from that. This makes the install image show up as *wd1*.
+**NOTE** for this tutorial screenshots have been created using VirtualBox. The following example uses a strange tiny 30 GB (virtual) hard disk. Also on VirtualBox it is quite tricky (or impossible?) to actually boot from a USB device - instead the USB install image was converted to a virtual disk image, and the machine booted from that. This makes the install image show up as *wd1*.
 
 Here are the target disk details:
 
@@ -78,7 +78,7 @@
 
 So now that we have identified the disk and got the details, we need to plan our disk layout.
 
-We will need two partitions, one for UEFI to boot from, and the NetBSD root disk partition. Depending on planed use for the machine, we also will want a swap partition. This should not be smaller than the machines RAM size, so in case of a kernel panic a crash dump can be saved and recovered on next reboot. For this example let us calculate with 8 GB RAM and no special needs for more swap.
+We will need two partitions, one for UEFI to boot from, and the NetBSD root disk partition. Depending on planned use for the machine, we also will want a swap partition. This should not be smaller than the machine's RAM size, so in case of a kernel panic a crash dump can be saved and recovered on next reboot. For this example let us calculate with 8 GB RAM and no special needs for more swap.
 
 So we have a 30 GB disk, we subtract 8 GB of swap and a bit of space for the UEFI boot partition. That leaves us with (rounded down) 21 GB of space for the main NetBSD partition.
 
@@ -97,7 +97,7 @@
         # gpt add -a 2m -l NetBSD -t ffs -s 21g wd0
         # gpt add -a 2m -l swap -t swap wd0
 
-Then we check the result
+Then we check the result:
 
         # gpt show wd0
 

Initial version of UEFI install instructions
--- /dev/null	2018-06-12 11:06:04.000000000 +0000
+++ wikisrc/Installation_on_UEFI_systems.mdwn	2018-06-12 11:06:34.000000000 +0000
@@ -0,0 +1,153 @@
+## Installing NetBSD 8.0 on a x86 system with UEFI
+
+Modern x86 machines have UEFI instead of BIOS firmware. Unfortunately, as of the upcoming NetBSD 8.0 release the installer does not fully support this setup. We hope to address this shortcoming quickly after the NetBSD 8.0 release and provide full automatic installations for this kind of systems (and also mixed operating system setups) in NetBSD 8.1.
+
+This tutorial shows how to semi-manually do it. For simplicity we assume that you have booted the UEFI install image from a USB stick and want to install NetBSD onto the whole disk in the machine.
+
+### Getting out of the Installer
+
+The install image will offer a menu item to exit the install system. Using that will drop you to a shell prompt.
+
+![screenshot of sysinst main menu](https://netbsd.org/images/misc/uefi/01_exit_installer.png "Exit the Installer")
+
+### Identifying Disks
+
+At the shell prompt let us find out what disks we have and which one we want to install to. We can find out what disk devices have been recognized by the kernel via the sysctl program:
+
+        # sysctl hw.disknames
+        hw.disknames = ld0 wd0 cd0 sd0 dk0 dk1
+
+This output is from a typical desktop machine. Depending on details a SSD will show up as *ld* (NVME device) or *wd* (SATA device). Hard disks usually show up as *wd* as well. Other disks may show up as *ld* or *sd* (SCSI, SAN, RAID, ...). USB sticks typically show up as *sd* devices.
+
+So here we have a SSD as ld0, a hard disk as wd0, a blueray drive as cd0, and the install image on USB stick as sd0.
+
+The *dk* devices are logical wedges (partitions) on the hardware devices, and this early after boot we usually see them in order, that is: dk0 and dk1 are partitions on the installer USB stick sd0. We can verify that by asking for a list of wedges on sd0:
+
+        # dkctl sd0 listwedges
+        /dev/rsd0: 2 wedges:
+        dk0: EFI system, 262144 blocks at 2048, type: msdos
+        dk1: 2dfc926e-42bd-43fb-9bb5-b227c2c3fc99, 2560000 blocks at 264192, type: ffs
+
+Let us look at another example, this time from a typical notebook:
+
+        # sysctl hw.disknames
+        hw.disknames = wd0 dk0 dk1 dk2 dk3 sd0 dk4 dk5
+
+Here the internal SSD is showing up as wd0, and has Windows pre installed (dk0 .. dk3). The install image USB stick again shows up as sd0 with two wedges dk4 and dk5.
+
+Just to be sure let us check which device the installer booted from:
+
+        # dmesg | fgrep "root on"
+        root on dk5
+
+and verify this is indeed on sd0:
+
+        # dkctl sd0 listwedges
+        /dev/rsd0: 2 wedges:
+        dk4: EFI system, 262144 blocks at 2048, type: msdos
+        dk5: 2dfc926e-42bd-43fb-9bb5-b227c2c3fc99, 2560000 blocks at 264192, type: ffs
+
+Now for fun check the internal ssd:
+
+        # dkctl wd0 listwedges
+        /dev/rwd0: 4 wedges:
+        dk0: EFI system partition, 204800 blocks at 2048, type: msdos
+        dk1: Microsoft reserved partition, 32768 blocks at 206848, type:
+        dk2: Basic data partition, 409602048 blocks at 239616, type:
+        dk3: 2d02bc12-8433-4e41-ac12-f89167b1a93e, 1024000 blocks at 499093504, type:
+
+**NOTE**: if you keep following this tutorial on a machine like the above, the windows installation will be destroyed and all data lost!
+
+You can check more details about individual disks by extracting parts of the kernel output from the dmesg output. Assuming we want to install onto disk wd0, let us check for it:
+
+        # dmesg | fgrep wd0
+        wd0 at atabus4 drive 0
+        wd0: <WDC WD4002FFWX-68TZ4N0>
+        wd0: drive supports 16-sector PIO transfers, LBA48 addressing
+        wd0: 3726 GB, 7752021 cyl, 16 head, 63 sec, 512 bytes/sect x 7814037168 sectors
+        wd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA moded 6 (Ultra/133)
+        wd0(ahcisata1:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 6 (Ultra/133) (using DMA)
+
+**NOTE** for this tutorial screenshots have been created using VirtualBox. The following example uses a strange tiny 30 GB (virtual) hard disk. Also on VirtualBox it is quite tricky (or impossible?) to actually boot from a USB device - instead the USB install image was converted to a virtual disk image and the machine booted from that. This makes the install image show up as *wd1*.
+
+Here are the target disk details:
+
+![screenshot of wd0 dmesg details](https://netbsd.org/images/misc/uefi/02_hard_disk_details.png "Disk Details")
+
+### Size Calculations
+
+So now that we have identified the disk and got the details, we need to plan our disk layout.
+
+We will need two partitions, one for UEFI to boot from, and the NetBSD root disk partition. Depending on planed use for the machine, we also will want a swap partition. This should not be smaller than the machines RAM size, so in case of a kernel panic a crash dump can be saved and recovered on next reboot. For this example let us calculate with 8 GB RAM and no special needs for more swap.
+
+So we have a 30 GB disk, we subtract 8 GB of swap and a bit of space for the UEFI boot partition. That leaves us with (rounded down) 21 GB of space for the main NetBSD partition.
+
+### Partitioning and Formating the Disk
+
+**NOTE** we are about to fully destroy all contents on this disk! Please stop if you are unsure or have no proper backup!
+
+Just to make sure, we kill any old partition data on the disk:
+
+        # gpt destroy wd0
+
+Next we create a new partition table and add the partitions with the sizes calculated above (the EFI partition usually is quite small):
+
+        # gpt create wd0
+        # gpt add -a 2m -l "EFI system" -t efi -s 128m wd0
+        # gpt add -a 2m -l NetBSD -t ffs -s 21g wd0
+        # gpt add -a 2m -l swap -t swap wd0
+
+Then we check the result
+
+        # gpt show wd0
+
+Note that the kernel messages between the commands also show us the wedge names (dk0...dk4) of the individual partitions we have just created. The mapping between partitions on a disk and wedge (dk) devices is not fixed, you can see below that managing partitions removes all old wedge devices and adds new ones.
+
+![screenshot of wd0 partitioning](https://netbsd.org/images/misc/uefi/03_create_gpt.png "Partitioning the Disk")
+
+Just to make double sure, let us list the wedges on wd0 explicitly:
+
+        # dkctl wd0 listwedges
+
+Now we need to format the EFI partition as type msdos, and the NetBSD partition as type ffs. Also we create a directory "EFI/boot" on the EFI partition and copy the bootloaders there.
+
+The commands for this are:
+
+        # newfs_msdos /dev/rdk2
+        # mount -t msdos /dev/dk2 /mnt
+        # mkdir -p /mnt/EFI/boot
+        # cp /usr/mdec/*.efi /mnt/EFI/boot
+        # umount /mnt
+        # newfs -O 2 dk3
+
+and it looks like this:
+
+![screenshot of wd0 formatting](https://netbsd.org/images/misc/uefi/04_manual_init.png "Formatting the Disk")
+
+### Main Installation
+
+Now we are mostly done. We can leave the shell and return to the installer (sysinst). Type Ctrl-D or use the "exit" command.
+
+Back in sysinst we choose "Install NetBSD to hard disk":
+
+![screenshot of sysinst](https://netbsd.org/images/misc/uefi/05_back_in_sysinst_install.png "Back in Sysinst")
+
+The next steps are mostly the same as for other sysinst installations. We have to confirm (but actually all harm is already done as we manually repartitioned the disk above):
+
+![screenshot of sysinst asking for install confirmation](https://netbsd.org/images/misc/uefi/06_yes_i_mean_it.png "Are we sure?")
+
+Since we already prepared everything, we can select a preformatted wedge (which we did name "NetBSD" above):
+
+![screenshot of sysinst selecting the target disk](https://netbsd.org/images/misc/uefi/07_select_target_wedge.png "Select the target wedge")
+
+*NOTE* if you paid close attention, you will notice a bug in this screenshot. The dk1@wd1 wedge (right above the real target) would be dk1@sd0 on real hardware. That is: this is the install image root partition, which we currently have mounted. Sysinst should not offer this wedge here - a bug that might be fixed before the actual 8.0 release (but not in time for this tutorial).
+
+Not quite usefull in this semi-manual setup, but sysinst asks again for confirmation:
+
+![screenshot of sysinst asking for confirmation again](https://netbsd.org/images/misc/uefi/08_go_for_it.png "Are we still sure?")
+
+Sysinst does not know about the EFI boot partition, but it recognizes there is a swap partition on the same disk as the target partition we have selected. It correctly assumes that we will want to use this for swapping and offers to add it to the installed systems swap configuration:
+
+![screenshot of sysinst offering the swap partition](https://netbsd.org/images/misc/uefi/09_use_my_swap.png "Use the swap partition?")
+
+Now just follow the remaining sysinst steps - they are the same as all other x86 NetBSD installations.

Anchor for new UEFI installation page
Index: wikisrc/tutorials.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/tutorials.mdwn,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- wikisrc/tutorials.mdwn	23 Feb 2018 17:29:48 -0000	1.34
+++ wikisrc/tutorials.mdwn	12 Jun 2018 09:19:43 -0000	1.35
@@ -3,6 +3,7 @@
 ## NetBSD setup
 * [[X11]]
 * [[Services]]
+* [[Installation on UEFI systems]]
 
 ## Guide and HOWTOs
 * [[Optical media]]

update dhcpcd version
Index: wikisrc/users/maya/release-notes-8-draft.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/users/maya/release-notes-8-draft.mdwn,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- wikisrc/users/maya/release-notes-8-draft.mdwn	8 Jun 2018 10:28:59 -0000	1.17
+++ wikisrc/users/maya/release-notes-8-draft.mdwn	9 Jun 2018 02:05:21 -0000	1.18
@@ -120,5 +120,5 @@
 * mdocml 1.14.1
 * acpica 20170303
 * ntp 4.2.8p11-o
-* dhcpcd 7.0.3
+* dhcpcd 7.0.5b
 * Lua 5.3.4

Some ARM stuff
Index: wikisrc/users/maya/release-notes-8-draft.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/users/maya/release-notes-8-draft.mdwn,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- wikisrc/users/maya/release-notes-8-draft.mdwn	8 Jun 2018 10:19:29 -0000	1.16
+++ wikisrc/users/maya/release-notes-8-draft.mdwn	8 Jun 2018 10:28:59 -0000	1.17
@@ -84,9 +84,12 @@
 
 ARM:
 
-* Add support for NVIDIA Tegra K1 SoC.
-* Add support for Allwinner H2+ and H3 SoCs.
-* FDT  
+* arm: Add FDT support.
+* arm: Add driver for ARM Power State Coordination Interface (PSCI).
+* sunxi: Add support for Allwinner A83T, H2+, and H3 SoCs.
+* tegra: Add support for NVIDIA Tegra K1 SoC.
+* omap: Add support for AM335x GPIO.
+* vexpress: Add support for ARM VExpress-A15 (QEMU).
 XXX elaborate
 
 MIPS:

Index: wikisrc/users/maya/release-notes-8-draft.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/users/maya/release-notes-8-draft.mdwn,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- wikisrc/users/maya/release-notes-8-draft.mdwn	8 Jun 2018 10:16:58 -0000	1.15
+++ wikisrc/users/maya/release-notes-8-draft.mdwn	8 Jun 2018 10:19:29 -0000	1.16
@@ -84,7 +84,9 @@
 
 ARM:
 
-* awin, FDT  
+* Add support for NVIDIA Tegra K1 SoC.
+* Add support for Allwinner H2+ and H3 SoCs.
+* FDT  
 XXX elaborate
 
 MIPS:

SD/MMC improvements
Index: wikisrc/users/maya/release-notes-8-draft.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/users/maya/release-notes-8-draft.mdwn,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- wikisrc/users/maya/release-notes-8-draft.mdwn	20 Apr 2018 12:29:19 -0000	1.14
+++ wikisrc/users/maya/release-notes-8-draft.mdwn	8 Jun 2018 10:16:58 -0000	1.15
@@ -27,6 +27,7 @@
   * NET_MPSAFE kernel option is required to try
   * Only the components listed below are MP-safe for now
 * WAPBL stability and performance improvements
+* SD/MMC: Add support for SD UHS-I and MMC HS200.
 
 Custom:
 

pr-list is no more.
Index: wikisrc/releng.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng.mdwn,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- wikisrc/releng.mdwn	16 May 2018 15:09:57 -0000	1.26
+++ wikisrc/releng.mdwn	5 Jun 2018 20:25:53 -0000	1.27
@@ -26,7 +26,6 @@
   + [NetBSD 7.0.2](http://www.netbsd.org/releases/formal-7/NetBSD-7.0.2.html)
     - CVS branch tag: <code>netbsd-7-0</code>
 * [Current pull-up queue for the netbsd-7 branch](http://releng.netbsd.org/cgi-bin/req-7.cgi)
-* [NetBSD 7 open problem report summary](http://releng.NetBSD.org/pr-list.html)
 
 ### NetBSD 6.x
 

xen: partially catch up to modern situation
Index: wikisrc/ports/xen/howto.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/ports/xen/howto.mdwn,v
retrieving revision 1.141
retrieving revision 1.142
diff -u -r1.141 -r1.142
--- wikisrc/ports/xen/howto.mdwn	15 Dec 2017 16:40:59 -0000	1.141
+++ wikisrc/ports/xen/howto.mdwn	29 May 2018 01:09:16 -0000	1.142
@@ -51,7 +51,7 @@
 and running domUs under it (NetBSD and other), and also running NetBSD
 as a domU in a VPS.
 
-Xen 3.1 in pkgsrc supports "PCI passthrough", which means that
+Xen 3.1 in pkgsrc used to support "PCI passthrough", which means that
 specific PCI devices can be made available to a specific domU instead
 of the dom0.  This can be useful to let a domU run X11, or access some
 network interface or other peripheral.
@@ -121,20 +121,26 @@
 an i386 dom0, if it turns out that an amd64 Xen kernel and an i386
 dom0 is problematic.)
 
-xenkernel45 provides Xen 4.5.  As of 2016-12, security patches were
-released by Xen and applied to pkgsrc.  Xen 4.5 runs on amd64 hardware
-only.  While slightly old, 4.5 has been tested and run by others, so
-it is the conservative choice.
-
-xenkernel46 provides Xen 4.6.  It is new to pkgsrc as of 2016-05.  As
-of 2016-12, security patches were released by Xen and applied to
-pkgsrc.  Xen 4.6 runs on amd64 hardware only For new installations,
-4.6 is probably the appropriate choice and it will likely soon be the
-standard approach.  (If using Ubuntu guests, be sure to have the
-xentools46 from December, 2016).
+xenkernel45 provides Xen 4.5.  Security advisories released in 2018-05
+did not include support for 4.5.  Xen 4.5 and newer runs on amd64
+hardware only.  While slightly old, 4.5 has been tested and run by
+others, so it is a very conservative choice.
+
+xenkernel46 provides Xen 4.6, and was added to pkgsrc as of 2016-05.
+As of 2018-05, security patches were released by Xen and are expected
+to be applied to pkgsrc.  Xen 4.6 runs on amd64 hardware only.  (If
+using Ubuntu guests, be sure to have the xentools46 from December,
+2016).  4.6 is perhaps an old choice, or perhaps the standard
+approach.
+
+Xen 4.7 was released in 2016-06 and is not in pkgsrc.
+
+xenkernel48 provides Xen 4.8, and was added to pkgsrc in 2017-03.  As
+of 2018-05, security patches were released by Xen and are expected to
+be applied to pkgsrc.  4.8 is perhaps the standard choice, or perhaps
+slightly new.
 
-Xen 4.7 (released 2016-06) and 4.8 (released 2016-12) are not yet in
-pkgsrc.
+Xen 4.9 and 4.10 are not in pkgsrc.
 
 See also the [Xen Security Advisory page](http://xenbits.xen.org/xsa/).
 
@@ -168,18 +174,16 @@
 NetBSD
 ------
 
-The netbsd-6, netbsd-7, and -current branches are all reasonable
+The netbsd-7, netbsd-8, and -current branches are all reasonable
 choices, with more or less the same considerations for non-Xen use.
 Therefore, netbsd-7 is recommended as the stable version of the most
-recent release for production use.  In addition, netbsd-7 and -current
-have a important scheduler fix (in November of 2015) affecting
-contention between dom0 and domUs; see
+recent release for production use.  (Note that netbsd-7 (and therefore
+8/current) have a important scheduler fix (in November of 2015)
+affecting contention between dom0 and domUs; see
 https://releng.netbsd.org/cgi-bin/req-7.cgi?show=1040 for a
-description.  For those wanting to learn Xen or without production
-stability concerns, netbsd-7 is still likely most appropriate, but
--current is also a reasonable choice.  (Xen runs ok on netbsd-5, but
-the xentools packages are likely difficult to build, and netbsd-5 is
-not supported.)
+description.)  For production, netbsd-7 is appropriate.  For learning,
+netbsd-8 is appropriate.  For developing Xen, netbsd-current may be
+appropriate.
 
 As of NetBSD 6, a NetBSD domU will support multiple vcpus.  There is
 no SMP support for NetBSD as dom0.  (The dom0 itself doesn't really
@@ -242,10 +246,12 @@
 Recommendation
 --------------
 
-Therefore, this HOWTO recommends running xenkernel45 or xenkernel46,
-xl, the NetBSD 7 stable branch, and to use an amd64 kernel as the
-dom0.  Either the i386PAE or amd64 version of NetBSD may be used as
-domUs.
+Therefore, this HOWTO recommends running xenkernel46, xl, the NetBSD 7
+stable branch, and therefore to use an amd64 kernel as the dom0.
+Either the i386PAE or amd64 version of NetBSD may be used as domUs.
+
+A tentative replacement recommendation is xenkernel48, xl, and NetBSD
+8.
 
 Because bugs are fixed quite often, and because of Xen security
 advisories, it is good to stay up to date with NetBSD (tracking a
@@ -332,6 +338,10 @@
 have to be bigger than the sum of the RAM/disk needs of the dom0 and
 all the domUs.
 
+In 2018-05, trouble booting a dom0 was reported with 256M of RAM: with
+512M it worked reliably.  This does not make sense, but if you see
+"not ELF" after Xen boots, try increasing dom0 RAM.
+
 Styles of dom0 operation
 ------------------------
 
@@ -429,12 +439,12 @@
 Add a line to to /boot.cfg to boot Xen.  See boot.cfg(5) for an
 example.  The basic line is
 
-        menu=Xen:load /netbsd-XEN3_DOM0.gz console=pc;multiboot /xen.gz dom0_mem=256M
+        menu=Xen:load /netbsd-XEN3_DOM0.gz console=pc;multiboot /xen.gz dom0_mem=512M
 
-which specifies that the dom0 should have 256M, leaving the rest to be
+which specifies that the dom0 should have 512M, leaving the rest to be
 allocated for domUs.  To use a serial console, use
 
-        menu=Xen:load /netbsd-XEN3_DOM0.gz;multiboot /xen.gz dom0_mem=256M console=com1 com1=9600,8n1
+        menu=Xen:load /netbsd-XEN3_DOM0.gz;multiboot /xen.gz dom0_mem=512M console=com1 com1=9600,8n1
 
 which will use the first serial port for Xen (which counts starting
 from 1, unlike NetBSD which counts starting from 0), forcing
@@ -602,8 +612,8 @@
         # Install secondary boot loader
         cp -p /usr/mdec/boot /
         # Create boot.cfg following earlier guidance:
-        menu=Xen:load /netbsd-XEN3PAE_DOM0.gz console=pc;multiboot /xen.gz dom0_mem=256M
-        menu=Xen.ok:load /netbsd-XEN3PAE_DOM0.ok.gz console=pc;multiboot /xen.ok.gz dom0_mem=256M
+        menu=Xen:load /netbsd-XEN3PAE_DOM0.gz console=pc;multiboot /xen.gz dom0_mem=512M
+        menu=Xen.ok:load /netbsd-XEN3PAE_DOM0.ok.gz console=pc;multiboot /xen.ok.gz dom0_mem=512M
         menu=GENERIC:boot
         menu=GENERIC single-user:boot -s
         menu=GENERIC.ok:boot netbsd.ok
@@ -872,7 +882,7 @@
 
 Modern x86 hardware has vast amounts of resources.  However, many
 virtual servers can function just fine on far less.  A system with
-256M of RAM and a 4G disk can be a reasonable choice.  Note that it is
+512M of RAM and a 4G disk can be a reasonable choice.  Note that it is
 far easier to adjust virtual resources than physical ones.  For
 memory, it's just a config file edit and a reboot.  For disk, one can
 create a new file and vnconfig it (or lvm), and then dump/restore,

No lkm.
Index: wikisrc/guide/rc.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/guide/rc.mdwn,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- wikisrc/guide/rc.mdwn	19 Jun 2015 19:18:31 -0000	1.5
+++ wikisrc/guide/rc.mdwn	28 May 2018 01:49:26 -0000	1.6
@@ -20,7 +20,6 @@
  * `/etc/rc`
  * `/etc/rc.conf`
  * `/etc/rc.d/*`
- * `/etc/rc.lkm`
  * `/etc/rc.local`
  * `/etc/rc.shutdown`
  * `/etc/rc.subr`
@@ -55,10 +54,6 @@
 There are some special scripts outside the `rc.d` directory, which are also
 run:
 
- * `/etc/rc.lkm` loads or unloads Loadable Kernel Modules (LKMs). See
-   [[!template id=man name="modload" section="8"]]
-   and `/etc/rc.d/lkm[123]`.
-
  * `/etc/rc.local` is almost the last script called at boot up. This script can
    be edited by the administrator to start local daemons that don't fit the
    rc.d model, or do maintenance that should be done only once at startup.

Make it clear that qemu module is not a kernel module
Index: wikisrc/users/kamil/qemu.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/users/kamil/qemu.mdwn,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- wikisrc/users/kamil/qemu.mdwn	27 May 2018 09:41:46 -0000	1.2
+++ wikisrc/users/kamil/qemu.mdwn	27 May 2018 09:53:16 -0000	1.3
@@ -63,7 +63,7 @@
 guest-agent    | build the QEMU Guest Agent                         | unknown, probably broken
 guest-agent-msi| build guest agent Windows MSI installation package | unknown, probably broken
 pie            | Position Independent Executables                   | should work
-modules        | modules support                                    | unknown, should work
+modules        | QEMU modules support (not kernel modules)          | unknown, should work
 debug-tcg      | TCG debugging (default is disabled)                | should work
 debug-info     | debugging information                              | should work
 sparse         | sparse checker                                     | should work

Change the syntax attempting to improve the presentation of wiki page
Index: wikisrc/users/kamil/qemu.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/users/kamil/qemu.mdwn,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- wikisrc/users/kamil/qemu.mdwn	27 May 2018 09:32:14 -0000	1.1
+++ wikisrc/users/kamil/qemu.mdwn	27 May 2018 09:41:46 -0000	1.2
@@ -141,19 +141,19 @@
 > HQEMU is a retargetable and multi-threaded dynamic binary translator on multicores. It integrates QEMU and LLVM as its building blocks. The translator in the enhanced QEMU acts as a fast translator with low translation overhead. The optimization-intensive LLVM optimizer running on separate threads dynamically improves code for higher performance. With the hybrid QEMU+LLVM approach, HQEMU can achieve low translation overhead and good translated code quality.
 > HQEMU supports process-level emulation and full-system virtualization. It provides translation modes of running the QEMU translator and LLVM optimizer in one process, or running the LLVM optimizer as a stand-alone optimization server (version 0.13.0).
 
-http://itanium.iis.sinica.edu.tw/hqemu/
+[http://itanium.iis.sinica.edu.tw/hqemu/](http://itanium.iis.sinica.edu.tw/hqemu/)
 
 2. DPDK
 
 > DPDK is a set of libraries and drivers for fast packet processing.
 
-https://dpdk.org/
+[https://dpdk.org/](https://dpdk.org/)
 
 3. The ultimate CPU emulator
 
 > Unicorn is a lightweight multi-platform, multi-architecture CPU emulator framework. 
 
-https://www.unicorn-engine.org/
+[https://www.unicorn-engine.org/](https://www.unicorn-engine.org/)
 
 ## Prioritized tasks
 
@@ -198,12 +198,14 @@
  - The module builds and loads into the kernel (triggering a panic)
  - Revisit the UVM APIs to ship all the needed features of sharing memory between user and kernel that is used by HAXM
 
-```
-https://github.com/krytarowski/haxm/tree/netbsd-1
+> https://github.com/krytarowski/haxm/tree/netbsd-1
+> 
+> $ cd netbsd && make
 
-$ cd netbsd && make
-```
+External links:
 
-https://www.qemu.org/2017/11/22/haxm-usage-windows/
-https://software.intel.com/en-us/articles/intel-hardware-accelerated-execution-manager-intel-haxm
-https://github.com/intel/haxm
+[https://www.qemu.org/2017/11/22/haxm-usage-windows/](https://www.qemu.org/2017/11/22/haxm-usage-windows/)
+
+[https://software.intel.com/en-us/articles/intel-hardware-accelerated-execution-manager-intel-haxm](https://software.intel.com/en-us/articles/intel-hardware-accelerated-execution-manager-intel-haxm)
+
+[https://github.com/intel/haxm](https://github.com/intel/haxm)

Introduce a new file with the QEMU/NetBSD status
Cover basic, optional and external features.
Add notes about prioritized tasks.
Add a section about HAXM.
Add notes about prioritized tasks.

Add a section about HAXM.

Members: 
	users/kamil/qemu.mdwn:INITIAL->1.1 

--- /dev/null	2018-05-27 09:32:00.000000000 +0000
+++ wikisrc/users/kamil/qemu.mdwn	2018-05-27 09:32:29.000000000 +0000
@@ -0,0 +1,209 @@
+QEMU for NetBSD
+
+# Current status
+
+Summary of the current status of QEMU hosted on a NetBSD host.
+
+## What works?
+
+Quick summary:
+
+ - The NetBSD target builds and works out of the box with elementary features.
+
+ - There is a pkgsrc package that ships a recent version.
+
+ - QEMU should work with all currently supported NetBSD versions starting from 6.x.
+
+ - QEMU as of today is not PaX MPROTECT safe.
+
+ - All tests in the check target pass.
+
+ - NetBSD is a maintained platform.
+
+## Standard features matrix
+
+Elementary features for NetBSD are probably well supported.
+
+Name                  | Description                                        | NetBSD status
+----------------------|----------------------------------------------------|--------------
+python                | Python programming language                        | should work
+smbd                  | Samba                                              | net/samba, untested
+git                   | GIT VCS                                            | should work
+debug                 |                                                    | should work
+sanitizers            | ASan, UBSan, ASan headers                          | should work
+sanitizers Fibers     | Asan headers with fibers                           | Futue GCC/Clang should work
+stack-protector       | Stack protector                                    | works
+audio oss             | OSS audio backend                                  | should work
+audio sdl             | SDL audio backend                                  | should work
+coroutine ucontext    |                                                    | should work
+coroutine sigaltstack |                                                    | should work
+coroutine windows     |                                                    | N/A, Windows specific
+slirp                 | User networking                                    | works                     
+tcg-interpreter       | Tiny Code Generator                                | should work
+malloc-trim           | GNU malloc(3) optimization                         | N/A, Linux specific
+gcov                  | Test Coverage Program                              | should work
+gprof                 | GNU profiling                                      | should work
+profiler              |                                                    | should work
+
+
+## Optional feature matrix
+
+Additional features support various extensions,
+most of them are a matter of using the emulator with a 3rd party and are OS independent.
+
+Part of features require OS specific extensions.
+
+Name           | Description                                        | NetBSD status
+---------------|----------------------------------------------------|--------------
+system         | all system emulation targets                       | works
+user           | supported user emulation targets                   | broken
+linux-user     | all linux usermode emulation targets               | N/A
+bsd-user       | all BSD usermode emulation targets                 | broken (FreeBSD ships local patches)
+docs           | build documentation                                | should work
+guest-agent    | build the QEMU Guest Agent                         | unknown, probably broken
+guest-agent-msi| build guest agent Windows MSI installation package | unknown, probably broken
+pie            | Position Independent Executables                   | should work
+modules        | modules support                                    | unknown, should work
+debug-tcg      | TCG debugging (default is disabled)                | should work
+debug-info     | debugging information                              | should work
+sparse         | sparse checker                                     | should work
+gnutls         | GNUTLS cryptography support                        | should work
+nettle         | nettle cryptography support                        | should work
+gcrypt         | libgcrypt cryptography support                     | should work
+sdl            | SDL UI                                             | should work
+--with-sdlabi  |   select preferred SDL ABI 1.2 or 2.0              | should work, not imporant
+gtk            | gtk UI                                             | should work
+--with-gtkabi  |   select preferred GTK ABI 2.0 or 3.0              | should work, not important
+vte            | vte support for the gtk UI                         | should work
+curses         | curses UI                                          | works with native NetBSD 8.0 curses(3) 
+vnc            | VNC UI support                                     | should work
+vnc-sasl       | SASL encryption for VNC server                     | should work
+vnc-jpeg       | JPEG lossy compression for VNC server              | should work
+vnc-png        | PNG compression for VNC server                     | should work
+cocoa          | Cocoa UI (Mac OS X only)                           | N/A, Darwin specific
+virtfs         | VirtFS                                             | probably broken
+mpath          | Multipath persistent reservation passthrough       | unknown, problably not supported
+xen            | xen backend driver support                         | unknown
+xen-pci-passthrough |   PCI passthrough support for Xen             | unknown, probably not supported
+brlapi         | BrlAPI (Braile)                                    | unknown, should work
+curl           | curl connectivity                                  | should work
+membarrier     | membarrier system call (for Linux 4.14+ or Windows)| not supported
+fdt            | fdt device tree                                    | unknown, should work
+bluez          | bluez stack connectivity                           | unknown
+kvm            | KVM acceleration support                           | N/A , Linux specific kernel APIs required in userland
+hax            | HAX acceleration support                           | not ported, Windows/Darwin specific as of today
+hvf            | Hypervisor.framework acceleration support          | not ported, Darwin specific
+whpx           | Windows Hypervisor Platform acceleration support   | N/A
+rdma           | Enable RDMA-based migration and PVRDMA support     | unknown, probably not supported
+vde            | support for vde network                            | probably not supported and Linux specific as of today
+netmap         | support for netmap network                         | not supported (FreeBSD specific?)
+linux-aio      | Linux AIO support                                  | not supported, Linux specific
+cap-ng         | libcap-ng support                                  | not supported, Linux specific
+attr           | attr and xattr support                             | N/A, Linux specific ?
+vhost-net      | vhost-net acceleration support                     | not supported
+vhost-crypto   | vhost-crypto acceleration support                  | not supported
+spice          | spice                                              | unknown, probably not supported
+rbd            | rados block device (rbd)                           | unknown
+libiscsi       | iscsi support                                      | unknown
+libnfs         | nfs support                                        | unknown
+smartcard      | smartcard support (libcacard)                      | unknown
+libusb         | libusb (for usb passthrough)                       | unknown
+live-block-migration |  Block migration in the main migration stream| unknown
+usb-redir      | usb network redirection support                    | unknown
+lzo            | support of lzo compression library                 | should work
+snappy         | support of snappy compression library              | should work
+bzip2          | support of bzip2 compression library               | should work
+seccomp        | seccomp support                                    | Linux specific (?)
+coroutine-pool | coroutine freelist (better performance)            | unknown
+glusterfs      | GlusterFS backend                                  | unknown
+tpm            | TPM support                                        | unknown
+libssh2        | ssh block device support                           | should work
+numa           | libnuma support                                    | not ported
+libxml2        | for Parallels image format                         | should work
+tcmalloc       | tcmalloc support                                   | should work
+jemalloc       | jemalloc support                                   | works
+replication    | replication support                                | not ported, N/A ?, Linux specific
+vhost-vsock    | virtio sockets device support                      | not ported
+opengl         | opengl support                                     | unknown
+virglrenderer  | virgl rendering support                            | unknown
+xfsctl         | xfsctl support                                     | N/A / not ported
+qom-cast-debug | cast debugging support                             | unknown
+tools          | build qemu-io, qemu-nbd and qemu-image tools       | works (userland nbd only)
+vxhs           | Veritas HyperScale vDisk backend support           | N/A ?
+crypto-afalg   | Linux AF_ALG crypto backend driver                 | N/A / not ported
+vhost-user     | vhost-user support                                 | not ported
+capstone       | capstone disassembler support                      | should work
+
+## External features
+
+1. HQEMU
+
+> HQEMU is a retargetable and multi-threaded dynamic binary translator on multicores. It integrates QEMU and LLVM as its building blocks. The translator in the enhanced QEMU acts as a fast translator with low translation overhead. The optimization-intensive LLVM optimizer running on separate threads dynamically improves code for higher performance. With the hybrid QEMU+LLVM approach, HQEMU can achieve low translation overhead and good translated code quality.
+> HQEMU supports process-level emulation and full-system virtualization. It provides translation modes of running the QEMU translator and LLVM optimizer in one process, or running the LLVM optimizer as a stand-alone optimization server (version 0.13.0).
+
+http://itanium.iis.sinica.edu.tw/hqemu/
+
+2. DPDK
+
+> DPDK is a set of libraries and drivers for fast packet processing.
+
+https://dpdk.org/
+
+3. The ultimate CPU emulator
+
+> Unicorn is a lightweight multi-platform, multi-architecture CPU emulator framework. 
+
+https://www.unicorn-engine.org/
+
+## Prioritized tasks
+
+1. Upstream remaining local pkgsrc patches, mostly (old?) NetBSD and SmartOS related ones.
+
+2. Make QEMU PaX MPROTECT safe.
+
+3. Develop NetBSD USER emulation, attempt to either share the code with FreeBSD (bsd-user, old broken, downstream patches) or with Linux (linux-user, recent, actively maintained). Preferred approach is to share as much code with linux-user as possible, regardless of the state of bsd-user.
+
+4. Develop HAXM backend support for the NetBSD kernel.
+
+## HAXM hardware assisted virtualization
+
+Features:
+
+ - Open Source
+ - HAXM is an Intel hardware assisted virtualization.
+ - HAXM supports up to 8 active VMs.
+ - HAXM supports up to 16 active VCPUs per VM.
+ - ioctl(2) based API with statically created devices (/dev/HAX, /dev/haxm_vm/vmXX, /dev/haxm_vm/haxm_vmXX_vcpuYY)
+
+HAXM porting for NetBSD rationale:
+
+ - Relatively low cost (compared to alternatives) to get it aboard to the NetBSD kernel.
+ - Relatively non-intrusive (compared to alternatives like bhyve and KVM)
+ - Scratch but non-functional port for NetBSD is ready.
+ - Active (paid developers) upstream to maintain this
+ - Clean separation between kernel specific and independent parts (there are at least 2 backends: Darwin and Windows)
+ - QEMU frontend already exists, API is ioctl(2) based
+ - Good license (BSD-3-clause) for the kernel driver
+ - Tailored down for desktop users, initially prepared for Android developers
+
+HAXM shortcomings:
+

(Diff truncated)
removed
--- wikisrc/ports/evbarm/allwinner/comment_10_75070471dc4cf65f5f398908c72a373a._comment	2018-05-24 23:52:27.000000000 +0000
+++ /dev/null	2018-05-24 23:50:01.000000000 +0000
@@ -1,25 +0,0 @@
-[[!comment format=mdwn
- username="https://me.yahoo.com/a/zYNsZqc.lcfZKosC1gopiusGDpab.Q--#c9040"
- nickname="Mr."
- subject=" This should simply matters for those who just want a quick boot."
- date="2016-03-06T02:21:00Z"
- content="""
-This configuration is grossly complicated and adds extra configurations which does not make sense to use all. uEnv.txt? So, here is the simple breakdown for someone who just wants to get a working boot on cubietruck. The config files that come with the download seem made only for odroid with some sloppy config to look like it should work for others. 
-
-1.    gunzip armv7.img.gz
-2.    dd if=u-boot-sunxi-with-spl.bin of=armv7.img bs=1k seek=8 conv=notrunc
-3.    dd if=armv7.img of=/dev/rsd0d bs=1m
-4.    mount -t msdos /dev/sd0e /mnt
-5.    cd /mnt
-6.    mkdir old
-7.    mv * old/
-8.    mv old/netbsd-YOURKERNEL.ub ./netbsd.ub
-9.    ---- boot.cmd ----
-10.    setenv bootargs \"root=ld0a console=fb\"
-11.    fatload mmc 0:1 82000000 netbsd.ub; bootm 82000000
-12.    ---- EOF ----
-13.    mkubootimage -A arm -n armv7 -T script boot.cmd boot.scr
-
-Done and bootable now. If the screen goes black after boot, unplug and re-plugin the hdmi cable
-
-"""]]

removed
--- wikisrc/ports/evbarm/allwinner/comment_8_990b15ee77360a52340c57221c14f41f._comment	2018-05-24 23:51:35.000000000 +0000
+++ /dev/null	2018-05-24 23:50:01.000000000 +0000
@@ -1,19 +0,0 @@
-[[!comment format=mdwn
- username="skrll"
- subject="BPI boot"
- date="2016-02-24T08:10:56Z"
- content="""
-I have the following for my BPI
-
-bpi# cat /boot/uEnv.txt                                                        
-bootargs=root=wd0a -v c0nsole=fb fb.margin=60 armv7.dcache=1
-aload_script=fatload mmc 0 0x43000000 bananapi/script.bin;
-aload_kernel=fatload mmc 0 0x48000000 netbsd.ub; bootm 0x48000000;
-uenvcmd=run aload_script aload_kernel
-bpi#
-
-with this version of u-boot:
-U-Boot 2014.04-10693-gf954935 (Aug 06 2014 - 11:18:37) Allwinner Technology
-
-Maybe this explains the boot problems people have seen. Any further problems please send-pr.
-"""]]

removed
--- wikisrc/ports/evbarm/allwinner/comment_7_363f58e23b9df9203bf4bafbfa3dedf7._comment	2018-05-24 23:50:54.000000000 +0000
+++ /dev/null	2018-05-24 23:50:01.000000000 +0000
@@ -1,12 +0,0 @@
-[[!comment format=mdwn
- username="soxxxz@e8c88b529498ba028942e1dd078d9db85b32dcf0"
- nickname="soxxxz"
- subject="failed boot"
- date="2016-02-20T22:48:12Z"
- content="""
-I downloaded armv7.img from official FTP, dd'd u-boot-sunxi-with-spl.bin to it, made boot.cmd as per instructions and connected BPI to a Samsung LED TV via hdmi cable. I see the initial boot, however it fails with a black screen after \"transferring control to NetBSD stage-2 loader (at address 40007800)\". What am I doing wrong?
-
-Here is the picture of boot-up: http://imgur.com/uMNI7ay
-
-I initially thought it was a screen resolution problem, but I tried everything in uEnv.txt without success.
-"""]]

removed
--- wikisrc/ports/evbarm/allwinner/comment_7_f7e0af2d35ad5ec4e8a2897609725f68._comment	2018-05-24 23:50:21.000000000 +0000
+++ /dev/null	2018-05-24 23:50:01.000000000 +0000
@@ -1,8 +0,0 @@
-[[!comment format=mdwn
- username="https://me.yahoo.com/a/zYNsZqc.lcfZKosC1gopiusGDpab.Q--#c9040"
- nickname="Mr."
- subject="comment 7"
- date="2016-01-22T14:48:53Z"
- content="""
-New sources have multiple kernels listed like netbsd-CUBIETRUCK.ub .  Kernel wouldn't boot until I renamed it to netbsd.ub instead of just pointing to netbsd-CUBIETRUCK.ub.
-"""]]

Editorial nits
Index: wikisrc/tutorials/how_to_enable_and_run_dtrace.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/tutorials/how_to_enable_and_run_dtrace.mdwn,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- wikisrc/tutorials/how_to_enable_and_run_dtrace.mdwn	24 May 2018 17:37:35 -0000	1.23
+++ wikisrc/tutorials/how_to_enable_and_run_dtrace.mdwn	24 May 2018 17:38:58 -0000	1.24
@@ -85,7 +85,7 @@
     29141       proc                                                     lwp_exit
 
 
-##  Running hello world 
+## Running hello world 
 
 Put the following into the file hello.d:
     
@@ -138,7 +138,7 @@
 'sleep.d' matched 59268 probes".  Then execute a "sleep 2" in another
 shell.
 
-## Tools included base
+## Tools included in base
 
 Starting with NetBSD-8, on builds where `MKDTRACE=yes` is set, scripts from
 [Brendan Gregg's DTrace toolkit](https://github.com/opendtrace/toolkit/) are installed in base as standard.

Make the dtrace example script that purported to trace the execution
of a sleep operation in the kernel actually do that. Also, don't
print the argument to syscall(), which is a trap frame pointer, as an
integer labeled "fd", because that just doesn't make any sense. Also,
add a section heading.
Index: wikisrc/tutorials/how_to_enable_and_run_dtrace.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/tutorials/how_to_enable_and_run_dtrace.mdwn,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- wikisrc/tutorials/how_to_enable_and_run_dtrace.mdwn	13 Oct 2017 08:24:18 -0000	1.22
+++ wikisrc/tutorials/how_to_enable_and_run_dtrace.mdwn	24 May 2018 17:37:35 -0000	1.23
@@ -105,29 +105,38 @@
       0      1                           :BEGIN   Hello world
     
 
-A more complex example that traces the execution of a sleep operation
+## A more complex example
+
+The following script traces the execution of a sleep operation
 in the kernel. Put it in sleep.d:
     
     #pragma D option flowindent
-    
-    fbt::syscall:entry
+
+    syscall::nanosleep:entry
     /execname == "sleep" && guard++ == 0/
     {
             self->traceme = 1;
-            printf("fd: %d", arg0);
     }
-    
-    fbt::syscall:entry /self->traceme/ {}
-    
-    fbt::syscall:return
+
+    fbt:::
+    /self->traceme/
+    {}
+
+    syscall::nanosleep:return
     /self->traceme/
     {
             self->traceme = 0;
             exit(0);
     }
-    
 
-Start the script running (dtrace -s sleep.d) and then execute a "sleep 2" in another shell. 
+Start the script running:
+
+    dtrace -s sleep.d
+
+This will take a while as the script instruments every function in the
+kernel. When it's ready, it will print a message like "dtrace: script
+'sleep.d' matched 59268 probes".  Then execute a "sleep 2" in another
+shell.
 
 ## Tools included base
 

CAN controller is supported
Index: wikisrc/ports/evbarm/allwinner.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/ports/evbarm/allwinner.mdwn,v
retrieving revision 1.90
retrieving revision 1.91
diff -u -r1.90 -r1.91
--- wikisrc/ports/evbarm/allwinner.mdwn	15 May 2018 23:06:29 -0000	1.90
+++ wikisrc/ports/evbarm/allwinner.mdwn	23 May 2018 21:14:50 -0000	1.91
@@ -57,6 +57,7 @@
   </thead>
   <tbody>
     <tr><td>Audio codec</td><td>Yes</td><td>Supported on sun4i, sun5i, sun6i, sun7i, sun8i-h2+, sun8i-h3, sun50i-h5, sun50i-a64</td></tr>
+    <tr><td>CAN controller</td><td>Yes</td><td></td></tr>
     <tr><td>Crypto engine</td><td>-</td><td></td></tr>
     <tr><td>CSI</td><td>-</td><td></td></tr>
     <tr><td>DMA</td><td>Yes</td><td></td></tr>

Add 17h.
Index: wikisrc/security/meltdown_spectre.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/meltdown_spectre.mdwn,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- wikisrc/security/meltdown_spectre.mdwn	22 May 2018 16:31:29 -0000	1.35
+++ wikisrc/security/meltdown_spectre.mdwn	23 May 2018 07:47:07 -0000	1.36
@@ -159,7 +159,7 @@
 
 #### Mitigation F: AMD NONARCH
 
-Available only on AMD families 15h and 16h. It can be dynamically
+Available only on AMD families 15h, 16h and 17h. It can be dynamically
 enabled/disabled by changing the "mitigated" sysctl.
 
 ## External Resources

Cross off uefi countdown being invisible thing. thanks, jakllsch.
Index: wikisrc/releng/netbsd8.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/netbsd8.mdwn,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -r1.50 -r1.51
--- wikisrc/releng/netbsd8.mdwn	16 May 2018 14:16:25 -0000	1.50
+++ wikisrc/releng/netbsd8.mdwn	22 May 2018 18:24:49 -0000	1.51
@@ -31,7 +31,7 @@
 
 * [[!template id=pr number=53291]]: GPT prevents installation
 
-* [[!template id=pr number=53292]]: uefi boot countdown is invisible
+* ~~[[!template id=pr number=53292]]: uefi boot countdown is invisible~~
 
 * [[!template id=pr number=53294]]: ixg(4) stops receiving pkts /!\
 

Drop VIA, they haven't said a word in six months, that's not serious.
Index: wikisrc/security/meltdown_spectre.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/meltdown_spectre.mdwn,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- wikisrc/security/meltdown_spectre.mdwn	22 May 2018 10:55:21 -0000	1.34
+++ wikisrc/security/meltdown_spectre.mdwn	22 May 2018 16:31:29 -0000	1.35
@@ -11,10 +11,8 @@
 Port		|Vendor/Model	|Spectre (V1)	|NetBSD-7	|NetBSD-8	|NetBSD-current
 amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-amd64		|VIA		|Unknown	|		|		|
 i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-i386		|VIA		|Unknown	|		|		|
 mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 mips		|MIPS (others)	|Not vulnerable	|		|		|
@@ -40,10 +38,8 @@
 Port		|Vendor/Model	|Spectre (V2)	|NetBSD-7	|NetBSD-8	|NetBSD-current
 amd64		|Intel		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigB] [MitigD]
 amd64		|AMD		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigC] [MitigD]
-amd64		|VIA		|Unknown	|		|		|
 i386		|Intel		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigD]
 i386		|AMD		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigC] [MitigD]
-i386		|VIA		|Unknown	|		|		|
 mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 mips		|MIPS (others)	|Not vulnerable	|		|		|
@@ -69,10 +65,8 @@
 Port		|Vendor/Model	|Meltdown (V3)	|NetBSD-7	|NetBSD-8	|NetBSD-current
 amd64		|Intel		|Vulnerable	|Not fixed	|Fixed [MitigA]	|Fixed [MitigA]
 amd64		|AMD		|Not vulnerable	|		|		|
-amd64		|VIA		|Unknown	|		|		|
 i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 i386		|AMD		|Not vulnerable	|		|		|
-i386		|VIA		|Unknown	|		|		|
 mips		|(all)		|Not vulnerable	|		|		|
 ia64		|Intel		|Not vulnerable	|		|		|
 riscv		|(spec)		|Not vulnerable	|		|		|
@@ -94,10 +88,8 @@
 Port		|Vendor/Model	|Spectre (V4)	|NetBSD-7	|NetBSD-8	|NetBSD-current
 amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigE]
 amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigF]
-amd64		|VIA		|Unknown	|		|		|
 i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigE]
 i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigF]
-i386		|VIA		|Unknown	|		|		|
 arm		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 arm		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 arm		|ARM Cortex-A73	|Vulnerable	|Not fixed	|Not fixed	|Not fixed

Put the port names for arm and mips. No one has tried to determine which
cpu model is associated with which port name on NetBSD, so just put
"arm"/"mips".
Reduce the size of the tabs. The unaffected CPUs fall in the "others"
category.
Add ARM for SpectreV4, four models are affected.
Add ARM for SpectreV4, four models are affected.

Members: 
	security/meltdown_spectre.mdwn:1.33->1.34 

Index: wikisrc/security/meltdown_spectre.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/meltdown_spectre.mdwn,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- wikisrc/security/meltdown_spectre.mdwn	22 May 2018 10:29:24 -0000	1.33
+++ wikisrc/security/meltdown_spectre.mdwn	22 May 2018 10:55:21 -0000	1.34
@@ -15,23 +15,23 @@
 i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 i386		|VIA		|Unknown	|		|		|
-		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|MIPS (others)	|Not vulnerable	|		|		|
+mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+mips		|MIPS (others)	|Not vulnerable	|		|		|
 ia64		|Intel		|Not vulnerable	|		|		|
-riscv		|(Spec.)	|Not vulnerable	|		|		|
-		|ARM Cortex-R7	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-R8	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A8	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A9	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A12	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A15	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A17	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A73	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM (others)	|Not vulnerable	|		|		|
+riscv		|(spec)		|Not vulnerable	|		|		|
+arm		|ARM Cortex-R7	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-R8	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A8	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A9	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A12	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A15	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A17	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A73	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM (others)	|Not vulnerable	|		|		|
 """]]
 
 ## Spectre Variant 2
@@ -44,23 +44,23 @@
 i386		|Intel		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigD]
 i386		|AMD		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigC] [MitigD]
 i386		|VIA		|Unknown	|		|		|
-		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|MIPS (others)	|Not vulnerable	|		|		|
+mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+mips		|MIPS (others)	|Not vulnerable	|		|		|
 ia64		|Intel		|Not vulnerable	|		|		|
-riscv		|(Spec.)	|Not vulnerable	|		|		|
-		|ARM Cortex-R7	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-R8	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A8	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A9	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A12	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A15	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A17	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A73	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM (others)	|Not vulnerable	|		|		|
+riscv		|(spec)		|Not vulnerable	|		|		|
+arm		|ARM Cortex-R7	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-R8	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A8	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A9	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A12	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A15	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A17	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A73	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM (others)	|Not vulnerable	|		|		|
 """]]
 
 ## Meltdown
@@ -73,23 +73,14 @@
 i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 i386		|AMD		|Not vulnerable	|		|		|
 i386		|VIA		|Unknown	|		|		|
-		|MIPS P5600	|Not vulnerable	|		|		|
-		|MIPS P6600	|Not vulnerable	|		|		|
-		|MIPS (others)	|Not vulnerable	|		|		|
+mips		|(all)		|Not vulnerable	|		|		|
 ia64		|Intel		|Not vulnerable	|		|		|
-riscv		|(Spec.)	|Not vulnerable	|		|		|
-		|ARM Cortex-R7	|Not vulnerable	|		|		|
-		|ARM Cortex-R8	|Not vulnerable	|		|		|
-		|ARM Cortex-A8	|Not vulnerable	|		|		|
-		|ARM Cortex-A9	|Not vulnerable	|		|		|
-		|ARM Cortex-A12	|Not vulnerable	|		|		|
-		|ARM Cortex-A15	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A17	|Not vulnerable	|		|		|
-		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM Cortex-A73	|Not vulnerable	|		|		|
-		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-		|ARM (others)	|Not vulnerable	|		|		|
+riscv		|(spec)		|Not vulnerable	|		|		|
+arm		|ARM Cortex-A15	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM (others)	|Not vulnerable	|		|		|
 """]]
 
 ## Spectre Variant 3a
@@ -107,6 +98,11 @@
 i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigE]
 i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigF]
 i386		|VIA		|Unknown	|		|		|
+arm		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A73	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+arm		|ARM (others)	|Not vulnerable	|		|		|
 """]]
 
 ## Mitigations

Improve wording.
Index: wikisrc/security/meltdown_spectre.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/meltdown_spectre.mdwn,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- wikisrc/security/meltdown_spectre.mdwn	22 May 2018 10:26:00 -0000	1.32
+++ wikisrc/security/meltdown_spectre.mdwn	22 May 2018 10:29:24 -0000	1.33
@@ -166,8 +166,8 @@
 
 #### Mitigation E: Intel SSBD
 
-Available on Intel only for now. It can be dynamically enabled/disabled by
-changing the "mitigated" sysctl.
+Available only on Intel (for now). It can be dynamically enabled/disabled
+by changing the "mitigated" sysctl.
 
 #### Mitigation F: AMD NONARCH
 

Mention the SpectreV4 mitigation for AMD families 15h and 16h.
Index: wikisrc/security/meltdown_spectre.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/meltdown_spectre.mdwn,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- wikisrc/security/meltdown_spectre.mdwn	22 May 2018 08:24:53 -0000	1.31
+++ wikisrc/security/meltdown_spectre.mdwn	22 May 2018 10:26:00 -0000	1.32
@@ -102,10 +102,10 @@
 [[!table data="""
 Port		|Vendor/Model	|Spectre (V4)	|NetBSD-7	|NetBSD-8	|NetBSD-current
 amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigE]
-amd64		|AMD		|Unknown	|		|		|
+amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigF]
 amd64		|VIA		|Unknown	|		|		|
 i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigE]
-i386		|AMD		|Unknown	|		|		|
+i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigF]
 i386		|VIA		|Unknown	|		|		|
 """]]
 
@@ -126,10 +126,10 @@
 [[!template id=programlisting text="""
 machdep.spectre_v2.hwmitigated = {0/1} user-settable
 machdep.spectre_v2.swmitigated = {0/1} set by the kernel
-machdep.spectre_v2.method = {string} set by the kernel
+machdep.spectre_v2.method = {string} constructed by the kernel
 """]]
 
-Only hwmitigated can be set by the user. When set to one, the kernel will
+Only "hwmitigated" can be set by the user. When set to one, the kernel will
 determine the best hardware mitigation available for the currently
 running CPU, and will apply it.
 
@@ -150,11 +150,29 @@
 Software mitigation. It is enabled by default in GENERIC. When enabled,
 the "swmitigated" sysctl is set to one.
 
-### Mitigation E: Intel SSBD
+### Mitigations E, F
 
-SpectreV4 can be mitigated with the SSBD method (Intel only for now). It
-can be dynamically enabled by changing the "machdep.spectre_v4.mitigated"
-sysctl.
+There are two available mitigations for SpectreV4. Their availability
+depends on the CPU model and the microcode or BIOS revision.
+
+[[!template id=programlisting text="""
+machdep.spectre_v4.mitigated = {0/1} user-settable
+machdep.spectre_v4.method = {string} constructed by the kernel
+"""]]
+
+Only "mitigated" can be set by the user. When set to one, the kernel will
+determine the best hardware mitigation available for the currently
+running CPU, and will apply it.
+
+#### Mitigation E: Intel SSBD
+
+Available on Intel only for now. It can be dynamically enabled/disabled by
+changing the "mitigated" sysctl.
+
+#### Mitigation F: AMD NONARCH
+
+Available only on AMD families 15h and 16h. It can be dynamically
+enabled/disabled by changing the "mitigated" sysctl.
 
 ## External Resources
 

Clarify SpectreV2, and fix the description of SpectreV3a.
Index: wikisrc/security/meltdown_spectre.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/meltdown_spectre.mdwn,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- wikisrc/security/meltdown_spectre.mdwn	22 May 2018 07:37:22 -0000	1.30
+++ wikisrc/security/meltdown_spectre.mdwn	22 May 2018 08:24:53 -0000	1.31
@@ -94,8 +94,8 @@
 
 ## Spectre Variant 3a
 
-This issue will be addressed in future microcode updates. No software
-change is required.
+This issue will be addressed in future microcode updates on x86. No
+software change is required.
 
 ## Spectre Variant 4
 
@@ -116,24 +116,39 @@
 Meltdown is mitigated with the SVS feature. It can be dynamically disabled
 by changing the "machdep.svs.enabled" sysctl.
 
-### Mitigation B: Intel IBRS
+### Mitigations B, C, D
 
-SpectreV2 can be mitigated with the IBRS method (Intel only for now). If
-the CPU supports this method, it is used automatically. It can be
-dynamically disabled by changing the "machdep.spectre_v2.mitigated"
-sysctl.
+There is no unified mitigation for SpectreV2. Rather, a set of mitigations
+are available, in both hardware and software.
+
+Three sysctls exist, under the machdep.spectre_v2 node:
+
+[[!template id=programlisting text="""
+machdep.spectre_v2.hwmitigated = {0/1} user-settable
+machdep.spectre_v2.swmitigated = {0/1} set by the kernel
+machdep.spectre_v2.method = {string} set by the kernel
+"""]]
+
+Only hwmitigated can be set by the user. When set to one, the kernel will
+determine the best hardware mitigation available for the currently
+running CPU, and will apply it.
+
+#### Mitigation B: Intel IBRS
+
+Hardware mitigation, Intel only (for now). If the CPU supports this method,
+it is used automatically by the kernel. It can be dynamically
+enabled/disabled by changing the "hwmitigated" sysctl.
 
-### Mitigation C: AMD DIS_IND
+#### Mitigation C: AMD DIS_IND
 
-SpectreV2 can be mitigated with the DIS_IND method, available only on a
-few AMD families. If the CPU supports this method, it is used
-automatically. It can be dynamically disabled by changing the
-"machdep.spectre_v2.mitigated" sysctl.
+Hardware mitigation, available only on a few AMD families. If the CPU
+supports this method, it is used automatically by the kernel. It can be
+dynamically enabled/disabled by changing the "hwmitigated" sysctl.
 
-### Mitigation D: Retpoline
+#### Mitigation D: GCC Retpoline
 
-SpectreV2 is mitigated in the kernel with the GCC "retpoline" compilation
-flag, which is enabled by default in GENERIC.
+Software mitigation. It is enabled by default in GENERIC. When enabled,
+the "swmitigated" sysctl is set to one.
 
 ### Mitigation E: Intel SSBD
 

Mention SpectreV3a.
Index: wikisrc/security/meltdown_spectre.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/meltdown_spectre.mdwn,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- wikisrc/security/meltdown_spectre.mdwn	22 May 2018 07:27:25 -0000	1.29
+++ wikisrc/security/meltdown_spectre.mdwn	22 May 2018 07:37:22 -0000	1.30
@@ -92,6 +92,11 @@
 		|ARM (others)	|Not vulnerable	|		|		|
 """]]
 
+## Spectre Variant 3a
+
+This issue will be addressed in future microcode updates. No software
+change is required.
+
 ## Spectre Variant 4
 
 [[!table data="""

Add Spectre Variant 4.
Index: wikisrc/security/meltdown_spectre.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/meltdown_spectre.mdwn,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- wikisrc/security/meltdown_spectre.mdwn	4 May 2018 07:34:51 -0000	1.28
+++ wikisrc/security/meltdown_spectre.mdwn	22 May 2018 07:27:25 -0000	1.29
@@ -92,6 +92,18 @@
 		|ARM (others)	|Not vulnerable	|		|		|
 """]]
 
+## Spectre Variant 4
+
+[[!table data="""
+Port		|Vendor/Model	|Spectre (V4)	|NetBSD-7	|NetBSD-8	|NetBSD-current
+amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigE]
+amd64		|AMD		|Unknown	|		|		|
+amd64		|VIA		|Unknown	|		|		|
+i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigE]
+i386		|AMD		|Unknown	|		|		|
+i386		|VIA		|Unknown	|		|		|
+"""]]
+
 ## Mitigations
 
 ### Mitigation A: SVS
@@ -118,6 +130,12 @@
 SpectreV2 is mitigated in the kernel with the GCC "retpoline" compilation
 flag, which is enabled by default in GENERIC.
 
+### Mitigation E: Intel SSBD
+
+SpectreV4 can be mitigated with the SSBD method (Intel only for now). It
+can be dynamically enabled by changing the "machdep.spectre_v4.mitigated"
+sysctl.
+
 ## External Resources
 
 * [MIPS Blog Post](https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/)

minor spelling mistakes
Index: wikisrc/releng.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng.mdwn,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- wikisrc/releng.mdwn	16 May 2018 13:39:13 -0000	1.25
+++ wikisrc/releng.mdwn	16 May 2018 15:09:57 -0000	1.26
@@ -6,12 +6,12 @@
 
 ## Next Major Release
 
-The next major release will be NetBSD 8.0.  A first release candidate is [availabel](https://blog.netbsd.org/tnf/entry/netbsd_8_0_release_candidate), no final date for the release has been set yet.
+The next major release will be NetBSD 8.0.  A first release candidate is [available](https://blog.netbsd.org/tnf/entry/netbsd_8_0_release_candidate), no final date for the release has been set yet.
 
 * Next release: NetBSD 8.0
   + CVS branch tag: <code>netbsd-8</code>
 
-Please give a look to the [[NetBSD 8.0 pre-release tasklist|netbsd8]] for more
+Please give a look to the [[NetBSD 8.0 pre-release task list|netbsd8]] for more
 information about open issues and progress.
 
 ## Active Major Releases

Add bug bountys and mark show stoppers
Index: wikisrc/releng/netbsd8.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/netbsd8.mdwn,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -r1.49 -r1.50
--- wikisrc/releng/netbsd8.mdwn	16 May 2018 13:48:50 -0000	1.49
+++ wikisrc/releng/netbsd8.mdwn	16 May 2018 14:16:25 -0000	1.50
@@ -15,24 +15,32 @@
 * ~~[[!template id=pr number=53096]]: netbsd-8 crash on heavy disk I/O~~ (done)
 
 * [[!template id=pr number=53053]]: non-MULTIPROCESSOR hangs building Go (still reproducable with newer go?)  
-  [[!template id=pr number=53173]]: "go test net/http" locks up the machine
+  [[!template id=pr number=53173]]: "go test net/http" locks up the machine (both PRs tied /!\ )
 
-* [[!template id=pr number=53016]]: Clock not stable
+* [[!template id=pr number=53016]]: Clock not stable /!\
 
 * [[!template id=pr number=53017]]: Kernel panics every now and then with "fpusave_lwp: did not" message
 
 * [[!template id=pr number=53143]]: NetBSD 8 panic related to procfs (unclear?)
 
-* [[!template id=pr number=53155]]: Wedge after <12h uptime when >2 bnx network interfaces in use
+* [[!template id=pr number=53155]]: Wedge after <12h uptime when >2 bnx network interfaces in use /!\
 
 * [[!template id=pr number=53161]]: ATF test runs leave a rump_server process around
 
-* [[!template id=pr number=53286]]: hdaudio(4), iwm(4) and rtsx(4) detections fail in UEFI case
+* [[!template id=pr number=53286]]: hdaudio(4), iwm(4) and rtsx(4) detections fail in UEFI case /!\
 
 * [[!template id=pr number=53291]]: GPT prevents installation
 
 * [[!template id=pr number=53292]]: uefi boot countdown is invisible
 
+* [[!template id=pr number=53294]]: ixg(4) stops receiving pkts /!\
+
+## Bug Bountys
+
+PRs in the above list marked with /!\ are show stoppers and have a bug bounty of $100 attached.
+If you find a solution for one of the marked issues that leads to closing of the PRs, we will get
+in touch with you.
+
 ## [Test runs](http://releng.netbsd.org/test-results.html)
 
 * ~~[martin's ARM machine invokes ctfconvert unsuccessfully]~~ (done)

Index: wikisrc/releng/netbsd8.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/netbsd8.mdwn,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- wikisrc/releng/netbsd8.mdwn	16 Apr 2018 11:22:11 -0000	1.48
+++ wikisrc/releng/netbsd8.mdwn	16 May 2018 13:48:50 -0000	1.49
@@ -14,7 +14,8 @@
 
 * ~~[[!template id=pr number=53096]]: netbsd-8 crash on heavy disk I/O~~ (done)
 
-* [[!template id=pr number=53053]]: non-MULTIPROCESSOR hangs building Go (still reproducable with newer go?)
+* [[!template id=pr number=53053]]: non-MULTIPROCESSOR hangs building Go (still reproducable with newer go?)  
+  [[!template id=pr number=53173]]: "go test net/http" locks up the machine
 
 * [[!template id=pr number=53016]]: Clock not stable
 
@@ -26,6 +27,12 @@
 
 * [[!template id=pr number=53161]]: ATF test runs leave a rump_server process around
 
+* [[!template id=pr number=53286]]: hdaudio(4), iwm(4) and rtsx(4) detections fail in UEFI case
+
+* [[!template id=pr number=53291]]: GPT prevents installation
+
+* [[!template id=pr number=53292]]: uefi boot countdown is invisible
+
 ## [Test runs](http://releng.netbsd.org/test-results.html)
 
 * ~~[martin's ARM machine invokes ctfconvert unsuccessfully]~~ (done)

Belatedly mention the -8 branch and its state
Index: wikisrc/releng.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng.mdwn,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- wikisrc/releng.mdwn	18 Apr 2018 22:25:50 -0000	1.24
+++ wikisrc/releng.mdwn	16 May 2018 13:39:13 -0000	1.25
@@ -6,12 +6,13 @@
 
 ## Next Major Release
 
-The next major release will be NetBSD 8.0.  There are no dates associated with NetBSD 8.0 yet.
+The next major release will be NetBSD 8.0.  A first release candidate is [availabel](https://blog.netbsd.org/tnf/entry/netbsd_8_0_release_candidate), no final date for the release has been set yet.
 
-Development for NetBSD 8.0 is still occurring on the trunk of the CVS tree.
+* Next release: NetBSD 8.0
+  + CVS branch tag: <code>netbsd-8</code>
 
 Please give a look to the [[NetBSD 8.0 pre-release tasklist|netbsd8]] for more
-information about the 8.0 pre-release tasklist.
+information about open issues and progress.
 
 ## Active Major Releases
 

removed
--- wikisrc/ports/evbarm/allwinner/comment_10_5a9bbbbd96de8dbd51369ebf4fcdd786._comment	2018-05-16 09:50:05.000000000 +0000
+++ /dev/null	2018-05-16 09:50:02.000000000 +0000
@@ -1,10 +0,0 @@
-[[!comment format=mdwn
- username="a.krey@2923c9d60382d5cc88b81ee3e3c8a27491388435"
- nickname="a.krey"
- subject="bananapi console"
- date="2016-01-16T17:46:51Z"
- content="""
-Unfortunately I tried both 'console=fb' and 'setenv console fb', to no avail. I see the (presumably) sunxi boot on HDMI, but after the console switch there are virtual console that react to keypresses, but no login appears on them. The board even appears via DHCP on the network.
-
-I guess I need to find some serial interface to talk to it?
-"""]]

removed
--- wikisrc/ports/evbarm/allwinner/comment_5_d4bf770020f58f128c5152e9a3a391d8._comment	2018-05-16 09:49:32.000000000 +0000
+++ /dev/null	2018-05-16 09:48:00.000000000 +0000
@@ -1,8 +0,0 @@
-[[!comment format=mdwn
- username="perseant@d02ec84b87d74e665bd454c65697ca5da6d387e9"
- nickname="perseant"
- subject="Need console=fb in Banana Pi section"
- date="2016-01-11T22:11:34Z"
- content="""
-It's not obvious that one should add \"console=fb\" to the boot.cmd file when setting up a BPI board.  Other than that these instructions worked perfectly.  Thanks!
-"""]]

removed
--- wikisrc/ports/evbarm/allwinner/comment_4_e2156fecb6fab121ea74429a67500665._comment	2018-05-16 09:48:57.000000000 +0000
+++ /dev/null	2018-05-16 09:48:00.000000000 +0000
@@ -1,23 +0,0 @@
-[[!comment format=mdwn
- username="leot"
- subject="BPI installation notes"
- date="2015-12-10T07:54:16Z"
- content="""
-Dear tri,
-I have just updated instructions regarding how to install NetBSD 7.0 on the
-AllWinner SoCs.
-
-I have noticed that *uenvcmd* was not honored by U-Boot and so writing it is
-needed to have an U-Boot image script (that can be generated via
-mkubootimage(1)).
-
-If you have further questions or you notice some problems feel free to ask and
-I will try to help you (like you I have a Banana Pi and tested all the updated
-instructions on a BPI)!
-
-
-Good luck and happy hacking!
-Ciao,
-L.
-
-"""]]

removed
--- wikisrc/ports/evbarm/allwinner/comment_2_c0e400c28df2838b74dbd0ff11d550cc._comment	2018-05-16 09:47:57.000000000 +0000
+++ /dev/null	2018-05-16 09:45:30.000000000 +0000
@@ -1,19 +0,0 @@
-[[!comment format=mdwn
- username="https://www.google.com/accounts/o8/id?id=AItOawmjiER5abAH1681xkJcWIoZhxB-3YNp0DM"
- nickname="Gilles"
- subject="problems"
- date="2014-12-18T19:48:41Z"
- content="""
-I succeeded to connect via the serial port, but I have a first problems, the root partition exceeds the maximum capacity of the partition:
-
-beagleboard# df -h
-Filesystem         Size       Used      Avail %Cap Mounted on
-/dev/ld0a          434M       434M       -21M 105% /
-
-I could make some changes and I do not know if it came from there, but it is impossible to create user the database is apparently corrupt:
-
-beagleboard# pwd_mkdb /etc/master.passwd 
-pwd_mkdb: Cannot open `/etc/spwd.db.tmp': File exists
-
-
-"""]]

removed
--- wikisrc/ports/evbarm/allwinner/comment_1_d020cb7524ce2af896db8534ce2c6200._comment	2018-05-16 09:47:20.000000000 +0000
+++ /dev/null	2018-05-16 09:45:30.000000000 +0000
@@ -1,12 +0,0 @@
-[[!comment format=mdwn
- username="https://www.google.com/accounts/o8/id?id=AItOawmjiER5abAH1681xkJcWIoZhxB-3YNp0DM"
- nickname="Gilles"
- subject="cubietruck vga/hdmi configuration"
- date="2014-12-18T15:15:28Z"
- content="""
-hello,
-in order to properly operate the cubietruck, I set up a fex/bin file to the root of my SD card. 
-I tried without the script, with a script modified to display on a VGA screen, as well as an original script for display on HDMI display, but none work. 
-I feel that the script is not even read it. 
-the LED display does not do properly. However, I checked several times, I put exactly what was stated in the wiki.
-"""]]

Show how to enable Pinebook Fn keys
Index: wikisrc/ports/evbarm/allwinner.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/ports/evbarm/allwinner.mdwn,v
retrieving revision 1.89
retrieving revision 1.90
diff -u -r1.89 -r1.90
--- wikisrc/ports/evbarm/allwinner.mdwn	10 May 2018 00:12:47 -0000	1.89
+++ wikisrc/ports/evbarm/allwinner.mdwn	15 May 2018 23:06:29 -0000	1.90
@@ -104,3 +104,29 @@
     setenv video-mode sunxi:1280x720-24,overscan_x=32,overscan_y=20
     saveenv
     reset
+
+## Pinebook function keys
+
+The sleep (Fn+Esc), home (Fn+F1), volume down (Fn+F3), volume up (Fn+F4), and mute (Fn+F5) keys on the keyboard are mapped to uhid(4) devices.
+
+Create the following config file:
+
+[[!template  id=filecontent name="/etc/usbhidaction.conf" text="""
+Consumer:Consumer_Control.Consumer:Volume_Up                    1
+        mixerctl -n -w outputs.master++
+Consumer:Consumer_Control.Consumer:Volume_Down                  1
+        mixerctl -n -w outputs.master--
+Consumer:Consumer_Control.Consumer:Mute                         1
+        mixerctl -n -w outputs.mute++
+Consumer:Consumer_Control.Consumer:AC_Home                      1
+        /etc/powerd/scripts/hotkey_button AC_Home pressed
+Generic_Desktop:System_Control.Generic_Desktop:System_Sleep     1
+        /etc/powerd/scripts/sleep_button System_Sleep pressed
+"""]]
+
+Then start two copies of usbhidaction:
+
+[[!template  id=programlisting text="""
+# /usr/bin/usbhidaction -c /etc/usbhidaction.conf -f /dev/uhid0 -i -p /var/run/usbhidaction-uhid0.pid 
+# /usr/bin/usbhidaction -c /etc/usbhidaction.conf -f /dev/uhid1 -i -p /var/run/usbhidaction-uhid1.pid 
+"""]]

A64 audio codec is supported, and experimental I2S support is in tree
Index: wikisrc/ports/evbarm/allwinner.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/ports/evbarm/allwinner.mdwn,v
retrieving revision 1.88
retrieving revision 1.89
diff -u -r1.88 -r1.89
--- wikisrc/ports/evbarm/allwinner.mdwn	6 May 2018 11:31:35 -0000	1.88
+++ wikisrc/ports/evbarm/allwinner.mdwn	10 May 2018 00:12:47 -0000	1.89
@@ -56,7 +56,7 @@
     </tr>
   </thead>
   <tbody>
-    <tr><td>Audio codec</td><td>Yes</td><td>Supported on sun4i, sun5i, sun6i, sun7i, sun8i-h2+, sun8i-h3, sun50i-h5</td></tr>
+    <tr><td>Audio codec</td><td>Yes</td><td>Supported on sun4i, sun5i, sun6i, sun7i, sun8i-h2+, sun8i-h3, sun50i-h5, sun50i-a64</td></tr>
     <tr><td>Crypto engine</td><td>-</td><td></td></tr>
     <tr><td>CSI</td><td>-</td><td></td></tr>
     <tr><td>DMA</td><td>Yes</td><td></td></tr>
@@ -67,7 +67,7 @@
     <tr><td>GPIO</td><td>Yes</td><td></td></tr>
     <tr><td>GPU</td><td>-</td><td></td></tr>
     <tr><td>I2C</td><td>Yes</td><td></td></tr>
-    <tr><td>I2S/PCM</td><td>-</td><td></td></tr>
+    <tr><td>I2S/PCM</td><td>Experimental</td><td></td></tr>
     <tr><td>IR transceiver</td><td>-</td><td></td></tr>
     <tr><td>NAND</td><td>Yes</td><td></td></tr>
     <tr><td>P2WI/RSB</td><td>Yes</td><td></td></tr>

errant :, as pointed out by soda@
Index: wikisrc/users/spz/moderndisk.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/users/spz/moderndisk.mdwn,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- wikisrc/users/spz/moderndisk.mdwn	4 Oct 2017 10:45:01 -0000	1.27
+++ wikisrc/users/spz/moderndisk.mdwn	7 May 2018 06:42:28 -0000	1.28
@@ -164,8 +164,8 @@
     cat > /mnt/boot.cfg
     menu=Boot normally:dev hd0b:;rndseed /entropy/entropy-file;boot hd0b:netbsd
     menu=Boot single user:dev hd0b:;rndseed /entropy/entropy-file;boot hd0b:netbsd -s
-    menu=Boot normally from hd1b::dev hd1b;rndseed /entropy/entropy-file;boot hd1b:netbsd
-    menu=Boot single user from hd1b::dev hd1b;rndseed /entropy/entropy-file;boot hd1b:netbsd -s
+    menu=Boot normally from hd1b:dev hd1b:;rndseed /entropy/entropy-file;boot hd1b:netbsd
+    menu=Boot single user from hd1b:dev hd1b:;rndseed /entropy/entropy-file;boot hd1b:netbsd -s
     menu=Drop to boot prompt:prompt
     default=1
     timeout=5

Flag SPI as supported
Index: wikisrc/ports/evbarm/allwinner.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/ports/evbarm/allwinner.mdwn,v
retrieving revision 1.87
retrieving revision 1.88
diff -u -r1.87 -r1.88
--- wikisrc/ports/evbarm/allwinner.mdwn	6 May 2018 11:29:50 -0000	1.87
+++ wikisrc/ports/evbarm/allwinner.mdwn	6 May 2018 11:31:35 -0000	1.88
@@ -78,7 +78,7 @@
     <tr><td>SD/MMC</td><td>Yes</td><td></td></tr>
     <tr><td>SMP</td><td>Yes</td><td>32-bit only. Uses PSCI support in firmware</td></tr>
     <tr><td>SPDIF</td><td>-</td><td></td></tr>
-    <tr><td>SPI</td><td>-</td><td></td></tr>
+    <tr><td>SPI</td><td>Yes</td><td></td></tr>
     <tr><td>Thermal sensors</td><td>Yes</td><td></td></tr>
     <tr><td>Touch screen</td><td>Yes</td><td></td></tr>
     <tr><td>UART</td><td>Yes</td><td></td></tr>

Flag PWM as supported
Index: wikisrc/ports/evbarm/allwinner.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/ports/evbarm/allwinner.mdwn,v
retrieving revision 1.86
retrieving revision 1.87
diff -u -r1.86 -r1.87
--- wikisrc/ports/evbarm/allwinner.mdwn	5 May 2018 13:36:26 -0000	1.86
+++ wikisrc/ports/evbarm/allwinner.mdwn	6 May 2018 11:29:50 -0000	1.87
@@ -72,7 +72,7 @@
     <tr><td>NAND</td><td>Yes</td><td></td></tr>
     <tr><td>P2WI/RSB</td><td>Yes</td><td></td></tr>
     <tr><td>PCIe</td><td>-</td><td>H6</td></tr>
-    <tr><td>PWM</td><td>-</td><td></td></tr>
+    <tr><td>PWM</td><td>Yes</td><td></td></tr>
     <tr><td>RTC</td><td>Yes</td><td></td></tr>
     <tr><td>SATA</td><td>Yes</td><td></td></tr>
     <tr><td>SD/MMC</td><td>Yes</td><td></td></tr>

Remove "aarch32 mode" limitation for sun50i SoCs.
Index: wikisrc/ports/evbarm/allwinner.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/ports/evbarm/allwinner.mdwn,v
retrieving revision 1.85
retrieving revision 1.86
diff -u -r1.85 -r1.86
--- wikisrc/ports/evbarm/allwinner.mdwn	2 May 2018 16:36:21 -0000	1.85
+++ wikisrc/ports/evbarm/allwinner.mdwn	5 May 2018 13:36:26 -0000	1.86
@@ -36,8 +36,8 @@
     <tr><td>sun8i</td><td>H3</td><td>8.0 and later</td><td><a href="http://nanopi.io/nanopi-neo.html">FriendlyARM NanoPi NEO</a>, <a href="http://www.orangepi.org/orangepiplus2e/">Xunlong Orange Pi Plus 2E</a></td><td></td></tr>
     <tr><td>sun8i</td><td>V3s</td><td>-</td><td><a href="https://www.indiegogo.com/projects/licheepi-zero-6-extensible-linux-module-on-finger-wifi-diy#/">Lichee Pi Zero</a></td><td></td></tr>
     <tr><td>sun9i</td><td>A80</td><td>8.0 and later</td><td><a href="http://linux-sunxi.org/Cubietech_Cubieboard4">Cubietech Cubieboard 4</a></td><td></td></tr>
-    <tr><td>sun50i</td><td>A64</td><td>8.99.2 and later</td><td><a href="https://www.pine64.org/?page_id=1194">Pine64</a>, <a href="https://www.pine64.org/?page_id=3707">Pinebook</a></td><td>aarch32 mode</td></tr>
-    <tr><td>sun50i</td><td>H5</td><td>8.99.4 and later</td><td><a href="http://www.friendlyarm.com/index.php?route=product/product&path=69&product_id=180">FriendlyARM NanoPi NEO2, <a href="http://www.friendlyarm.com/index.php?route=product/product&path=69&product_id=196">FriendlyARM NanoPi NEO Plus2</a></td><td>aarch32 mode</td></tr>
+    <tr><td>sun50i</td><td>A64</td><td>8.99.2 and later</td><td><a href="https://www.pine64.org/?page_id=1194">Pine64</a>, <a href="https://www.pine64.org/?page_id=3707">Pinebook</a></td><td></td></tr>
+    <tr><td>sun50i</td><td>H5</td><td>8.99.4 and later</td><td><a href="http://www.friendlyarm.com/index.php?route=product/product&path=69&product_id=180">FriendlyARM NanoPi NEO2, <a href="http://www.friendlyarm.com/index.php?route=product/product&path=69&product_id=196">FriendlyARM NanoPi NEO Plus2</a></td><td></td></tr>
     <tr><td>sun50i</td><td>H6</td><td>8.99.14 and later</td><td><a href="http://www.orangepi.org/OrangePiOneplus/">Orange Pi One Plus</a>, <a href="https://www.pine64.org/?product_cat=pine-h64-boards">Pine H64</a></td></tr>
   </tbody>
 </table>

Sync mips, and also ARM Cortex-A75 is affected by Meltdown.
Index: wikisrc/security/meltdown_spectre.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/meltdown_spectre.mdwn,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- wikisrc/security/meltdown_spectre.mdwn	4 May 2018 07:30:58 -0000	1.27
+++ wikisrc/security/meltdown_spectre.mdwn	4 May 2018 07:34:51 -0000	1.28
@@ -15,9 +15,9 @@
 i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 i386		|VIA		|Unknown	|		|		|
-mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-mips		|MIPS (others)	|Not vulnerable	|		|		|
+		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|MIPS (others)	|Not vulnerable	|		|		|
 ia64		|Intel		|Not vulnerable	|		|		|
 riscv		|(Spec.)	|Not vulnerable	|		|		|
 		|ARM Cortex-R7	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
@@ -88,7 +88,7 @@
 		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 		|ARM Cortex-A73	|Not vulnerable	|		|		|
-		|ARM Cortex-A75	|Not vulnerable	|		|		|
+		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 		|ARM (others)	|Not vulnerable	|		|		|
 """]]
 

Add ARM, many are affected. Copied as-is from the ARM security page. I
don't know which port(s) they belong to.
Index: wikisrc/security/meltdown_spectre.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/meltdown_spectre.mdwn,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- wikisrc/security/meltdown_spectre.mdwn	12 Apr 2018 06:02:40 -0000	1.26
+++ wikisrc/security/meltdown_spectre.mdwn	4 May 2018 07:30:58 -0000	1.27
@@ -17,9 +17,21 @@
 i386		|VIA		|Unknown	|		|		|
 mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-mips		|Other Models	|Not vulnerable	|		|		|
+mips		|MIPS (others)	|Not vulnerable	|		|		|
 ia64		|Intel		|Not vulnerable	|		|		|
 riscv		|(Spec.)	|Not vulnerable	|		|		|
+		|ARM Cortex-R7	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-R8	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A8	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A9	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A12	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A15	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A17	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A73	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM (others)	|Not vulnerable	|		|		|
 """]]
 
 ## Spectre Variant 2
@@ -32,11 +44,23 @@
 i386		|Intel		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigD]
 i386		|AMD		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigC] [MitigD]
 i386		|VIA		|Unknown	|		|		|
-mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-mips		|Other Models	|Not vulnerable	|		|		|
+		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|MIPS (others)	|Not vulnerable	|		|		|
 ia64		|Intel		|Not vulnerable	|		|		|
 riscv		|(Spec.)	|Not vulnerable	|		|		|
+		|ARM Cortex-R7	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-R8	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A8	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A9	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A12	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A15	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A17	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A73	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM (others)	|Not vulnerable	|		|		|
 """]]
 
 ## Meltdown
@@ -49,11 +73,23 @@
 i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 i386		|AMD		|Not vulnerable	|		|		|
 i386		|VIA		|Unknown	|		|		|
-mips		|MIPS P5600	|Not vulnerable	|		|		|
-mips		|MIPS P6600	|Not vulnerable	|		|		|
-mips		|Other Models	|Not vulnerable	|		|		|
+		|MIPS P5600	|Not vulnerable	|		|		|
+		|MIPS P6600	|Not vulnerable	|		|		|
+		|MIPS (others)	|Not vulnerable	|		|		|
 ia64		|Intel		|Not vulnerable	|		|		|
 riscv		|(Spec.)	|Not vulnerable	|		|		|
+		|ARM Cortex-R7	|Not vulnerable	|		|		|
+		|ARM Cortex-R8	|Not vulnerable	|		|		|
+		|ARM Cortex-A8	|Not vulnerable	|		|		|
+		|ARM Cortex-A9	|Not vulnerable	|		|		|
+		|ARM Cortex-A12	|Not vulnerable	|		|		|
+		|ARM Cortex-A15	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A17	|Not vulnerable	|		|		|
+		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+		|ARM Cortex-A73	|Not vulnerable	|		|		|
+		|ARM Cortex-A75	|Not vulnerable	|		|		|
+		|ARM (others)	|Not vulnerable	|		|		|
 """]]
 
 ## Mitigations

Note arm64.img for 64-bit targets
Index: wikisrc/ports/evbarm/allwinner.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/ports/evbarm/allwinner.mdwn,v
retrieving revision 1.84
retrieving revision 1.85
diff -u -r1.84 -r1.85
--- wikisrc/ports/evbarm/allwinner.mdwn	2 May 2018 16:34:40 -0000	1.84
+++ wikisrc/ports/evbarm/allwinner.mdwn	2 May 2018 16:36:21 -0000	1.85
@@ -91,7 +91,7 @@
 
 # Installation
 
-- Download or build **armv7.img** from NetBSD -current
+- Download or build **armv7.img** (32-bit) or **arm64.img** (64-bit) from NetBSD -current
 - Write the image to disk: **dd if=armv7.img of=/dev/rld0d bs=1m conv=sync**
 - Install a board-specific U-Boot (2017.07 or later) from pkgsrc to the SD card: **dd if=/usr/pkg/share/u-boot/&lt;boardname&gt;/u-boot-sunxi-with-spl.bin of=/dev/rld0d bs=1k seek=8 conv=sync**
 

H5 audio codec should work
Index: wikisrc/ports/evbarm/allwinner.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/ports/evbarm/allwinner.mdwn,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -r1.83 -r1.84
--- wikisrc/ports/evbarm/allwinner.mdwn	2 May 2018 16:31:13 -0000	1.83
+++ wikisrc/ports/evbarm/allwinner.mdwn	2 May 2018 16:34:40 -0000	1.84
@@ -56,7 +56,7 @@
     </tr>
   </thead>
   <tbody>
-    <tr><td>Audio codec</td><td>Yes</td><td>Supported on sun4i, sun5i, sun6i, sun7i, sun8i-h2+, sun8i-h3</td></tr>
+    <tr><td>Audio codec</td><td>Yes</td><td>Supported on sun4i, sun5i, sun6i, sun7i, sun8i-h2+, sun8i-h3, sun50i-h5</td></tr>
     <tr><td>Crypto engine</td><td>-</td><td></td></tr>
     <tr><td>CSI</td><td>-</td><td></td></tr>
     <tr><td>DMA</td><td>Yes</td><td></td></tr>

USB 3.0 is supported now
Index: wikisrc/ports/evbarm/allwinner.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/ports/evbarm/allwinner.mdwn,v
retrieving revision 1.82
retrieving revision 1.83
diff -u -r1.82 -r1.83
--- wikisrc/ports/evbarm/allwinner.mdwn	1 May 2018 21:34:36 -0000	1.82
+++ wikisrc/ports/evbarm/allwinner.mdwn	2 May 2018 16:31:13 -0000	1.83
@@ -83,7 +83,7 @@
     <tr><td>Touch screen</td><td>Yes</td><td></td></tr>
     <tr><td>UART</td><td>Yes</td><td></td></tr>
     <tr><td>USB 2.0</td><td>Yes</td><td></td></tr>
-    <tr><td>USB 3.0</td><td>-</td><td>H6</td></tr>
+    <tr><td>USB 3.0</td><td>Yes</td><td></td></tr>
     <tr><td>USB OTG</td><td>Experimental</td><td></td></tr>
     <tr><td>Watchdog timer</td><td>Yes</td><td></td></tr>
   </tbody>

Index: wikisrc/ports/evbarm/allwinner.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/ports/evbarm/allwinner.mdwn,v
retrieving revision 1.81
retrieving revision 1.82
diff -u -r1.81 -r1.82
--- wikisrc/ports/evbarm/allwinner.mdwn	22 Feb 2018 13:25:11 -0000	1.81
+++ wikisrc/ports/evbarm/allwinner.mdwn	1 May 2018 21:34:36 -0000	1.82
@@ -38,7 +38,7 @@
     <tr><td>sun9i</td><td>A80</td><td>8.0 and later</td><td><a href="http://linux-sunxi.org/Cubietech_Cubieboard4">Cubietech Cubieboard 4</a></td><td></td></tr>
     <tr><td>sun50i</td><td>A64</td><td>8.99.2 and later</td><td><a href="https://www.pine64.org/?page_id=1194">Pine64</a>, <a href="https://www.pine64.org/?page_id=3707">Pinebook</a></td><td>aarch32 mode</td></tr>
     <tr><td>sun50i</td><td>H5</td><td>8.99.4 and later</td><td><a href="http://www.friendlyarm.com/index.php?route=product/product&path=69&product_id=180">FriendlyARM NanoPi NEO2, <a href="http://www.friendlyarm.com/index.php?route=product/product&path=69&product_id=196">FriendlyARM NanoPi NEO Plus2</a></td><td>aarch32 mode</td></tr>
-    <tr><td>sun50i</td><td>H6</td><td>-</td><td><a href="http://www.orangepi.org/OrangePiOneplus/">Orange Pi One Plus</a>, <a href="https://www.pine64.org/?product_cat=pine-h64-boards">Pine H64</a></td></tr>
+    <tr><td>sun50i</td><td>H6</td><td>8.99.14 and later</td><td><a href="http://www.orangepi.org/OrangePiOneplus/">Orange Pi One Plus</a>, <a href="https://www.pine64.org/?product_cat=pine-h64-boards">Pine H64</a></td></tr>
   </tbody>
 </table>
 
@@ -71,17 +71,19 @@
     <tr><td>IR transceiver</td><td>-</td><td></td></tr>
     <tr><td>NAND</td><td>Yes</td><td></td></tr>
     <tr><td>P2WI/RSB</td><td>Yes</td><td></td></tr>
+    <tr><td>PCIe</td><td>-</td><td>H6</td></tr>
     <tr><td>PWM</td><td>-</td><td></td></tr>
     <tr><td>RTC</td><td>Yes</td><td></td></tr>
     <tr><td>SATA</td><td>Yes</td><td></td></tr>
     <tr><td>SD/MMC</td><td>Yes</td><td></td></tr>
-    <tr><td>SMP</td><td>Yes</td><td>Uses PSCI support in firmware</td></tr>
+    <tr><td>SMP</td><td>Yes</td><td>32-bit only. Uses PSCI support in firmware</td></tr>
     <tr><td>SPDIF</td><td>-</td><td></td></tr>
     <tr><td>SPI</td><td>-</td><td></td></tr>
     <tr><td>Thermal sensors</td><td>Yes</td><td></td></tr>
     <tr><td>Touch screen</td><td>Yes</td><td></td></tr>
     <tr><td>UART</td><td>Yes</td><td></td></tr>
     <tr><td>USB 2.0</td><td>Yes</td><td></td></tr>
+    <tr><td>USB 3.0</td><td>-</td><td>H6</td></tr>
     <tr><td>USB OTG</td><td>Experimental</td><td></td></tr>
     <tr><td>Watchdog timer</td><td>Yes</td><td></td></tr>
   </tbody>
@@ -102,4 +104,3 @@
     setenv video-mode sunxi:1280x720-24,overscan_x=32,overscan_y=20
     saveenv
     reset
-

Add some architecture lists to features. Remove SSP for userland, it is not new
Index: wikisrc/users/maya/release-notes-8-draft.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/users/maya/release-notes-8-draft.mdwn,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- wikisrc/users/maya/release-notes-8-draft.mdwn	20 Apr 2018 12:08:50 -0000	1.13
+++ wikisrc/users/maya/release-notes-8-draft.mdwn	20 Apr 2018 12:29:19 -0000	1.14
@@ -4,17 +4,15 @@
 Then expanded to be readable by an average technically inclined person.  
 Then reordered for most cool things on top.
 
-* PaX MPROTECT (W\^X) memory protection enforced by default on architectures with fine-grained memory protection
-* PaX ASLR in some archs, MKPIE default for userland  
-XXX list of archs
-* SSP/FORTIFY default for userland and packages.  
-XXX is SSP / MKPIE new to userland?
+* PaX MPROTECT (W\^X) memory protection enforced by default on some architectures with fine-grained memory protection and suitable PLT formats:
+  i386, amd64, evbarm, landisk, pmax
+* PaX ASLR enabled by default on:
+  i386, amd64, evbarm, landisk, pmax, sparc64
+* MKPIE default for userland on:
+  i386, amd64, arm, m68k, mips, sh3, sparc64
 * In-kernel audio mixer
 * Real-Time Signals
 * Synchronize Machine Independent features in ptrace(2) with Linux and FreeBSD
-* Improved C11 feature completeness (added missing headers, implemented functions)
-* ext4 enhanced read-only support
-* nc(1) imported from OpenBSD
 * sys_info a new script to return version information for system libraries and utilities
 * added intrctl(8) interrupt distribution control utility.
 * added can(4) socketcan implementation, a socket layer for CAN busses

update 3rd party component versions
Index: wikisrc/users/maya/release-notes-8-draft.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/users/maya/release-notes-8-draft.mdwn,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- wikisrc/users/maya/release-notes-8-draft.mdwn	20 Apr 2018 05:53:16 -0000	1.12
+++ wikisrc/users/maya/release-notes-8-draft.mdwn	20 Apr 2018 12:08:50 -0000	1.13
@@ -107,14 +107,14 @@
 
 Third party software:
 
-* GCC 5.4 with Address Sanitizer and Undefined Behavior Sanitizer
+* GCC 5.5 with Address Sanitizer and Undefined Behavior Sanitizer
 * GDB 7.12
 * GNU binutils 2.27
-* Clang/LLVM 4.0
+* Clang/LLVM 3.8.1
 * OpenSSH 7.6
 * OpenSSL 1.0.2k
 * mdocml 1.14.1
 * acpica 20170303
-* ntp 4.2.8p10
-* dhcpcd 7.0.0
+* ntp 4.2.8p11-o
+* dhcpcd 7.0.3
 * Lua 5.3.4

X540, X550 and ixv
Index: wikisrc/users/maya/release-notes-8-draft.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/users/maya/release-notes-8-draft.mdwn,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- wikisrc/users/maya/release-notes-8-draft.mdwn	20 Apr 2018 05:44:43 -0000	1.11
+++ wikisrc/users/maya/release-notes-8-draft.mdwn	20 Apr 2018 05:53:16 -0000	1.12
@@ -99,6 +99,8 @@
 
 * bta2dpd - new Bluetooth Advanced Audio Distribution Profile daemon
 * iwm(4), a driver for Intel Wireless devices (AC7260, AC7265, AC3160...)
+* ixg(4): X540, X550 and newer device support.
+* ixv(4): Intel 10G Ethernet virtual function driver.
 * nvme(4), a driver for NVMe hardware, ported from OpenBSD
 * nouveau, an open source driver for modern nVidia graphics, ported from linux, available by default.
    (this is at the bottom because we mentioned it in 7.1 too)

PCI MSI/MSI-X support, PCI extended configuration support.
Index: wikisrc/users/maya/release-notes-8-draft.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/users/maya/release-notes-8-draft.mdwn,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- wikisrc/users/maya/release-notes-8-draft.mdwn	23 Mar 2018 22:12:33 -0000	1.10
+++ wikisrc/users/maya/release-notes-8-draft.mdwn	20 Apr 2018 05:44:43 -0000	1.11
@@ -73,6 +73,8 @@
 * SMEP
 * SMAP
 * amd64 kernel W\^X
+* PCI MSI/MSI-X support (except Xen)
+* PCI extended configuration space support
 * EFI bootloader
 * added i386 GENERIC_PAE kernel that supports >4GB systems
 * Debug Registers for debuggers

prune link to release-prep, which is no longer a public document
Index: wikisrc/releng.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng.mdwn,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- wikisrc/releng.mdwn	19 Mar 2018 04:46:32 -0000	1.23
+++ wikisrc/releng.mdwn	18 Apr 2018 22:25:50 -0000	1.24
@@ -50,6 +50,5 @@
 ##  Release Engineer Documentation
 
 * [[Pull-up workflow and policies|workflow]]
-* [[Preparing for a release|release-prep]]
 * [[Long and mid-term releng chores|releng-todo]]
 * [[The Autobuild cluster|autobuild]]

this document has no need to be public and i'm tired of fighting markdown.
nuke it and return to what it was when i originally wrote it: a plain old
text file. releng folks: it's in localsrc/releng/release-prep.txt now.
--- wikisrc/releng/release-prep.mdwn	2018-04-18 22:25:14.000000000 +0000
+++ /dev/null	2018-04-18 22:20:21.000000000 +0000
@@ -1,221 +0,0 @@
-This file contains various information about doing releng-y stuff.
-
-==========
-
-CREATING A NEW MAJOR RELEASE BRANCH:
-
-When everything is settled on HEAD, create a base tag and then branch
-from that:
-
-        cvs rtag -a netbsd-5-base xsrc src
-        cvs rtag -a -b -rnetbsd-5-base netbsd-5 src xsrc
-
-Then move HEAD forward:
-
-* Add the newly created branch to doc/BRANCHES
-* Copy contents of doc/CHANGES to doc/CHANGES.prev and zero out doc/CHANGES
-* In sys/sys/param.h, bump \_\_NetBSD_Version\_\_ and its comment to 5.99.1
-* In external/gpl2/groff/tmac/mdoc.local, update doc-operating-system
-  and doc-default-operating-system to the latest major version, and add
-  an entry for the _next_ version (6.0 in this case)
-
-For the first commit to the newly created release branch:
-
-* Adjust doc/README.files and doc/LAST_MINUTE, updating version numbers
-  and adding CHANGES-5.0 to README.files
-* Update doc-operating-system and doc-default-operating-system version
-  numbers in external/gpl2/groff/tmac/mdoc.local
-* Update \_\_NetBSD_Version\_\_ (and the comment, which should be 5.0_BETA
-  at this point) in sys/sys/param.h
-* Create doc/CHANGES-5.0 and document the above changes
-* Commit
-
-At this point, the new branch is ready to be announced and pullups can begin
-after admins have set up the new req queue and email aliases.
-
-==========
-
-CREATING RELEASE CANDIDATES AND FORMAL RELEASES:
-
-1. If moving from BETA to RC1, remember to disable DIAGNOSTIC and DEBUG
-   in kernel config files.  Also comment out -D_DIAGNOSTIC in
-   lib/libc/Makefile.inc.
-
-2. Make sure release notes are updated in distrib/notes
-
-   A good starting point is to generate notes for a sample port
-   (<code>cd distrib/notes/amd64; make USETOOLS=no</code>), read the HTML file, and look
-   for things that need updating.
-
-   Stuff you'll definitely need to do:
-   - Brace yourself.  The sheer amount of useless information from days
-     of yore will blow you away.  You'll even start to think "you know, it's
-     possible someone actually _does_ want to read about splitting
-     distribution sets so they'll fit on floppies."
-   - Update Dd (should be the day the release is tagged)
-   - Update version numbers
-   - Add mention of the latest CHANGES-&lt;VERSION&gt; file in the "Release
-     Contents" section
-   - Adjust known issues section as necessary
-   - Adjust compatibility issues section as necessary
-   - Check the {core,portmasters,releng,developers} lists (while grumbling 
-     about how you really ought to just remove this ridiculous self-indulgent
-     section from the notes entirely).
-
-3. Update version numbers in <code>external/gpl2/groff/tmac/mdoc.local</code> and
-   <code>sys/sys/param.h</code>.  Make sure <code>doc/LAST_MINUTE</code> is zeroed out
-   and adjust version number.  List the above changes in CHANGES-&lt;VERSION&gt;
-   and commit with a good ol' fashioned "welcome to &lt;VERSION&gt;" message..
-
-4. Tag the release or release candidate:
-
-   <code>cvs -f rtag -a -rnetbsd-5 netbsd-5-0-RELEASE src xsrc</code>
-
-   If something needs to be retagged after the fact:
-
-   - Change &lt;file&gt; on the netbsd-5 branch.
-   - <code>cvs tag -d netbsd-5-0-RELEASE &lt;file&gt;</code>
-   - <code>cvs tag -rnetbsd-5 netbsd-5-0-RELEASE &lt;file&gt;</code>
-
-5. Add the tag for this release or release candidate to the autobuild config
-   files.
-
-   First make the changes in localsrc:
-   - <code>localsrc/releng/autobuild/etc/autobuild.conf</code> (add to
-     AB_STICKY_TAG_LIST)
-   - <code>localsrc/releng/autobuild/etc/archlist</code> (for whichever
-     architectures are appropriate)
-
-   Then on build.netbsd.org, as the builds user:
-
-   <code>cd ~/etc; cvs up archlist autobuild.conf</code>
-
-6. Add tag to <code>~builds/etc/build_order</code> like: <code>netbsd-5-0-RELEASE:N:N</code>
-   This means the tag will only be built once, and it won't be uploaded
-   after it finishes building.  Put it below the top-most entry (the entry
-   at the very top is the one currently being built).
-
-7. Spend the next few hours worrying about some unforeseen or sporadic problem
-   causing one or more ports to fail.  Cross your fingers and hope that you're
-   spared the hassle.  If you're not so lucky, dig around and manually rebuild
-   a port, copying the build.sh line from logs.
-
-8. Send mail to admins, asking them to create <code>/pub/NetBSD/NetBSD-&lt;release&gt;</code>, owned by builds:builds.
-
-9. Once the build is finished, manually create ISOs for macppc and mac68k.
-
-   The following stuff should be done on build.netbsd.org as the 'builds' user.
-   Needs cdrtools 2.01 (but not newer!).  The binary in ~/bin/mkisofs works.
-
-   <code>cd ~/scratch/src/distrib/cdrom</code> (a checkout of src from HEAD)
-
-   Copy and fiddle with some ridiculous .mk and .conf files, adjusting for
-   the relevant release.
-
-   Do the following, with a TARGET_CD_IMAGE value of macppccd and then mac68kcd.
-
-   <code>make MKISOFS=/home/builds/bin/mkisofs USETOOLS=no RELEASE=&lt;VERSION&gt; TARGET_CD_IMAGE=macppccd DISTRIBDIR=/home/builds/ab/netbsd-5-0-RC4/release/netbsd-5-0-RC4/200904142015Z all</code>
-
-   Copy resulting ISOs to the autobuild output directory under the images
-   subdirectory.  Rename them to NetBSD-mac{ppc,68k}-&lt;VERSION&gt;.iso.
-
-   Regenerate hashes for the ISOs:
-
-   <code>cksum -a md5 NetBSD&ast; &gt; MD5</code>
-
-   <code>cksum -a sha512 NetBSD&ast; &gt; SHA512</code>
-
-10. rsync to nbftp.  It goes to a staging dir in /pub/NetBSD/misc/releng first.
-
-    <code>rsync -avu --progress --port 874 --password-file /home/builds/.rsync &lt;path-to-top-level-release-dir&gt; builds@ftp.netbsd.org::builds/</code>
-
-    This will upload the files to <code>ftp.NetBSD.org:/pub/NetBSD/misc/releng/</code>.
-
-    As user 'builds' on nbftp:
-
-        mkdir /pub/NetBSD/images/<VERSION>
-        cd /pub/NetBSD/misc/releng/<top-level-of-release-directory>
-        mv images/* /pub/NetBSD/images/<VERISON>/
-        rmdir images
-        mv * /pub/NetBSD/<VERSION>/
-        cd /pub/NetBSD/<VERSION>
-        ln -s ../images/<VERSION> images
-        ln -s images iso
-
-11. If this is a formal release, create torrents
-
-    As user 'builds' on nbftp in the images subdirectory of the release tree:
-
-        for i in NetBSD-* ; do
-        maketorrent-console http://tracker.netbsd.org:6969/announce $i
-        done
-
-    Hard link the torrents and image files to <code>/pub/NetBSD/torrent</code>.
-
-12. Get security-officer@ to sign binaries and ISOs.
-
-    <code>localsrc/security/programs/rel-hashes.sh</code>
-
-13. Give mirror-maintainers@ a heads up that new release binaries are available.
-    This should be done 3ish days prior to the expected announce date.
-
-14. Update the website and wiki.
-
-   We now only provide a "changes in this release" summary in htdocs.
-   Basically, in <code>htdocs/releases/formal-<MAJOR></code>, copy the previous
-   release's XML files, adjust Makefile as necessary, and start the dull
-   process of adding content.  Beware that this is a soul-sucking task,
-   and you MUST RESIST THE TEMPTATION TO MENTION EVERY LITTLE CHANGE.  Try
-   to limit it to a list of things that people will be excited about.  Think
-   "what sells NetBSD?"  Release notes != changelog.
-
-   Don't forget to edit <code>htdocs/layout.xml</code> and add an entry for
-   the new page.
-
-    - Commit release's HTML file in htdocs/releases/formal-<MAJOR>
-    - Update htdocs/share/xml/misc.ent (release.*)
-    - Add htdocs/support/security/patches-<VERSION>
-    - Update htdocs/support/security/index.xml
-    - Update htdocs/support/security/release.xml
-    - Update htdocs/releases/formal-<MAJOR>/index.xml
-    - Update htdocs/releases/formal.xml
-    - Update htdocs/releases/index.xml
-    - Update htdocs/mirrors/torrents/
-    - Update htdocs/about/history.xml
-    - Update htdocs/changes/index.xml
-    - Update htdocs/index.html
-    - Update htdocs/developers/features/
-    - Update htdocs/docs/guide/en/chap-fetch.xml
-    - Update htdocs/ports/history.xml
-    - Update htdocs/docs/index.xml
-    - Top-level regen of everything
-    - Update [[wikisrc/releng.mdwn|releng]]
-    - Update [[wikisrc/ports.mdwn|ports]] and [[wikisrc/ports/*.mdwn|ports]], e.g.:
-
-    [[!template id=programlisting text="""
-export OLD_REL_VER="7\.0\.1"
-export OLD_REL_URL="http://www.netbsd.org/releases/formal-7/"

(Diff truncated)
SIGH
Index: wikisrc/releng/release-prep.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/release-prep.mdwn,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- wikisrc/releng/release-prep.mdwn	18 Apr 2018 21:58:15 -0000	1.48
+++ wikisrc/releng/release-prep.mdwn	18 Apr 2018 21:59:09 -0000	1.49
@@ -162,7 +162,7 @@
 14. Update the website and wiki.
 
    We now only provide a "changes in this release" summary in htdocs.
-   Basically, in htdocs/releases/formal-<MAJOR>, copy the previous
+   Basically, in <code>htdocs/releases/formal-<MAJOR></code>, copy the previous
    release's XML files, adjust Makefile as necessary, and start the dull
    process of adding content.  Beware that this is a soul-sucking task,
    and you MUST RESIST THE TEMPTATION TO MENTION EVERY LITTLE CHANGE.  Try

play the "which is it? &lt; or <?" game some more.
Index: wikisrc/releng/release-prep.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/release-prep.mdwn,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -r1.47 -r1.48
--- wikisrc/releng/release-prep.mdwn	18 Apr 2018 21:53:33 -0000	1.47
+++ wikisrc/releng/release-prep.mdwn	18 Apr 2018 21:58:15 -0000	1.48
@@ -153,6 +153,7 @@
     Hard link the torrents and image files to <code>/pub/NetBSD/torrent</code>.
 
 12. Get security-officer@ to sign binaries and ISOs.
+
     <code>localsrc/security/programs/rel-hashes.sh</code>
 
 13. Give mirror-maintainers@ a heads up that new release binaries are available.
@@ -161,7 +162,7 @@
 14. Update the website and wiki.
 
    We now only provide a "changes in this release" summary in htdocs.
-   Basically, in htdocs/releases/formal-&lt;blah&gt;, copy the previous
+   Basically, in htdocs/releases/formal-<MAJOR>, copy the previous
    release's XML files, adjust Makefile as necessary, and start the dull
    process of adding content.  Beware that this is a soul-sucking task,
    and you MUST RESIST THE TEMPTATION TO MENTION EVERY LITTLE CHANGE.  Try
@@ -171,12 +172,12 @@
    Don't forget to edit <code>htdocs/layout.xml</code> and add an entry for
    the new page.
 
-    - Commit release's HTML file in htdocs/releases/formal-&lt;blah&gt;
+    - Commit release's HTML file in htdocs/releases/formal-<MAJOR>
     - Update htdocs/share/xml/misc.ent (release.*)
-    - Add htdocs/support/security/patches-&lt;blah&gt;
+    - Add htdocs/support/security/patches-<VERSION>
     - Update htdocs/support/security/index.xml
     - Update htdocs/support/security/release.xml
-    - Update htdocs/releases/formal-&lt;blah&gt;/index.xml
+    - Update htdocs/releases/formal-<MAJOR>/index.xml
     - Update htdocs/releases/formal.xml
     - Update htdocs/releases/index.xml
     - Update htdocs/mirrors/torrents/
@@ -188,7 +189,6 @@
     - Update htdocs/ports/history.xml
     - Update htdocs/docs/index.xml
     - Top-level regen of everything
-
     - Update [[wikisrc/releng.mdwn|releng]]
     - Update [[wikisrc/ports.mdwn|ports]] and [[wikisrc/ports/*.mdwn|ports]], e.g.:
 

apparently HTML escapes only work some of the time.
please die in a fire, wiki.
Members: 
	releng/release-prep.mdwn:1.46->1.47 

Index: wikisrc/releng/release-prep.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/release-prep.mdwn,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -r1.46 -r1.47
--- wikisrc/releng/release-prep.mdwn	18 Apr 2018 21:50:26 -0000	1.46
+++ wikisrc/releng/release-prep.mdwn	18 Apr 2018 21:53:33 -0000	1.47
@@ -133,13 +133,13 @@
 
     As user 'builds' on nbftp:
 
-        mkdir /pub/NetBSD/images/&lt;VERSION&gt;
-        cd /pub/NetBSD/misc/releng/&lt;top-level-of-release-directory&gt;
-        mv images/* /pub/NetBSD/images/&lt;VERISON&gt;/
+        mkdir /pub/NetBSD/images/<VERSION>
+        cd /pub/NetBSD/misc/releng/<top-level-of-release-directory>
+        mv images/* /pub/NetBSD/images/<VERISON>/
         rmdir images
-        mv * /pub/NetBSD/&lt;VERSION&gt;/
-        cd /pub/NetBSD/&lt;VERSION&gt;
-        ln -s ../images/&lt;VERSION&gt; images
+        mv * /pub/NetBSD/<VERSION>/
+        cd /pub/NetBSD/<VERSION>
+        ln -s ../images/<VERSION> images
         ln -s images iso
 
 11. If this is a formal release, create torrents

another commit, another attempt at fixing formatting
Index: wikisrc/releng/release-prep.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/release-prep.mdwn,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -r1.45 -r1.46
--- wikisrc/releng/release-prep.mdwn	18 Apr 2018 21:46:40 -0000	1.45
+++ wikisrc/releng/release-prep.mdwn	18 Apr 2018 21:50:26 -0000	1.46
@@ -127,19 +127,20 @@
 
 10. rsync to nbftp.  It goes to a staging dir in /pub/NetBSD/misc/releng first.
 
-    rsync -avu --progress --port 874 --password-file /home/builds/.rsync &lt;path-to-top-level-release-dir&gt; builds@ftp.netbsd.org::builds/
+    <code>rsync -avu --progress --port 874 --password-file /home/builds/.rsync &lt;path-to-top-level-release-dir&gt; builds@ftp.netbsd.org::builds/</code>
 
     This will upload the files to <code>ftp.NetBSD.org:/pub/NetBSD/misc/releng/</code>.
 
     As user 'builds' on nbftp:
-    <code>mkdir /pub/NetBSD/images/&lt;VERSION&gt;</code>
-    <code>cd /pub/NetBSD/misc/releng/&lt;top-level-of-release-directory&gt;</code>
-    <code>mv images/* /pub/NetBSD/images/&lt;VERISON&gt;/</code> 
-    <code>rmdir images</code>
-    <code>mv * /pub/NetBSD/&lt;VERSION&gt;/</code>
-    <code>cd /pub/NetBSD/&lt;VERSION&gt;</code>
-    <code>ln -s ../images/&lt;VERSION&gt; images</code>
-    <code>ln -s images iso</code>
+
+        mkdir /pub/NetBSD/images/&lt;VERSION&gt;
+        cd /pub/NetBSD/misc/releng/&lt;top-level-of-release-directory&gt;
+        mv images/* /pub/NetBSD/images/&lt;VERISON&gt;/
+        rmdir images
+        mv * /pub/NetBSD/&lt;VERSION&gt;/
+        cd /pub/NetBSD/&lt;VERSION&gt;
+        ln -s ../images/&lt;VERSION&gt; images
+        ln -s images iso
 
 11. If this is a formal release, create torrents
 

try again
Index: wikisrc/releng/release-prep.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/release-prep.mdwn,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- wikisrc/releng/release-prep.mdwn	18 Apr 2018 21:43:28 -0000	1.44
+++ wikisrc/releng/release-prep.mdwn	18 Apr 2018 21:46:40 -0000	1.45
@@ -87,6 +87,7 @@
      architectures are appropriate)
 
    Then on build.netbsd.org, as the builds user:
+
    <code>cd ~/etc; cvs up archlist autobuild.conf</code>
 
 6. Add tag to <code>~builds/etc/build_order</code> like: <code>netbsd-5-0-RELEASE:N:N</code>
@@ -119,8 +120,10 @@
    subdirectory.  Rename them to NetBSD-mac{ppc,68k}-&lt;VERSION&gt;.iso.
 
    Regenerate hashes for the ISOs:
-   <code>cksum -a md5 NetBSD* &gt; MD5
-   cksum -a sha512 NetBSD* &gt; SHA512</code>
+
+   <code>cksum -a md5 NetBSD&ast; &gt; MD5</code>
+
+   <code>cksum -a sha512 NetBSD&ast; &gt; SHA512</code>
 
 10. rsync to nbftp.  It goes to a staging dir in /pub/NetBSD/misc/releng first.
 

maybe fix some formatting junk
Index: wikisrc/releng/release-prep.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/release-prep.mdwn,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- wikisrc/releng/release-prep.mdwn	18 Apr 2018 21:37:25 -0000	1.43
+++ wikisrc/releng/release-prep.mdwn	18 Apr 2018 21:43:28 -0000	1.44
@@ -77,18 +77,17 @@
    - <code>cvs tag -d netbsd-5-0-RELEASE &lt;file&gt;</code>
    - <code>cvs tag -rnetbsd-5 netbsd-5-0-RELEASE &lt;file&gt;</code>
 
-5. Add the tag for this release or release candidate to the autobuild config files.
+5. Add the tag for this release or release candidate to the autobuild config
+   files.
 
    First make the changes in localsrc:
-   - <code>localsrc/releng/autobuild/etc/autobuild.conf</code> (AB_STICKY_TAG_LIST)
-   - <code>localsrc/releng/autobuild/etc/archlist</code> (for whichever architectures are appropriate)
+   - <code>localsrc/releng/autobuild/etc/autobuild.conf</code> (add to
+     AB_STICKY_TAG_LIST)
+   - <code>localsrc/releng/autobuild/etc/archlist</code> (for whichever
+     architectures are appropriate)
 
    Then on build.netbsd.org, as the builds user:
-   <code>cd ~/etc</code>
-   <code>cvs up archlist autobuild.conf</code>
-
-   The following change doesn't need to be made in localsrc, because it'll disappear
-   on its own after the build completes.
+   <code>cd ~/etc; cvs up archlist autobuild.conf</code>
 
 6. Add tag to <code>~builds/etc/build_order</code> like: <code>netbsd-5-0-RELEASE:N:N</code>
    This means the tag will only be built once, and it won't be uploaded
@@ -120,8 +119,8 @@
    subdirectory.  Rename them to NetBSD-mac{ppc,68k}-&lt;VERSION&gt;.iso.
 
    Regenerate hashes for the ISOs:
-   <code>cksum -a md5 NetBSD* &gt; MD5</code>
-   <code>cksum -a sha512 NetBSD* &gt; SHA512</code>
+   <code>cksum -a md5 NetBSD* &gt; MD5
+   cksum -a sha512 NetBSD* &gt; SHA512</code>
 
 10. rsync to nbftp.  It goes to a staging dir in /pub/NetBSD/misc/releng first.
 

more improvements
Index: wikisrc/releng/release-prep.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/release-prep.mdwn,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- wikisrc/releng/release-prep.mdwn	18 Apr 2018 19:39:35 -0000	1.42
+++ wikisrc/releng/release-prep.mdwn	18 Apr 2018 21:37:25 -0000	1.43
@@ -35,9 +35,13 @@
 
 ==========
 
-Cutting release candidates and releases:
+CREATING RELEASE CANDIDATES AND FORMAL RELEASES:
 
-1. Make sure release notes are updated in distrib/notes
+1. If moving from BETA to RC1, remember to disable DIAGNOSTIC and DEBUG
+   in kernel config files.  Also comment out -D_DIAGNOSTIC in
+   lib/libc/Makefile.inc.
+
+2. Make sure release notes are updated in distrib/notes
 
    A good starting point is to generate notes for a sample port
    (<code>cd distrib/notes/amd64; make USETOOLS=no</code>), read the HTML file, and look
@@ -50,7 +54,7 @@
      distribution sets so they'll fit on floppies."
    - Update Dd (should be the day the release is tagged)
    - Update version numbers
-   - Add mention of the latest CHANGES-&lt;version&gt; file in the "Release
+   - Add mention of the latest CHANGES-&lt;VERSION&gt; file in the "Release
      Contents" section
    - Adjust known issues section as necessary
    - Adjust compatibility issues section as necessary
@@ -58,25 +62,14 @@
      about how you really ought to just remove this ridiculous self-indulgent
      section from the notes entirely).
 
-   We now only include a summary of chnages in htdocs.  Basically, in
-   htdocs/releases/formal-&lt;blah&gt;, copy the previous
-   release's XML files, adjust Makefile as necessary, and start the dull
-   process of adding content.  Beware that this is a soul-sucking task,
-   and you MUST RESIST THE TEMPTATION TO MENTION EVERY LITTLE CHANGE.  Try
-   to keep it to a list of things that people will be excited about and
-   will sell NetBSD.  Release notes != changelog.
-
-   Don't forget to edit <code>htdocs/layout.xml</code> and add an entry for
-   the new page.
-
-2. Update version numbers in <code>gnu/usr.bin/groff/tmac/mdoc.local</code> and
-   sys/sys/param.h.  Add new CHANGES file to doc/README.files, updating
-   release numbers while there.  Make sure <code>doc/LAST_MINUTE</code> is zeroed out
-   and adjust version number.
+3. Update version numbers in <code>external/gpl2/groff/tmac/mdoc.local</code> and
+   <code>sys/sys/param.h</code>.  Make sure <code>doc/LAST_MINUTE</code> is zeroed out
+   and adjust version number.  List the above changes in CHANGES-&lt;VERSION&gt;
+   and commit with a good ol' fashioned "welcome to &lt;VERSION&gt;" message..
 
-3. Note changes from steps 1 and 2 in doc/CHANGES-&lt;whatever&gt;
+4. Tag the release or release candidate:
 
-4. <code>cvs -f rtag -a -rnetbsd-5 netbsd-5-0-RELEASE src xsrc</code>
+   <code>cvs -f rtag -a -rnetbsd-5 netbsd-5-0-RELEASE src xsrc</code>
 
    If something needs to be retagged after the fact:
 
@@ -84,11 +77,18 @@
    - <code>cvs tag -d netbsd-5-0-RELEASE &lt;file&gt;</code>
    - <code>cvs tag -rnetbsd-5 netbsd-5-0-RELEASE &lt;file&gt;</code>
 
-5. Add tag (netbsd-5-0-RELEASE) to <code>~builds/etc/archlist</code> on build.netbsd.org
-   Add tag to <code>AB_STICKY_TAG_LIST</code> in <code>~builds/etc/autobuild.conf</code>.  Note that
-   these files are revision controlled (<code>localsrc/releng/autobuild/etc</code>), so
-   the proper order is to commit your changes in localsrc and then cvs up
-   (it pulls from anoncvs@nbcvs) on build.netbsd.org.
+5. Add the tag for this release or release candidate to the autobuild config files.
+
+   First make the changes in localsrc:
+   - <code>localsrc/releng/autobuild/etc/autobuild.conf</code> (AB_STICKY_TAG_LIST)
+   - <code>localsrc/releng/autobuild/etc/archlist</code> (for whichever architectures are appropriate)
+
+   Then on build.netbsd.org, as the builds user:
+   <code>cd ~/etc</code>
+   <code>cvs up archlist autobuild.conf</code>
+
+   The following change doesn't need to be made in localsrc, because it'll disappear
+   on its own after the build completes.
 
 6. Add tag to <code>~builds/etc/build_order</code> like: <code>netbsd-5-0-RELEASE:N:N</code>
    This means the tag will only be built once, and it won't be uploaded
@@ -98,43 +98,56 @@
 7. Spend the next few hours worrying about some unforeseen or sporadic problem
    causing one or more ports to fail.  Cross your fingers and hope that you're
    spared the hassle.  If you're not so lucky, dig around and manually rebuild
-   a port, copying the build.sh line from logs, mainly to preserve the -B
-   flag's argument.
+   a port, copying the build.sh line from logs.
+
+8. Send mail to admins, asking them to create <code>/pub/NetBSD/NetBSD-&lt;release&gt;</code>, owned by builds:builds.
+
+9. Once the build is finished, manually create ISOs for macppc and mac68k.
+
+   The following stuff should be done on build.netbsd.org as the 'builds' user.
+   Needs cdrtools 2.01 (but not newer!).  The binary in ~/bin/mkisofs works.
+
+   <code>cd ~/scratch/src/distrib/cdrom</code> (a checkout of src from HEAD)
+
+   Copy and fiddle with some ridiculous .mk and .conf files, adjusting for
+   the relevant release.
+
+   Do the following, with a TARGET_CD_IMAGE value of macppccd and then mac68kcd.
+
+   <code>make MKISOFS=/home/builds/bin/mkisofs USETOOLS=no RELEASE=&lt;VERSION&gt; TARGET_CD_IMAGE=macppccd DISTRIBDIR=/home/builds/ab/netbsd-5-0-RC4/release/netbsd-5-0-RC4/200904142015Z all</code>
+
+   Copy resulting ISOs to the autobuild output directory under the images
+   subdirectory.  Rename them to NetBSD-mac{ppc,68k}-&lt;VERSION&gt;.iso.
+
+   Regenerate hashes for the ISOs:
+   <code>cksum -a md5 NetBSD* &gt; MD5</code>
+   <code>cksum -a sha512 NetBSD* &gt; SHA512</code>
 
-8. Create ISOs (macppc and mac68k).  See below for instructions.
-   Create hashes for ISOs (<code>cksum -a sha512 NetBSD* > SHA512</code>)
+10. rsync to nbftp.  It goes to a staging dir in /pub/NetBSD/misc/releng first.
 
-9. rsync to nbftp.  It goes to a staging dir in /pub/NetBSD/misc/releng first.
+    rsync -avu --progress --port 874 --password-file /home/builds/.rsync &lt;path-to-top-level-release-dir&gt; builds@ftp.netbsd.org::builds/
 
-        rsync -avu --progress --port 874 --password-file /home/builds/.rsync <path-to-top-level-release-dir> builds@ftp.netbsd.org::builds/
+    This will upload the files to <code>ftp.NetBSD.org:/pub/NetBSD/misc/releng/</code>.
 
-   This will upload the files to <code>ftp.NetBSD.org:/pub/NetBSD/misc/releng/</code>.
-   After that, get admins to create <code>/pub/NetBSD/NetBSD-&lt;release&gt;</code> and
-   <code>/pub/NetBSD/iso/&lt;release&gt;</code> directories for you, owned by builds:builds.
-   Once these have been made, move images/* to the iso directory and symlink to "iso" and "images" in the main release directory, and move the rest
-   to the main release directory.
+    As user 'builds' on nbftp:
+    <code>mkdir /pub/NetBSD/images/&lt;VERSION&gt;</code>
+    <code>cd /pub/NetBSD/misc/releng/&lt;top-level-of-release-directory&gt;</code>
+    <code>mv images/* /pub/NetBSD/images/&lt;VERISON&gt;/</code> 
+    <code>rmdir images</code>
+    <code>mv * /pub/NetBSD/&lt;VERSION&gt;/</code>
+    <code>cd /pub/NetBSD/&lt;VERSION&gt;</code>
+    <code>ln -s ../images/&lt;VERSION&gt; images</code>
+    <code>ln -s images iso</code>
 
-10. create torrents
+11. If this is a formal release, create torrents
 
-    In the images directory:
+    As user 'builds' on nbftp in the images subdirectory of the release tree:
 
         for i in NetBSD-* ; do
         maketorrent-console http://tracker.netbsd.org:6969/announce $i
         done
 
-11.    Get admins@ to add the torrent directory to <code>~torrent/runbt</code>.  
-    *NOTE FROM SPZ, 2010-11-15:*
-    >it turns out that bittorrent can't do more than one 'allowed_dir'.
-    >
-    >Thus, we now have /ftp/pub/NetBSD/torrent. Please keep the permissions
-    >so that mirrors can't read the contents, since the contents are duplicate.
-    >
-    >(This should go into releng docs probably:)
-    >If you add a file that should be picked up by torrents, put it and its
-    >torrent control file where it belongs and hard-link the two into the
-    >appropriate directory in the torrent tree.
-    >Please note that the torrent tree cannot be used to publish the torrent
-    >control file via http or ftp.
+    Hard link the torrents and image files to <code>/pub/NetBSD/torrent</code>.
 
 12. Get security-officer@ to sign binaries and ISOs.
     <code>localsrc/security/programs/rel-hashes.sh</code>
@@ -142,7 +155,18 @@
 13. Give mirror-maintainers@ a heads up that new release binaries are available.
     This should be done 3ish days prior to the expected announce date.
 
-14. Update the website.
+14. Update the website and wiki.
+
+   We now only provide a "changes in this release" summary in htdocs.
+   Basically, in htdocs/releases/formal-&lt;blah&gt;, copy the previous
+   release's XML files, adjust Makefile as necessary, and start the dull
+   process of adding content.  Beware that this is a soul-sucking task,
+   and you MUST RESIST THE TEMPTATION TO MENTION EVERY LITTLE CHANGE.  Try
+   to limit it to a list of things that people will be excited about.  Think
+   "what sells NetBSD?"  Release notes != changelog.
+
+   Don't forget to edit <code>htdocs/layout.xml</code> and add an entry for
+   the new page.
 
     - Commit release's HTML file in htdocs/releases/formal-&lt;blah&gt;
     - Update htdocs/share/xml/misc.ent (release.*)
@@ -162,8 +186,6 @@
     - Update htdocs/docs/index.xml
     - Top-level regen of everything
 
-15. Update the wiki.
-
     - Update [[wikisrc/releng.mdwn|releng]]
     - Update [[wikisrc/ports.mdwn|ports]] and [[wikisrc/ports/*.mdwn|ports]], e.g.:

(Diff truncated)
MOAR UNDERSCOARS!
Index: wikisrc/releng/release-prep.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/release-prep.mdwn,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42
--- wikisrc/releng/release-prep.mdwn	18 Apr 2018 19:37:07 -0000	1.41
+++ wikisrc/releng/release-prep.mdwn	18 Apr 2018 19:39:35 -0000	1.42
@@ -25,7 +25,7 @@
   and adding CHANGES-5.0 to README.files
 * Update doc-operating-system and doc-default-operating-system version
   numbers in external/gpl2/groff/tmac/mdoc.local
-* Update __NetBSD_Version__ (and the comment, which should be 5.0_BETA
+* Update \_\_NetBSD_Version\_\_ (and the comment, which should be 5.0_BETA
   at this point) in sys/sys/param.h
 * Create doc/CHANGES-5.0 and document the above changes
 * Commit

bah, markdown. hopefully display some underscores...
Index: wikisrc/releng/release-prep.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/release-prep.mdwn,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- wikisrc/releng/release-prep.mdwn	18 Apr 2018 19:35:11 -0000	1.40
+++ wikisrc/releng/release-prep.mdwn	18 Apr 2018 19:37:07 -0000	1.41
@@ -14,7 +14,7 @@
 
 * Add the newly created branch to doc/BRANCHES
 * Copy contents of doc/CHANGES to doc/CHANGES.prev and zero out doc/CHANGES
-* In sys/sys/param.h, bump __NetBSD_Version__ and its comment to 5.99.1
+* In sys/sys/param.h, bump \_\_NetBSD_Version\_\_ and its comment to 5.99.1
 * In external/gpl2/groff/tmac/mdoc.local, update doc-operating-system
   and doc-default-operating-system to the latest major version, and add
   an entry for the _next_ version (6.0 in this case)

start making this doc a bit more explicit. polish crap related to the
creation of a new major branch.
Index: wikisrc/releng/release-prep.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/release-prep.mdwn,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- wikisrc/releng/release-prep.mdwn	18 Apr 2018 05:34:56 -0000	1.39
+++ wikisrc/releng/release-prep.mdwn	18 Apr 2018 19:35:11 -0000	1.40
@@ -2,24 +2,36 @@
 
 ==========
 
-Creating a branch:
+CREATING A NEW MAJOR RELEASE BRANCH:
+
+When everything is settled on HEAD, create a base tag and then branch
+from that:
 
         cvs rtag -a netbsd-5-base xsrc src
         cvs rtag -a -b -rnetbsd-5-base netbsd-5 src xsrc
 
-On the newly-created branch:
+Then move HEAD forward:
+
+* Add the newly created branch to doc/BRANCHES
+* Copy contents of doc/CHANGES to doc/CHANGES.prev and zero out doc/CHANGES
+* In sys/sys/param.h, bump __NetBSD_Version__ and its comment to 5.99.1
+* In external/gpl2/groff/tmac/mdoc.local, update doc-operating-system
+  and doc-default-operating-system to the latest major version, and add
+  an entry for the _next_ version (6.0 in this case)
+
+For the first commit to the newly created release branch:
+
+* Adjust doc/README.files and doc/LAST_MINUTE, updating version numbers
+  and adding CHANGES-5.0 to README.files
+* Update doc-operating-system and doc-default-operating-system version
+  numbers in external/gpl2/groff/tmac/mdoc.local
+* Update __NetBSD_Version__ (and the comment, which should be 5.0_BETA
+  at this point) in sys/sys/param.h
+* Create doc/CHANGES-5.0 and document the above changes
+* Commit
 
-* Add doc/CHANGES-5.0
-* Adjust doc/README.files and doc/LAST_MINUTE 
-* Adjust external/gpl2/groff/tmac/mdoc.local and sys/sys/param.h
-* Comment out DIAGNOSTIC and DEBUG options in kernel configuration files.
-* Comment out -D_DIAGNOSTIC in lib/libc/Makefile.inc.
-
-On the trunk:
-
-* Update doc/BRANCHES
-* Move doc/CHANGES to CHANGES.prev
-* Update mdoc.local and param.h for .99.1.
+At this point, the new branch is ready to be announced and pullups can begin
+after admins have set up the new req queue and email aliases.
 
 ==========
 

modify groff/tmac/mdoc.local's location
Index: wikisrc/releng/release-prep.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/release-prep.mdwn,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -r1.38 -r1.39
--- wikisrc/releng/release-prep.mdwn	9 Aug 2017 06:08:23 -0000	1.38
+++ wikisrc/releng/release-prep.mdwn	18 Apr 2018 05:34:56 -0000	1.39
@@ -11,7 +11,7 @@
 
 * Add doc/CHANGES-5.0
 * Adjust doc/README.files and doc/LAST_MINUTE 
-* Adjust gnu/usr.bin/groff/tmac/mdoc.local and sys/sys/param.h
+* Adjust external/gpl2/groff/tmac/mdoc.local and sys/sys/param.h
 * Comment out DIAGNOSTIC and DEBUG options in kernel configuration files.
 * Comment out -D_DIAGNOSTIC in lib/libc/Makefile.inc.
 

sort fixed PRs to the top
Index: wikisrc/releng/netbsd8.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/netbsd8.mdwn,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -r1.47 -r1.48
--- wikisrc/releng/netbsd8.mdwn	16 Apr 2018 11:20:25 -0000	1.47
+++ wikisrc/releng/netbsd8.mdwn	16 Apr 2018 11:22:11 -0000	1.48
@@ -6,20 +6,20 @@
 
 * ~~[[!template id=pr number=53059]]: repeated nvmectl identify nvme0 locks up sytem~~ (done)
 
-* [[!template id=pr number=53016]]: Clock not stable
-
-* [[!template id=pr number=53017]]: Kernel panics every now and then with "fpusave_lwp: did not" message
-
 * ~~[[!template id=pr number=53043]]: deadlock on evbarm/TEGRA with netbsd-8~~ (done)
 
-* [[!template id=pr number=53053]]: non-MULTIPROCESSOR hangs building Go (still reproducable with newer go?)
-
 * ~~[[!template id=pr number=53072]]: netbsd-8 regression: startx (nv driver) crashes system~~ (done)
 
 * ~~[[!template id=pr number=53077]]: alpha panic: cpu_uarea_alloc: uvm_pglistalloc failed: 12~~ (done)
 
 * ~~[[!template id=pr number=53096]]: netbsd-8 crash on heavy disk I/O~~ (done)
 
+* [[!template id=pr number=53053]]: non-MULTIPROCESSOR hangs building Go (still reproducable with newer go?)
+
+* [[!template id=pr number=53016]]: Clock not stable
+
+* [[!template id=pr number=53017]]: Kernel panics every now and then with "fpusave_lwp: did not" message
+
 * [[!template id=pr number=53143]]: NetBSD 8 panic related to procfs (unclear?)
 
 * [[!template id=pr number=53155]]: Wedge after <12h uptime when >2 bnx network interfaces in use

Update to current state
Index: wikisrc/releng/netbsd8.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/netbsd8.mdwn,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -r1.46 -r1.47
--- wikisrc/releng/netbsd8.mdwn	14 Apr 2018 15:03:04 -0000	1.46
+++ wikisrc/releng/netbsd8.mdwn	16 Apr 2018 11:20:25 -0000	1.47
@@ -18,7 +18,7 @@
 
 * ~~[[!template id=pr number=53077]]: alpha panic: cpu_uarea_alloc: uvm_pglistalloc failed: 12~~ (done)
 
-* [[!template id=pr number=53096]]: netbsd-8 crash on heavy disk I/O (unclear, one-time only?)
+* ~~[[!template id=pr number=53096]]: netbsd-8 crash on heavy disk I/O~~ (done)
 
 * [[!template id=pr number=53143]]: NetBSD 8 panic related to procfs (unclear?)
 

hw.firmware -> hw.firmware.path
Index: wikisrc/security/cgdroot.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/cgdroot.mdwn,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- wikisrc/security/cgdroot.mdwn	14 Apr 2018 21:48:34 -0000	1.17
+++ wikisrc/security/cgdroot.mdwn	14 Apr 2018 21:50:47 -0000	1.18
@@ -71,7 +71,7 @@
 
 The biggest (known) issue with this setup occurs when firmware needs to be loaded early in the boot process (such as graphics drivers for the console). At the moment they need to be provided as part of the memory disk. Some network interfaces, of which some wireless devices in particular, also require loading firmware to work properly.
 
-Firmware that can be loaded later (e.g. microcode in `sysutils/intel-microcode-netbsd`) can be found only if the corresponding paths in the `hw.firmware` sysctl variable are adjusted to start with `/altroot`. 
+Firmware that can be loaded later (e.g. microcode in `sysutils/intel-microcode-netbsd` package) can be found only if the corresponding paths in the `hw.firmware.path` sysctl variable are adjusted to start with `/altroot`. 
 
 This setup is not entirely safe against physical attacks. An attacker can modify the boot process to store the passphrase for later retrieval, or insert a backdoor while booting. To defend against such attacks, the bootloader, kernel and ramdisk all need to be signed and their integrity checked before booting (e.g. with [[!template id=man name="tpm" section="4"]]). Alternatively, it is possible to boot from a removable medium (e.g. USB stick), which can be protected against tampering attacks (e.g. secure storage, read-only volume...).
 

Add a short paragraph about adjusting hw.firmware.
Index: wikisrc/security/cgdroot.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/cgdroot.mdwn,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- wikisrc/security/cgdroot.mdwn	23 Feb 2018 17:19:02 -0000	1.16
+++ wikisrc/security/cgdroot.mdwn	14 Apr 2018 21:48:34 -0000	1.17
@@ -71,6 +71,8 @@
 
 The biggest (known) issue with this setup occurs when firmware needs to be loaded early in the boot process (such as graphics drivers for the console). At the moment they need to be provided as part of the memory disk. Some network interfaces, of which some wireless devices in particular, also require loading firmware to work properly.
 
+Firmware that can be loaded later (e.g. microcode in `sysutils/intel-microcode-netbsd`) can be found only if the corresponding paths in the `hw.firmware` sysctl variable are adjusted to start with `/altroot`. 
+
 This setup is not entirely safe against physical attacks. An attacker can modify the boot process to store the passphrase for later retrieval, or insert a backdoor while booting. To defend against such attacks, the bootloader, kernel and ramdisk all need to be signed and their integrity checked before booting (e.g. with [[!template id=man name="tpm" section="4"]]). Alternatively, it is possible to boot from a removable medium (e.g. USB stick), which can be protected against tampering attacks (e.g. secure storage, read-only volume...).
 
 It is also possible to boot a Xen DOM0 system with root filesystem encryption. However, Xen-enabled NetBSD kernels currently do not support loading modules at boot-time. The memory disk has to be placed directly inside the kernel instead (with [[!template id=man name="mdconfig" section="8"]] or a new kernel configuration).

SMAP done
Index: wikisrc/releng/netbsd8.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/netbsd8.mdwn,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -r1.45 -r1.46
--- wikisrc/releng/netbsd8.mdwn	12 Apr 2018 05:59:35 -0000	1.45
+++ wikisrc/releng/netbsd8.mdwn	14 Apr 2018 15:03:04 -0000	1.46
@@ -42,7 +42,7 @@
 
 * ~~Spectre fix~~ (done)
 
-* SMAP
+* ~~SMAP~~ (done)
   + ~~Requires x86_hotpatch.~~ (done)
 
 * ~~pmap/pool changes~~ (done)

kill extra ']'
Index: wikisrc/ports.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/ports.mdwn,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- wikisrc/ports.mdwn	19 Mar 2018 04:46:32 -0000	1.14
+++ wikisrc/ports.mdwn	14 Apr 2018 03:21:15 -0000	1.15
@@ -134,7 +134,7 @@
 m68k		|II		|[[amiga]] [[atari]] [[cesfic]] [[hp300]] [[luna68k]] [[mac68k]] [[mvme68k]] [[news68k]] [[next68k]] [[sun3]] [[x68k]]
 mipseb		|I, II		|[[emips]] [[evbmips]] [[ews4800mips]] [[mipsco]] [[newsmips]] [[sbmips]] [[sgimips]]
 mipsel		|I, II		|[[algor]] [[arc]] [[cobalt]] [[evbmips]] [[hpcmips]] [[pmax]] [[sbmips]]
-powerpc		|I, II		|[[amigappc]] [[bebox]] [[evbppc]] [[ibmnws]] [[macppc]] [[mvmeppc]] [[ofppc]] [[prep]]] [[rs6000]] [[sandpoint]]
+powerpc		|I, II		|[[amigappc]] [[bebox]] [[evbppc]] [[ibmnws]] [[macppc]] [[mvmeppc]] [[ofppc]] [[prep]] [[rs6000]] [[sandpoint]]
 [[sh3eb|sh3]]	|II		|[[evbsh3]] [[mmeye]]
 [[sh3el|sh3]]	|II		|[[dreamcast]] [[evbsh3]] [[landisk]] [[hpcsh]]
 sparc		|II		|[[sparc]]

mmh use correct format
Index: wikisrc/security/meltdown_spectre.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/meltdown_spectre.mdwn,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- wikisrc/security/meltdown_spectre.mdwn	12 Apr 2018 06:01:34 -0000	1.25
+++ wikisrc/security/meltdown_spectre.mdwn	12 Apr 2018 06:02:40 -0000	1.26
@@ -26,11 +26,11 @@
 
 [[!table data="""
 Port		|Vendor/Model	|Spectre (V2)	|NetBSD-7	|NetBSD-8	|NetBSD-current
-amd64		|Intel		|Vulnerable	|Not fixed	|[MitigD]	|Fixed [MitigB] [MitigD]
-amd64		|AMD		|Vulnerable	|Not fixed	|[MitigD]	|Fixed [MitigC] [MitigD]
+amd64		|Intel		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigB] [MitigD]
+amd64		|AMD		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigC] [MitigD]
 amd64		|VIA		|Unknown	|		|		|
-i386		|Intel		|Vulnerable	|Not fixed	|[MitigD]	|Fixed [MitigD]
-i386		|AMD		|Vulnerable	|Not fixed	|[MitigD]	|Fixed [MitigC] [MitigD]
+i386		|Intel		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigD]
+i386		|AMD		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigC] [MitigD]
 i386		|VIA		|Unknown	|		|		|
 mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed

retpoline on NetBSD-8
Index: wikisrc/security/meltdown_spectre.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/meltdown_spectre.mdwn,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- wikisrc/security/meltdown_spectre.mdwn	8 Apr 2018 09:06:10 -0000	1.24
+++ wikisrc/security/meltdown_spectre.mdwn	12 Apr 2018 06:01:34 -0000	1.25
@@ -26,11 +26,11 @@
 
 [[!table data="""
 Port		|Vendor/Model	|Spectre (V2)	|NetBSD-7	|NetBSD-8	|NetBSD-current
-amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigB] [MitigD]
-amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigC] [MitigD]
+amd64		|Intel		|Vulnerable	|Not fixed	|[MitigD]	|Fixed [MitigB] [MitigD]
+amd64		|AMD		|Vulnerable	|Not fixed	|[MitigD]	|Fixed [MitigC] [MitigD]
 amd64		|VIA		|Unknown	|		|		|
-i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigD]
-i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigC] [MitigD]
+i386		|Intel		|Vulnerable	|Not fixed	|[MitigD]	|Fixed [MitigD]
+i386		|AMD		|Vulnerable	|Not fixed	|[MitigD]	|Fixed [MitigC] [MitigD]
 i386		|VIA		|Unknown	|		|		|
 mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed

Spectre fix done (retpoline).
Index: wikisrc/releng/netbsd8.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/netbsd8.mdwn,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- wikisrc/releng/netbsd8.mdwn	6 Apr 2018 08:15:24 -0000	1.44
+++ wikisrc/releng/netbsd8.mdwn	12 Apr 2018 05:59:35 -0000	1.45
@@ -40,7 +40,7 @@
   + ~~Requires x86_hotpatch.~~ (done)
   + ~~Requires __HAVE_PCPU_AREA.~~ (done)
 
-* Spectre fix
+* ~~Spectre fix~~ (done)
 
 * SMAP
   + ~~Requires x86_hotpatch.~~ (done)

mark this as done_by ..
I don't know who did it, but it's good to mark it as done.
Members: 
	projects/project/virtual-box-guest-tools.mdwn:1.8->1.9 

Index: wikisrc/projects/project/virtual-box-guest-tools.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/projects/project/virtual-box-guest-tools.mdwn,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- wikisrc/projects/project/virtual-box-guest-tools.mdwn	20 Feb 2015 19:32:00 -0000	1.8
+++ wikisrc/projects/project/virtual-box-guest-tools.mdwn	9 Apr 2018 17:19:11 -0000	1.9
@@ -14,6 +14,7 @@
 category="kernel"
 difficulty="medium"
 duration="3 months"
+done_by="..."
 
 description="""
 NOTE: this project has been partly completed during GSoC 2013, the remaining cleanup work and tidying is likely not enough work for another GSoC!

i386-AMD also has retpoline
Index: wikisrc/security/meltdown_spectre.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/meltdown_spectre.mdwn,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- wikisrc/security/meltdown_spectre.mdwn	8 Apr 2018 09:01:37 -0000	1.23
+++ wikisrc/security/meltdown_spectre.mdwn	8 Apr 2018 09:06:10 -0000	1.24
@@ -30,7 +30,7 @@
 amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigC] [MitigD]
 amd64		|VIA		|Unknown	|		|		|
 i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigD]
-i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigC]
+i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigC] [MitigD]
 i386		|VIA		|Unknown	|		|		|
 mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed

add retpoline
Index: wikisrc/security/meltdown_spectre.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/meltdown_spectre.mdwn,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- wikisrc/security/meltdown_spectre.mdwn	5 Apr 2018 08:46:42 -0000	1.22
+++ wikisrc/security/meltdown_spectre.mdwn	8 Apr 2018 09:01:37 -0000	1.23
@@ -26,10 +26,10 @@
 
 [[!table data="""
 Port		|Vendor/Model	|Spectre (V2)	|NetBSD-7	|NetBSD-8	|NetBSD-current
-amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigB]
-amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigC]
+amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigB] [MitigD]
+amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigC] [MitigD]
 amd64		|VIA		|Unknown	|		|		|
-i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigD]
 i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigC]
 i386		|VIA		|Unknown	|		|		|
 mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
@@ -77,6 +77,11 @@
 automatically. It can be dynamically disabled by changing the
 "machdep.spectre_v2.mitigated" sysctl.
 
+### Mitigation D: Retpoline
+
+SpectreV2 is mitigated in the kernel with the GCC "retpoline" compilation
+flag, which is enabled by default in GENERIC.
+
 ## External Resources
 
 * [MIPS Blog Post](https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/)

Add PR 53161
Index: wikisrc/releng/netbsd8.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/netbsd8.mdwn,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- wikisrc/releng/netbsd8.mdwn	4 Apr 2018 16:55:13 -0000	1.43
+++ wikisrc/releng/netbsd8.mdwn	6 Apr 2018 08:15:24 -0000	1.44
@@ -24,6 +24,8 @@
 
 * [[!template id=pr number=53155]]: Wedge after <12h uptime when >2 bnx network interfaces in use
 
+* [[!template id=pr number=53161]]: ATF test runs leave a rump_server process around
+
 ## [Test runs](http://releng.netbsd.org/test-results.html)
 
 * ~~[martin's ARM machine invokes ctfconvert unsuccessfully]~~ (done)

NetBSD 7 and 8 still use netbsd.bin.
Index: wikisrc/ports/evbarm/raspberry_pi.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/ports/evbarm/raspberry_pi.mdwn,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -r1.68 -r1.69
--- wikisrc/ports/evbarm/raspberry_pi.mdwn	5 Apr 2018 11:52:08 -0000	1.68
+++ wikisrc/ports/evbarm/raspberry_pi.mdwn	5 Apr 2018 13:27:58 -0000	1.69
@@ -143,7 +143,7 @@
           /Users/feyrer/work/NetBSD/cvs/src-current/obj.evbarm-Darwin-XXX/sys/arch/evbarm/compile/RPI2/netbsd
          ...
 
- - Besides the "netbsd" kernel in ELF format, there is also a "netbsd.img" kernel that is in a format that the Raspberry can boot.
+ - Besides the "netbsd" kernel in ELF format, there is also a "netbsd.img" (for current) or "netbsd.bin" (for 7 and 8) kernel that is in a format that the Raspberry can boot.
  - Depending on your hardware version, copy this either to /boot/kernel.img (First generation Pi, Pi Zero hardware) or to /boot/kernel7.img (Pi 2, Pi 3 hardware)
  - reboot
 

Kernel image for Raspberry Pi is "netbsd.img", not "netbsd.bin".
Index: wikisrc/ports/evbarm/raspberry_pi.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/ports/evbarm/raspberry_pi.mdwn,v
retrieving revision 1.67
retrieving revision 1.68
diff -u -r1.67 -r1.68
--- wikisrc/ports/evbarm/raspberry_pi.mdwn	19 Dec 2017 12:01:42 -0000	1.67
+++ wikisrc/ports/evbarm/raspberry_pi.mdwn	5 Apr 2018 11:52:08 -0000	1.68
@@ -143,7 +143,7 @@
           /Users/feyrer/work/NetBSD/cvs/src-current/obj.evbarm-Darwin-XXX/sys/arch/evbarm/compile/RPI2/netbsd
          ...
 
- - Besides the "netbsd" kernel in ELF format, there is also a "netbsd.bin" kernel that is in a format that the Raspberry can boot.
+ - Besides the "netbsd" kernel in ELF format, there is also a "netbsd.img" kernel that is in a format that the Raspberry can boot.
  - Depending on your hardware version, copy this either to /boot/kernel.img (First generation Pi, Pi Zero hardware) or to /boot/kernel7.img (Pi 2, Pi 3 hardware)
  - reboot
 

Remove note about unstable microcode updates; they are stable now.
Index: wikisrc/security/meltdown_spectre.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/meltdown_spectre.mdwn,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- wikisrc/security/meltdown_spectre.mdwn	5 Apr 2018 08:44:56 -0000	1.21
+++ wikisrc/security/meltdown_spectre.mdwn	5 Apr 2018 08:46:42 -0000	1.22
@@ -86,5 +86,4 @@
 ## Notes
 
 * VIA Technologies did not issue any statement regarding their CPUs. It is not currently known whether they are affected.
-* For Spectre Variant 2, neither Intel, nor AMD, has issued a stable microcode update.
 

DIS_IND for i386.
Index: wikisrc/security/meltdown_spectre.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/meltdown_spectre.mdwn,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- wikisrc/security/meltdown_spectre.mdwn	4 Apr 2018 16:53:18 -0000	1.20
+++ wikisrc/security/meltdown_spectre.mdwn	5 Apr 2018 08:44:56 -0000	1.21
@@ -30,7 +30,7 @@
 amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigC]
 amd64		|VIA		|Unknown	|		|		|
 i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigC]
 i386		|VIA		|Unknown	|		|		|
 mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed

Mark "Meltdown fix" as done.
Index: wikisrc/releng/netbsd8.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/netbsd8.mdwn,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- wikisrc/releng/netbsd8.mdwn	4 Apr 2018 15:47:42 -0000	1.42
+++ wikisrc/releng/netbsd8.mdwn	4 Apr 2018 16:55:13 -0000	1.43
@@ -34,7 +34,7 @@
 
 ## Functionality backport
 
-* Meltdown fix
+* ~~Meltdown fix~~ (done)
   + ~~Requires x86_hotpatch.~~ (done)
   + ~~Requires __HAVE_PCPU_AREA.~~ (done)
 

NetBSD-8 has SVS.
Index: wikisrc/security/meltdown_spectre.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/meltdown_spectre.mdwn,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- wikisrc/security/meltdown_spectre.mdwn	4 Apr 2018 13:05:14 -0000	1.19
+++ wikisrc/security/meltdown_spectre.mdwn	4 Apr 2018 16:53:18 -0000	1.20
@@ -43,7 +43,7 @@
 
 [[!table data="""
 Port		|Vendor/Model	|Meltdown (V3)	|NetBSD-7	|NetBSD-8	|NetBSD-current
-amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigA]
+amd64		|Intel		|Vulnerable	|Not fixed	|Fixed [MitigA]	|Fixed [MitigA]
 amd64		|AMD		|Not vulnerable	|		|		|
 amd64		|VIA		|Unknown	|		|		|
 i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed

Note PR 53155.
Index: wikisrc/releng/netbsd8.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/netbsd8.mdwn,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42
--- wikisrc/releng/netbsd8.mdwn	30 Mar 2018 11:04:12 -0000	1.41
+++ wikisrc/releng/netbsd8.mdwn	4 Apr 2018 15:47:42 -0000	1.42
@@ -22,6 +22,8 @@
 
 * [[!template id=pr number=53143]]: NetBSD 8 panic related to procfs (unclear?)
 
+* [[!template id=pr number=53155]]: Wedge after <12h uptime when >2 bnx network interfaces in use
+
 ## [Test runs](http://releng.netbsd.org/test-results.html)
 
 * ~~[martin's ARM machine invokes ctfconvert unsuccessfully]~~ (done)

Mark SpectreV2 as fixed on current-amd64, and list the two mitigation
methods available.
Index: wikisrc/security/meltdown_spectre.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/security/meltdown_spectre.mdwn,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- wikisrc/security/meltdown_spectre.mdwn	16 Mar 2018 10:08:00 -0000	1.18
+++ wikisrc/security/meltdown_spectre.mdwn	4 Apr 2018 13:05:14 -0000	1.19
@@ -26,8 +26,8 @@
 
 [[!table data="""
 Port		|Vendor/Model	|Spectre (V2)	|NetBSD-7	|NetBSD-8	|NetBSD-current
-amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
-amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
+amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigB]
+amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigC]
 amd64		|VIA		|Unknown	|		|		|
 i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
 i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
@@ -63,6 +63,20 @@
 Meltdown is mitigated with the SVS feature. It can be dynamically disabled
 by changing the "machdep.svs.enabled" sysctl.
 
+### Mitigation B: Intel IBRS
+
+SpectreV2 can be mitigated with the IBRS method (Intel only for now). If
+the CPU supports this method, it is used automatically. It can be
+dynamically disabled by changing the "machdep.spectre_v2.mitigated"
+sysctl.
+
+### Mitigation C: AMD DIS_IND
+
+SpectreV2 can be mitigated with the DIS_IND method, available only on a
+few AMD families. If the CPU supports this method, it is used
+automatically. It can be dynamically disabled by changing the
+"machdep.spectre_v2.mitigated" sysctl.
+
 ## External Resources
 
 * [MIPS Blog Post](https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/)

minor updates
Index: wikisrc/releng/netbsd8.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/releng/netbsd8.mdwn,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- wikisrc/releng/netbsd8.mdwn	23 Mar 2018 10:15:30 -0000	1.40
+++ wikisrc/releng/netbsd8.mdwn	30 Mar 2018 11:04:12 -0000	1.41
@@ -12,13 +12,15 @@
 
 * ~~[[!template id=pr number=53043]]: deadlock on evbarm/TEGRA with netbsd-8~~ (done)
 
-* [[!template id=pr number=53053]]: non-MULTIPROCESSOR hangs building Go
+* [[!template id=pr number=53053]]: non-MULTIPROCESSOR hangs building Go (still reproducable with newer go?)
 
 * ~~[[!template id=pr number=53072]]: netbsd-8 regression: startx (nv driver) crashes system~~ (done)
 
 * ~~[[!template id=pr number=53077]]: alpha panic: cpu_uarea_alloc: uvm_pglistalloc failed: 12~~ (done)
 
-* [[!template id=pr number=53096]]: netbsd-8 crash on heavy disk I/O (wd0)
+* [[!template id=pr number=53096]]: netbsd-8 crash on heavy disk I/O (unclear, one-time only?)
+
+* [[!template id=pr number=53143]]: NetBSD 8 panic related to procfs (unclear?)
 
 ## [Test runs](http://releng.netbsd.org/test-results.html)
 

Index: wikisrc/users/maya/release-notes-8-draft.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/users/maya/release-notes-8-draft.mdwn,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- wikisrc/users/maya/release-notes-8-draft.mdwn	23 Mar 2018 22:08:32 -0000	1.9
+++ wikisrc/users/maya/release-notes-8-draft.mdwn	23 Mar 2018 22:12:33 -0000	1.10
@@ -28,6 +28,7 @@
 * made part of the network stack MP-safe
   * NET_MPSAFE kernel option is required to try
   * Only the components listed below are MP-safe for now
+* WAPBL stability and performance improvements
 
 Custom:
 
@@ -99,7 +100,6 @@
 * nvme(4), a driver for NVMe hardware, ported from OpenBSD
 * nouveau, an open source driver for modern nVidia graphics, ported from linux, available by default.
    (this is at the bottom because we mentioned it in 7.1 too)
-* WAPBL stability and performance improvements
 
 Third party software:
 

Index: wikisrc/users/maya/release-notes-8-draft.mdwn
===================================================================
RCS file: /cvsroot/wikisrc/users/maya/release-notes-8-draft.mdwn,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- wikisrc/users/maya/release-notes-8-draft.mdwn	6 Mar 2018 16:13:24 -0000	1.8
+++ wikisrc/users/maya/release-notes-8-draft.mdwn	23 Mar 2018 22:08:32 -0000	1.9
@@ -99,6 +99,7 @@
 * nvme(4), a driver for NVMe hardware, ported from OpenBSD
 * nouveau, an open source driver for modern nVidia graphics, ported from linux, available by default.
    (this is at the bottom because we mentioned it in 7.1 too)
+* WAPBL stability and performance improvements
 
 Third party software:
 

Add a comment
Contact | Disclaimer | Copyright © 1994-2018 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
NetBSD® is a registered trademark of The NetBSD Foundation, Inc.