This patch to BTX fixes several small things:

1) Fix a bug in the int15 function 87 emulation where we only copied half
   of what the BIOS asked for.  This caused the Mylex RAID adapter to go
   haywire and start trashing memory when you tried to boot from it.
2) Don't use interrupt 19 to reboot.  Instead, set the reboot flag to a warm
   boot and jump to the BIOS's reboot handler.  int 19 doesn't clear memory
   or restore the interrupt vector table, and thus really isn't safe.  For
   example, when booting off of PXE, the PXE BIOS eats up a chunk of memory
   for its internal data and structures.  Since we rebooted via int 19,
   using the 'reboot' command in the loader resulted in that memory not
   being reclaimed by the BIOS.  Thus, after a few PXE boots, the system
   was out of lower memory.
3) Catch any int 19 calls made by a BTX client or a user pressing
   Ctrl-Alt-Delete and shutdown BTX and reboot the machine cleanly.  This
   fixes Ctrl-Alt-Delete in the loader and in boot2 instead of presenting
   the user with a BTX fault.

Approved by:	jkh
Found by:	1) by msmith

sys/boot/i386/btx/btx/btx.S

@@ -78,8 +78,10 @@
 # BIOS Data Area locations.
 #
 		.set BDA_MEM,0x413		# Free memory
+		.set BDA_KEYFLAGS,0x417		# Keyboard shift-state flags
 		.set BDA_SCR,0x449		# Video mode
 		.set BDA_POS,0x450		# Cursor position
+		.set BDA_BOOT,0x472		# Boot howto flag
 #
 # Derivations, for brevity.
 #
@@ -290,7 +292,10 @@ exit.2: 	xorl %eax,%eax			# Real mode segment
 		sti				# Enable interrupts
 		tstbim(0x1,btx_hdr+0x7)		# Reboot?
 exit.3:		jz exit.3			# No
-		int $0x19			# BIOS: Reboot
+		.code16
+		movw $0x1234, BDA_BOOT		# Do a warm boot
+		jmpfwi(0xffff,0x0)		# reboot the machine
+		.code32
 #
 # Set IRQ offsets by reprogramming 8259A PICs.
 #
@@ -590,6 +595,8 @@ int15_87:	pushl %eax			# Save
 		pushl %ecx			# stash ECX
 		xorl %ecx,%ecx			# highw of ECX is clear
 		movw 0x18(%ebp),%cx		# Get user's ECX
+		shll $0x1,%ecx			# Convert from num words to num
+						#  bytes
 		rep				# repeat...
 		movsb				#  perform copy.
 		popl %ecx			# Restore
@@ -602,20 +609,36 @@ int15_87:	pushl %eax			# Save
 		andb $0xfe,%dl			# clear CF
 		jmp v86mon.5			# Finish up
 
+#
+# Reboot the machine by setting the reboot flag and exiting
+#
+reboot:		orb $0x1,btx_hdr+0x7		# Set the reboot flag
+		jmp exit			# Terminate BTX and reboot
+
 #
 # Emulate INT imm8... also make sure to check if it's int 15/87
 #
 v86intn:	lodsb				# Get int no
+		cmpb $0x19,%al			# is it int 19?
+		je reboot			#  yes, reboot the machine
 		cmpb $0x15,%al			# is it int 15?
-		jne v86intn.2			#  no, skip parse
+		jne v86intn.3			#  no, skip parse
 		pushl %eax                      # stash EAX
 		movl 0x1c(%ebp),%eax		# user's saved EAX
-		cmpb $0x87,%ah			# is it our sub function?
-		jne v86intn.1			#  no, don't handle it
+		cmpb $0x87,%ah			# is it the memcpy subfunction?
+		jne v86intn.1			#  no, keep checking
 		popl %eax			# get the stack straight
 		jmp int15_87			# it's our cue
-v86intn.1:	popl %eax			# restore EAX
-v86intn.2:	subl %edi,%esi			# From
+v86intn.1:	cmpw $0x4f53,%ax		# is it the delete key callout?
+		jne v86intn.2			#  no, handle the int normally
+		movb BDA_KEYFLAGS,%al		# get the shift key state
+		andb $0xc,%al			# mask off just Ctrl and Alt
+		cmpb $0xc,%al			# are both Ctrl and Alt down?
+		jne v86intn.2			#  no, handle the int normally
+		popl %eax			# restore EAX
+		jmp reboot			# reboot the machine
+v86intn.2:	popl %eax			# restore EAX
+v86intn.3:	subl %edi,%esi			# From
 		shrl $0x4,%edi			#  linear
 		movw %dx,-0x2(%ebx)		# Save flags
 		movw %di,-0x4(%ebx)		# Save CS

sys/boot/i386/btx/btx/btx.s

@@ -78,8 +78,10 @@
 # BIOS Data Area locations.
 #
 		.set BDA_MEM,0x413		# Free memory
+		.set BDA_KEYFLAGS,0x417		# Keyboard shift-state flags
 		.set BDA_SCR,0x449		# Video mode
 		.set BDA_POS,0x450		# Cursor position
+		.set BDA_BOOT,0x472		# Boot howto flag
 #
 # Derivations, for brevity.
 #
@@ -290,7 +292,10 @@ exit.2: 	xorl %eax,%eax			# Real mode segment
 		sti				# Enable interrupts
 		tstbim(0x1,btx_hdr+0x7)		# Reboot?
 exit.3:		jz exit.3			# No
-		int $0x19			# BIOS: Reboot
+		.code16
+		movw $0x1234, BDA_BOOT		# Do a warm boot
+		jmpfwi(0xffff,0x0)		# reboot the machine
+		.code32
 #
 # Set IRQ offsets by reprogramming 8259A PICs.
 #
@@ -590,6 +595,8 @@ int15_87:	pushl %eax			# Save
 		pushl %ecx			# stash ECX
 		xorl %ecx,%ecx			# highw of ECX is clear
 		movw 0x18(%ebp),%cx		# Get user's ECX
+		shll $0x1,%ecx			# Convert from num words to num
+						#  bytes
 		rep				# repeat...
 		movsb				#  perform copy.
 		popl %ecx			# Restore
@@ -602,20 +609,36 @@ int15_87:	pushl %eax			# Save
 		andb $0xfe,%dl			# clear CF
 		jmp v86mon.5			# Finish up
 
+#
+# Reboot the machine by setting the reboot flag and exiting
+#
+reboot:		orb $0x1,btx_hdr+0x7		# Set the reboot flag
+		jmp exit			# Terminate BTX and reboot
+
 #
 # Emulate INT imm8... also make sure to check if it's int 15/87
 #
 v86intn:	lodsb				# Get int no
+		cmpb $0x19,%al			# is it int 19?
+		je reboot			#  yes, reboot the machine
 		cmpb $0x15,%al			# is it int 15?
-		jne v86intn.2			#  no, skip parse
+		jne v86intn.3			#  no, skip parse
 		pushl %eax                      # stash EAX
 		movl 0x1c(%ebp),%eax		# user's saved EAX
-		cmpb $0x87,%ah			# is it our sub function?
-		jne v86intn.1			#  no, don't handle it
+		cmpb $0x87,%ah			# is it the memcpy subfunction?
+		jne v86intn.1			#  no, keep checking
 		popl %eax			# get the stack straight
 		jmp int15_87			# it's our cue
-v86intn.1:	popl %eax			# restore EAX
-v86intn.2:	subl %edi,%esi			# From
+v86intn.1:	cmpw $0x4f53,%ax		# is it the delete key callout?
+		jne v86intn.2			#  no, handle the int normally
+		movb BDA_KEYFLAGS,%al		# get the shift key state
+		andb $0xc,%al			# mask off just Ctrl and Alt
+		cmpb $0xc,%al			# are both Ctrl and Alt down?
+		jne v86intn.2			#  no, handle the int normally
+		popl %eax			# restore EAX
+		jmp reboot			# reboot the machine
+v86intn.2:	popl %eax			# restore EAX
+v86intn.3:	subl %edi,%esi			# From
 		shrl $0x4,%edi			#  linear
 		movw %dx,-0x2(%ebx)		# Save flags
 		movw %di,-0x4(%ebx)		# Save CS