I belive this is a bug in all of the existing netbsd-powerpc ports.

in cpu_switch(), there are two ways to get to switch_return.
The first is via a "beq" (line 555 of macppc locore.S in NetBSD-current),
where we jump there if we don't need to change curproc.  It appears as
though R4 will be bogus at that point (it'll be the top half of the
curproc pointer), so the attempt to call lcsplx with the value it
returned previously (see line 623 of macppc locore.S in NetBSD-current)
doesn't actually work. (it's passed garbage)

In the other case (fallthrough into switch_return), R4 is set to
"curproc->p_addr", which is really a pointer to the pcb for the
current process.  In this case, PCB_SPL(4) makes sense.

-Tad