is NULL. That's more correct and doesn't depend on the error behavior
of utf8_to_ucs2. In practice, we'll never see this though since we
pass utf8_to_ucs2 a well formed string.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D13918
and utf8_to_ucs2, be sure to NULL out the return pointer too, rather
than return a pointer to free memory.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D13917
utf8_to_ucs2 in boot1.efi. We need to initialise the ucs2 output string
so it will allocate space, and use the return value to determine if the
call was successful.
Reviewed by: imp
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D13915
If fdt_overlay_apply fails at some stage to apply the overlay to the base,
both the base and overlay may be in an inconsistent state (some fixups
applied, some phandles adjusted, some symbols merged). These can be bad for
a number of reasons, to include user frustration if some fixups applied and
not others. Fail a little safer by making a clean copy of the base FDT for
every overlay that we can simply discard if things go awry.
This also allows us the luxury of simply discarding overlays if we hit some
kind of memory limit or if they're malformed and extremely large for some
reason. We'll now leave a nice error message indicating that some overlays
could not be applied due to size restrictions and we apply what we can.
I note that our overlay implementation has some flaws that might still leave
your system in an unbootable state even if an overlay applies correctly;
please exercise caution in using overlays until we can swap it out for
libfdt's implementation.
Tested on: BananaPi-M3 (armv7)
Tested on: Pine64 (aarch64)
Differential Revision: https://reviews.freebsd.org/D13709
Use simple "foo" rather than "${.CURDIR}/foo" to include Makefile.fat
since the former works when including this Makefile from else
where. Also, use full path from ${BOOTSRC} to the FAT templates for
similar reasons. It doesn't change anything in base FreeBSD, but
allows us to have a custom boot1.efi more easily (though that will be
short-lived for us, it may also be helpful for others).
Sponsored by: Netflix
ifuncs can be only called in the (early boot) kernel environment, so
postpone resolving until early stage of the kernel boot. This commit
is performed in advance to make loaders on most machines updated
before ifuncs appear in the kernels.
Reviewed by: emaste, jhb
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D13838
In the freestanding boot compile environment, standard headers are not
available. Curiously, only building with clang exposed this as compiles
with external GCC still succeeded.
Sponsored by: DARPA / AFRL
The __dmadat variable is a statically allocated I/O buffer. The type is
declared in the ufsread.c source file and clang warns if a variable is
defined before it's type is declared.
Sponsored by: DARPA / AFRL
The beri boot loaders depend on symbols defined in linker scripts or
assembly files. The boot loaders do not care about the type of these
symbols but just want to extract a pointer to them. Older versions of
GCC permitted external symbols to be declared of type 'void' and then
'&foo' generated a void pointer to the memory at the symbol's address.
However, void objects are not valid C and newer versions of GCC error if
these are used. Instead, declare these symbols as being bytes (or
an array of bytes in the cheri_sdcard_vaddr case).
Sponsored by: DARPA / AFRL
Prior to r325114, bsd.init.mk was included after assignments to CFLAGS and
LDFLAGS in these Makefiles. After r325114, bare assignments (= rather than
+=) lost system-assigned default values that are needed when compiling with
an external toolchain. CFLAGS in both Makefiles already uses +=. This
commit changes LDFLAGS to use +=. While here, depend on the LDFLAGS update
in the parent Makefile.inc to set -nostdlib.
Sponsored by: DARPA / AFRL
bool indicating whether the input value represents a valid BCD byte.
The existing bcd2bin() routine will KASSERT if asked to convert a bad value,
but sometimes the kernel has to handle BCD data from untrusted sources, so
this will provide a mechanism to validate data before attempting conversion.
This would be have easier/cleaner if the bcd2bin_data[] array contained an
out-of-range value (such as 0xff) in the infill locations that aren't valid,
but it's a global symbol that might be referenced by out-of-tree code
relying on the current scheme, so I'm leaving that alone.
libfdt will assume a writable fdt overlay blob has been passed in, so make
ours compatible to allow easier review when we try to drop libfdt into
place. overlay from the calling context is writable, making it safe to
simply rip out everything related to copying the overlay blob in
fdt_overlay_apply.
I note here that we still have problems: fdt_overlay_apply, both our version
and libfdt's, may fail and have already clobbered the base fdt to some
extent. Future work will make sure we don't apply a potentially bogus fdt,
instead discarding the base fdt if we had an error.
Reviewed by: gonzo
Differential Revision: https://reviews.freebsd.org/D13695
strnlen is not used at the moment, but it will be when libfdt gets updated.
Prepare for the not-so-distant future by pulling in strnlen.
Noticed because: segfault in ld.bfd due to strnlen missing
libfdt.h should be included before fdt.h, as hinted at by all of libfdt/;
standard include order being libfdt.h, libfdt_env.h, fdt.h.
The current include order also causes problems when libfdt gets updated, as
fdt.h requires some definitions from libfdt.h.
Differential Revision: https://reviews.freebsd.org/D13688
loader, but not compile as loader (it's building a library), so we
can't just include loader.mk for the defines. Move LOADER_DISK_SUPPORT
back to defs.mk for the moment.
Sponsored by: Netflix
Overlays were previously not applied when U-Boot provides FDT or EFI
provides FDT, only when we load FDT from /boot/dtb given name from U-Boot.
Make all three paths lead to loading fdt_overlays and applying them, so that
fdt_overlays can be expected to Just Work.
Reviewed by: gonzo, imp, manu
Differential Revision: https://reviews.freebsd.org/D13664
In the case of a simple dtbo where fragment uses target-path and the overlay
contains no references, /__fixups__ will not be included by either our dtc
or dtc from ports, but the file still has valid fragments to be applied.
Additional testing found that /__symbols__ might also be omitted if it's
empty, which is not necessarily an error.
Reviewed by: gonzo, imp
Differential Revision: https://reviews.freebsd.org/D13663
fdt_load_dtb_overlays was written to unload previous overlay when a new
valid one is come across. fdt_apply_overlays further down is written to
iterate over all .dtbo's currently loaded and apply them one-by-one. Correct
fdt_load_dtb_overlays to stop dropping valid overlays that were previously
loaded and match expectations.
Reviewed by: gonzo, imp
Differential Revision: https://reviews.freebsd.org/D13659
This patch allows to scan all display modes in boot1 as loader does.
Before system tried to select optimal display mode by sequential scan of
modes and if error then stop scanning. This way is not good, because
if mode N is not present, mode N+1 may exist.
In loader we use conout->Mode->MaxMode to identify maximum number of modes.
This commit is to use same way in boot1 as in loader.
Reported by: Andrey Pustovetov <andrey.pustovetov@gmail.com>
Reviewed by: tsoome
Differential Revision: https://reviews.freebsd.org/D13541
removing this argument, and expanding when rc is NULL. This
effectively completes the back out of custom scripts for tftp booted
loaders from r269153 that was started in r292344 with the new path
tricks that obsoleted it.
Submitted by: Netflix
HELP_FILES is a loader only thing, so move it to loader.mk. Only
generate the help file if HELP_FILES is defined. Adjust Makefiles to
new convention. Fix a few cases where ${.CURDIR}/ was missing
resulting in missing bits from the help files.
Sponsored by: Netflix
weren't needed, and their existance interfered with things in subtle
ways. One of these subtle ways was that malloc could be different
based on what files were included when (even within the same .c file,
it turns out). Move to a single malloc implementation as well by
adding the calls to setheap() to gptboot.c and zfsboot.c. Once upon a
time, these boot loaders strove to not use libstand. However, with the
proliferation of features, that striving is too hard for too little
gain and lead to stupid mistakes.
This fixes the GELI-enabled (but not even using) boot environment. The
geli routines were calling libstand malloc but zfsboot.c and gptboot.c
were using the mini libstand malloc, so this failed when we tried to
probe for GELI partitions. Subtle changes in build order when moving
to self-contained stand build in r326593 toggled what it used from one
type to another due to odd nesting of the zfs implementation code that
differed subtly between zfsloader and zfsboot.
Sponsored by: Netflix
This was an experiment that landed in the wrong branch and was pushed
accidentally. It's best if it is ignored because the difference was
due to vers.o being different, not float.o... And it was confirmed to
not fix anything...
Pointy Hat to: imp
temporary workaround. This fixes zfs booting generally, but breaks all
GELI booting by default. Add note to UPDATING to this effect. When the
GELI issues are resolved, this will be reverted.
We need to include ficl.h after the standard includes, rather than
before them. It changes the generated code in ways that haven't been
completely analyized. This restores the old code generation (as
verified by md5 changing back for zfsloader).
This should restore GPT + ZFS and GPT + ZFS + GELI booting that was
broken in r326585 (or would have been if r326584 hadn't broken the
build).
Sponsored by: Netflix
Use _STANDALONE for guard expression in efichar.[ch] and add efi_char typedef.
clean up boot1.c, and replace for loop in efipart.c with ucs2len().
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D13488
Don't print when we can't find a file. Copy it instead to the error
buffer. Higher level routines determine if it's appropriate to print
the error message.
Also, remove dead code (labeled bogusly lost functionality) since we
never used that functionality. Remove unused arg from interact() too.
Sponsored by: Netflix
saved register, but in arm EABI it may be either callee-saved or dedicated
to some special purpose (such as a TLS pointer). It appears clang does not
treat it as a callee-saved register (instead using it as another work
register, similar to r12).
Another important side effect of these changes is that saving an extra
register in the push/pop statements keeps the stack aligned to an 8-byte
boundary during the self_reloc() call, as it always should have been.
As stated in the PR...
Essentially the important caller-saved registers are pushed (r0, r1, r9, lr)
before the relocation call, and popped after. Then r8/r9 are saved as usual
for the syscall trampoline, and lr is stored in r8 (now free) as a
callee-saved value before calling into `main`.
The call to `main` can no longer be a tail call because we must restore r9
especially after main returns (although since we have used r8 to hold lr we
must also restore this).
PR: 224008
Create an interp class. Use it to separate out the different types of
interpreters: forth and simple with function pointers rather than
via #ifdefs.
Obtained from: lua boot loader project
(via https://bsdimp@github.com/bsdimp/freebsd.git lua-bootloader)
Sponsored by: Netflix
the stand environment that's safe to use (and insulated from whatever
build env you might normally have), stop hacking the bzlib and zlib
sources with sed. There's no longer any need.
Sponsored by: Netflix
Building with the standard system headers isn't a perfect match to the
stand environment. Instead, copy over the files we know are safe to
use and constrain what else is used. We use -nostdinc to achieve this.
This also fixes issues with building 32-bit libraries on amd64
sometimes pulling in the wrong cpufunc.h giving an error now that we
stop on errors. It will also enable an easier transition to lua boot.
Sponsored by: Netflix
latter aren't used. Prefer sys/link_elf.h to link.h so we're only
dependent on the kernel tree. The default installation of link.h just
includes this file, and any benefit from that is outweighed by the
hassle it causes. This reduces the footprint of files needed from the
system includes (or sysroot in buildworld).
Sponsored by: Netflix
Previous to the switch from sys/boot to stand/ zfsboot (used for MBR) did
not support GELI. Now that it is compiled with GELI, it is running out of
space.
zfsldr (which loads zfsboot) was modified to load 256kb in r304321
it's going to be removed soon anyway once the final lingering issues
with kboot are resolved. Go ahead and disconnect it from the build a
little early.
Sponsored by: Netflix
OK'd by: nathanw@
Default WARNS to 0 still, since there's still some warnings on other
architectures.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D13301
These prototypes were needlessly different from the standard. Fix them
to be the same, and fix the surrounding code after the changes.
Sponsored by: Netflix
Only define the CFLAGS we need.
SSP_CFLAGS is now defined globally, no need to define it here.
Define -D_STANDALONE globally for src/stand builds.
Sponsored by: Netflix
Move kernel includes and libsa includes together at the top of defs.mk
Move all machine specific defines from Makefile.inc to their friends
in defs.mk.
Add comments and remove now useless junk after the move.
Sponsored by: Netflix
Remove the now-useless dependency on ufsread.c. In some cases, it was
on the wrong file. But in all cases, we now automatically generate
.depend files, so we don't need it explicitly.
Sponsored by: Netflix
iPXE does insert stub BLOCK IO protocol handle to rework other issues,
this handle is not usable as it does not provide actual implementation.
We can detect this situation by checking and validating the BlockSize
property, so this update does make sure we have BlockSize at least 512B
and its value is power of 2.
PR: 223969
Reported by: Jeff Pieper
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D13297
The host_open interface was a legitimate mismatch to the userboot
function, while the other pointers didn't need to be non-const.
This makes the powerpc warning free again.
Sponsored by: Netflix
magic number to the kernel in r7 rather than the (currently unused and
irrelevant) width of the metadata pointer, which I believe was intended
for a never-used approach to the 64-bit port. This enables the kernel,
in a future commit, to switch on the cookie to distinguish a real
metadata pointer from loader(8) from garbage left in r6 by some other
boot loader.
MFC after: 3 weeks
either aborts or exits, but never returns. Tag it as a non-returning
function rather than supply a bogus return(0) at the end of main.
CID: 1382885
Sponsored by: Netflix
greater than 2^31-1, then the result will be huge. This is unlikely,
as we don't support that many sections, but out of an abundace of
caution cast to size_t so the multiplication won't overflow
mysteriously when size_t is larger than 32-bits. The resulting code
may be a smidge larger, but this isn't super-space critical code.
CID: 1194216, 1194217, 1194222, 1194223, 1265018, 1265019,1265020,
1265021
Sponsored by: Netflix
Rework the block device handle check to allow more robust device
classification. This is mostly usability issue - it can be quite confusing
for user when no disks are listed with lsdev.
Add more comments about what and why is done.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D13026
riscv doesn't have -msoft-float. For the moment, just don't add
anything. There's no /boot/loader or other bootstrap contained in the
tree for riscv*. However, with real hardware coming next year, there
are plans for one, so keep building at least a minimal libsa and
ficl to prevent bitrot.
Sponsored by: Netflix
HAVE_GPT isn't currently a thing, but HAVE_GELI is. Replace the former
with the latter and remove util.o from the build list (it's picked up
from libsa/libsa32, and that's OK).
Sponsored by: Netflix
simd / no float stuff is centeralized here. Also centralise
-ffreestanding since it is specified everywhere.
This, along with a change to share/mk/bsd.cpu.mk to include -mno-avx2
in CFLAGS_NO_SIMD should fix building for newer machines (eg with
CPUTYPE=haswell) where clang was generating avx2 instructions.
Sponsored by: Netflix
