disk_blocks assumes BIOSDISK_SECSIZE, but the media may not be using
it. In particular, bioscd on Parallels presents a 2K sector size, so
we end up with a short disk_blocks and subsequent validation fails when
trying to read /boot/lua.
PR: 233098
Reviewed by: imp, tsoome
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D36490
This corrects an issue introduced in b4cb3fe0e3, where a freshly
allocated `DOS_FS` structure would not be initialized properly before
use in `dos_open`.
In case of FAT32 file systems, this would leave `fs->dirents`
uninitialized and - depending on its content and due to checks in
`parsebs` - prevent mounting the file system successfully.
This particularily impacted the EFI loader, as it was sometimes not
able to read files from a FAT32-formatted EFI partition, including
LoaderEnv (`/efi/freebsd/loader.env`).
Accepted by: imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D36482
Reviewed by: imp
Discussed with: gbe (man pages)
English wording help by: rpokala
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Differential revision: https://reviews.freebsd.org/D36435
Normally in the boot loader, we key off of MACHINE since that specifies
the kernel and the loader is very tuned to each type of MACHINE in
general. In this case, however, we're producing a Linux binary, with
Linux system calls encoded in it. These align better along the
MACHINE_ARCH axis of FreeBSD. For PowerPC the system calls are radically
different for each of our MACHINE_ARCHes, with only powerpc64 and
powerpc64le sharing the same numbers and memory layout. The same was
true about mips when it was in the tree. 32-bit arm uses the same
layout, however, for both armv6 and armv7 ports: that can be easily
shared in the unlikely event we support that in the future.
Sponsored by: Netflix
This allows the "Multi user" in "[B]oot Multi user" to be substituted
with another string, for example with "Installer" in installer media.
Note that this is lua-only at the moment, since loader.4th's menu.rc
defines the alternate name as Boot [M]ulti User, unlike lualoader which
leaves it as [B]oot Multi user. Ideally loader.4th would adopt the newer
and simpler lualoader behaviour and then it could gain support for this
option, but loader.4th is on the way out and isn't used by any official
installer media so this is not a significant concern.
Reviewed by: kevans, rpokala
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D36418
Add a smbios.bios.revision kenv, which contains the system BIOS revision
as defined in SMBIOS specification, section 3.3.1.
Since the revision is stored in two separate byte fields,
the smbios_setenv helper can't be used.
Read and construct the kenv manually instead.
Approved by: mw(mentor)
Sponsored by: Stormshield
Obtained from: Semihalf
Differential Revision: https://reviews.freebsd.org/D36413
It is desirable to run kboot as the first program in some LinuxBoot
environments. This is the traditional "pid 1" or "init" program. When
running as pid 1. rovide a minimal environment based on what sysvinit,
u-root, initramfs-tools and other like projects do. We mount /dev, /sys,
/proc, make symlinks from /dev/fd to /dev/proc, and create /tmp, /run,
and /var. We also setup stdin/out/err to the console, set the tty
characteristics of same and block the appropriate signals.
This is indended as an environment that never does a fork/exec. If
that's required, the process groups, session leaders and all things
POSIX terminal handlers will need to be added.
Unlike the general purpose linux projects in this area, no attempt is
made to support very old kernels.
When not pid 1, we skip all of the above.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D36368
Give scripts the ability to determine if the currently running loader
has provided a command.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D36365
interp_has_builtin_cmd() will try to lookup the passed in command and
returns true if it was found, false otherwise.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D36364
Factor out interp_lookup_cmd to search for a command from
interp_builtin_cmd. This simplifies the latter and can be used to expand
lua to ask if a command exists.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D36363
Document how EFI consoles work, at least on x86. There's a number of
weird quirks and limitations that are generally known, but not
documented until now. Include information on how EFI decides what the
defualt console is, how to set it and how to cope with common
situations. Note limitations and mismatch between ACPI (which uses UID
to identify a device) and our console code (which uses a raw address)
and explain why we can't translate between them in the loader.
Sponsored by: Netflix
Reviewed by: manu, kevans, rpokala, pauamma
Differential Revision: https://reviews.freebsd.org/D36286
And thus has a limited range of supported baud rates. Also add that
setting BOOT_BOOT0_COMCONSOLE_SPEED=0 will leave it unchanged which
sometimes can give you 115200 if the BIOS initialized things outside of
the normal BIOS baud rates (which many x86 enbedded-targetted boards
do).
Sponsored by: Netflix
Reviewed by: emaste, manu (earlier versions)
Suggestions by: jhb
Differential Revision: https://reviews.freebsd.org/D36300
When ConOut is missing, we used to default to serial. Except we did it
in the worst way possible by just setting the howto bits and not
updating the console setting, which lead to weird behavior where we'd
get some things on the video port, others on serial.
Instead, set console to "efi,comconsole" for this case. Also set
RB_MULTIPLE always (so we get dual consoles from the kernel) and or in
RB_SERIAL when we can't find GOPs that suggest the precense of a video
console. This will put output in the most places and have a sensible
default for 'primary' console.
Sponsored by: Netflix
Reviewed by: emaste, manu
Differential Revision: https://reviews.freebsd.org/D36299
The boot loader should look in the standard places for the UFS
superblock, but not go too far into the speculative realm. Supress
errors about hash being invalid, which will allow us to boot, even when
the superblock looks good, but fails the hash test. This defers any
policy decisions about booting and/or recovery to userland. This also
has the side effect of eliminating some rather spammy messages when UFS
searches devices with filesystems that are not UFS...
Sponsored by: Netflix
Reviewed by: mckusick
Differential Revision: https://reviews.freebsd.org/D36253
The commit message documented it as /etc/src.conf but the comment in the
source mentioned the non-existent /etc/loader.conf.
Fixes: f8a199f28f ("stand: Raise limit to 550,000 bytes for loader")
into ffs_sbsearch() to allow use by other parts of the system.
Historically only fsck_ffs(8), the UFS filesystem checker, had code
to track down and use alternate UFS superblocks. Since fsdb(8) used
much of the fsck_ffs(8) implementation it had some ability to track
down alternate superblocks.
This change extracts the code to track down alternate superblocks
from fsck_ffs(8) and puts it into a new function ffs_sbsearch() in
sys/ufs/ffs/ffs_subr.c. Like ffs_sbget() and ffs_sbput() also found
in ffs_subr.c, these functions can be used directly by the kernel
subsystems. Additionally they are exported to the UFS library,
libufs(8) so that they can be used by user-level programs. The new
functions added to libufs(8) are sbfind(3) that is an alternative
to sbread(3) and sbsearch(3) that is an alternative to sbget(3).
See their manual pages for further details.
The utilities that have been changed to search for superblocks are
dumpfs(8), fsdb(8), ffsinfo(8), and fsck_ffs(8). Also, the prtblknos(8)
tool found in tools/diag/prtblknos searches for superblocks.
The UFS specific mount code uses the superblock search interface
when mounting the root filesystem and when the administrator doing
a mount(8) command specifies the force flag (-f). The standalone UFS
boot code (found in stand/libsa/ufs.c) uses the superblock search
code in the hope of being able to get the system up and running so
that fsck_ffs(8) can be used to get the filesystem cleaned up.
The following utilities have not been changed to search for
superblocks: clri(8), tunefs(8), snapinfo(8), fstyp(8), quot(8),
dump(8), fsirand(8), growfs(8), quotacheck(8), gjournal(8), and
glabel(8). When these utilities fail, they do report the cause of
the failure. The one exception is the tasting code used to try and
figure what a given disk contains. The tasting code will remain
silent so as not to put out a slew of messages as it trying to taste
every new mass storage device that shows up.
Reviewed by: kib
Reviewed by: Warner Losh
Tested by: Peter Holm
Differential Revision: https://reviews.freebsd.org/D36053
Sponsored by: The FreeBSD Foundation
We don't need the compress rotuines, nor zstd_opt.c. Remove them.
Expand the number of places we omit code for IN_LIBSA (which are FreeBSD
specific). Due to the agressive optimization, though, this doesn't
reduce the size of the loader. It does reduce the number of 'false
positives' for places to omit to reduce the size as well as reducing the
build time slightly.
Sponsored by: Netflix
Reviewed by: tsoome, delphij
Differential Revision: https://reviews.freebsd.org/D36145
The BIOS loader operates in a very constrained environment. The messages
for the super block integrity tests take up about 12k of space. Compile
them out for the BIOS loader, while leaving it intact for all other
loaders that aren't space constrained. These aren't used in the 'super
tiny' *boot* programs, so no adjustment is needed there.
We reply on the fact that (a) i386 doesn't support 32-bit UEFI booting
and (b) LIBSA_CPUARCH is "i386" when building on both i386 and when
we're building the 32-bit libsa32 library.
This saves about 12k of space for this constrained envrionment and will
take a bit of the pressure off some machines where the loader has grown
too big for their BIOS (see comments in i386/loader/Makefile for
details).
Sponsored by: Netflix
Reviewed by: mckusick
Differential Revision: https://reviews.freebsd.org/D36175
Raise the limit for /boot/loader to be 550k. The IBM PC imposes a limit
of 640k of RAM below 1MB, which is needed for real mode calls. BTX takes
40k of that. The BIOS takes some amount (25k seems a good "99% take less
than or equal to this" estimate for that, though some systems consume
more). Most typical setups need 25k of stack. This leaves 550k for
code. We set the limit to 550,000 which gives about an extra 13,000
bytes of buffer for machines that whose setups use a little more stack
or whose BIOS reserves a bit more...
Add this derivation in the Makefile. Also recommend setting LOADERSIZE
lower in /etc/src.conf when the loader has to run on a system whose BIOS
takes up more space, or for a complex setup. Add a recipe for how to
find how much RAM your BIOS uses as well (thanks to jhb@ for the
trick). Network cards that boot via PXE and HBAs with their BIOS enabled
are known to be large consumers of lomem space.
Sponsored by: Netflix
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D36152
Turns out there's two hidden a.out dependencies. pxeldr.S assumes it has
access to the a.out header from /boot/loader and cdboot.S assumes that
/boot/loader is also a.out and doesn't use boot2.
So, go back to making a.out files for these and adjust the size checks
to use ls, but we only need to check loader.bin. Trim the size we check
against by 2,000. The difference in size between loader and loader.bin
is about 3000 bytes, but clang15 produces binaries that are a smidge
bigger so we need to relax the check just a little and accept some
additional risk for the moment.
Add some comments to loader's Makefile about this.
Sponsored by: Netflix
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D36142
It's sometimes desirable to override the size limit: It's a soft limit
and there are times we exceed the limit by just a little bit and don't
want the build to fail (or we are hitting runtime failures below the
510,000 byte limit).
Sponsored by: Netflix
devformat produces the same output as i386_fmtdev, so just use it to
reduce on the dependencies.
Sponsored by: Netflix
Reviewed by: tsoome
Differential Revision: https://reviews.freebsd.org/D35927
devformat produces the same output as uboot_fmtdev, so just use it to
reduce on the dependencies.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D35926
devformat produces the same output as userboot_fmtdev, so just use it to
reduce on the dependencies. In addition, we don't need to use the
incomplete struct userboot_devdesc type, we can use struct devdesc
instead (in fact, there's no userboot_devdesc defined anywhere).
Sponsored by: Netflix
Reviewed by: jhb (prior version)
Differential Revision: https://reviews.freebsd.org/D35925
devformat produces the same output as efi_fmtdev, so just use it to
reduce on the dependencies.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D35924
Add a generic way to get the string representation of a zfs device / mount.
Sponsored by: Netflix
Reviewed by: tsoome (prior version)
Differential Revision: https://reviews.freebsd.org/D35923
Use devformat instead of disk_devfmt. This allows us to avoid knowing
the details of the device that's underneath us. Remove disk.h include
and the -I${LDRSRC} from the build of ufs.c since they are no longer
needed.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D35922
Fix layering violation and use devformat to get the string
representation of the device to see if we're mounted yet or not. Remove
added include to pickup disk.h.
Sponsored by: Netflix
Reviewed by: tsoome (prior version)
Differential Revision: https://reviews.freebsd.org/D35919
All of the archsw fmtdev functions treat DEVT_DISK as a call to
disk_fmtdev. Set all disks' dv_fmtdev to disk_fmtdev so devformat
will return the same thing.
Sponsored by: Netflix
Reviewed by: tsoome (prior version)
Differential Revision: https://reviews.freebsd.org/D35917
Use dv_fmtdev to return a formatted string for a device. If this is a
null pointer, return the device name and unit followed by a colon (eg
disk3:).
Sponsored by: Netflix
Reviewed by: tsoome (prior version)
Differential Revision: https://reviews.freebsd.org/D35916
Add a new pointer, dv_devfmt, to allow devices to format themselves. We
will use this to simplify many of the fmtdev functions in the tree as
they are all almost the same, or all are isomorphic to each other.
Sponsored by: Netflix
Reviewed by: tsoome (prior version)
Differential Revision: https://reviews.freebsd.org/D35915
We do a number of games with ploymorphism for different types struct
*devdesc. Adjust one place that this affects to take the address of the
base class (most others have void * at the moment). This is more type
safe than a bare void *.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D35914
Rather than have the magic, hand-crafted fields that have to align with
fields in other structures at the end of i386_devdesc, make it into
anonymous union and adjust the code accordingly. This is safer and
similar to what CAM does.
Sponsored by: Netflix
Reviewed by: kevans, tsoome (prior version)
Differential Revision: https://reviews.freebsd.org/D35965
The BIOS method of booting imposes an absolute limit of 640k for the
size of the program being run due to btx. In practice, this means that
programs larger than about 500kiB will fail in odd ways as the stack /
heap will overflow.
Pick 510,000 as the cutoff line semi-arbitrarily. loader_lua is now
almost too big and we want to break the build when it crosses this
threshold. In my experience, below 500,000 always works, above 520,000
always seems to fail with things getting bad somewhere between 512,000
to 515,000. 510,000 is as close to the line as I think we can go, though
experience may dictate we need to lower this in the future.
This is at-best a stop-breakage until we have a better way to subset the
boot loader for BIOS booting to allow better, more fined-tuned
/boot/loaders for the many different environments they have to run
in. This likely means we'll have a graphical loader than understands a
few filesystmes for installation, and a non-graphical loader that
understands the most filesystems possible for everything else in the
future. Our build infrastructure needs some work before we can do that,
however.
At this late date, it likely isn't worth the efforts to move parts of
the loader into high memory. There's a number of assumptions about where
the stack is, where buffers reside, etc that are fulfilled when it lives
in the first 640k that would need bounce buffers and/or other counter
measures if we were to split it up. All BIOS calls are done in 16-bit
mode with SEG:OFF addresses, requiring them to be in the first 640k of
RAM. And nearly all machines in the last decade can boot with UEFI
(though there's some exceptions, so it isn't worth killing outright
yet).
Sponsored by: Netflix
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D36129
The first level boot blocks have understood how to load ELF code since
1999. Switch /boot/loader and /boot/pxeldr over to being ELF format so
that in-tree tools can examine them more closely. In addition, one
could, in theory, now have a 'lo-mem' and a 'hi-mem' segment (though a
lot of work would need to be done with bounce buffers, btx, code segment
marking, etc for an arrangement like that to work).
As far as I can tell, this is the last a.out binary in the tree. There
are several raw binaries left, but everything else is ELF.
Reviewed by: emaste, kevans
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D36130
geliboot.c and geliboot_crypto.c don't need anything from stand/common,
so remove them from the list of things to add it.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D35921
bootstrap.h isn't needed at all by geil, so remove it.
Sponsored by: Netflix
Reviewed by: tsoome (earlier version)
Differential Revision: https://reviews.freebsd.org/D35920
This code was written prior to snprintf being in the then libstand (now
libsa). Since we have it, use it for extra safety. The code already
tries to be safe, but since we have snprintf as well, the added layer of
protection will suffice. The current code reserves 16 bytes (plus a NUL)
at the end for worst case of inet_ntoa, which is still a little
pessimal, but safe from overflow.
Sponsored by: Netflix
Reviewed by: tsoome
Differential Revision: https://reviews.freebsd.org/D35102
Rather than trying to shoehorn flags into the requested superblock
address, create a separate flags parameter to the ffs_sbget()
function in sys/ufs/ffs/ffs_subr.c. The ffs_sbget() function is
used both in the kernel and in user-level utilities through export
to the sbget() function in the libufs(3) library (see sbget(3)
for details). The kernel uses ffs_sbget() when mounting UFS
filesystems, in the glabel(8) and gjournal(8) GEOM utilities,
and in the standalone library used when booting the system
from a UFS root filesystem.
The ffs_sbget() function reads the superblock located at the byte
offset specified by its sblockloc parameter. The value UFS_STDSB
may be specified for sblockloc to request that the standard
location for the superblock be read.
The two existing options are now flags:
UFS_NOHASHFAIL will note if the check hash is wrong but will still
return the superblock. This is used by the bootstrap code to
give the system a chance to come up so that fsck can be run to
correct the problem.
UFS_NOMSG indicates that superblock inconsistency error messages
should not be printed. It is used by programs like fsck that
want to print their own error message and programs like glabel(8)
that just want to know if a UFS filesystem exists on a partition.
One additional flag is added:
UFS_NOCSUM causes only the superblock itself to be returned, but does
not read in any auxiliary data structures like the cylinder group
summary information. It is used by clients like glabel(8) that
just want to check for possible filesystem types. Using UFS_NOCSUM
skips the superblock checks for csum data which allows superblocks
that have corrupted csum data to be read and used.
The validate_sblock() function checks that the superblock has not
been corrupted in a way that can crash or hang the system. Unless
the UFS_NOMSG flag is specified, it will print out any errors that
it finds. Prior to this commit, validate_sblock() returned as soon
as it found an inconsistency so would print at most one message.
It now does all its checks so when UFS_NOMSG has not been specified
will print out everything that it finds inconsistent.
Sponsored by: The FreeBSD Foundation
