Commit Graph

687 Commits

Author SHA1 Message Date
Toomas Soome
f442898fe7 libsa: tftp should not read past file end
When we have the file size via tsize option, use it to make sure we
will not attempt to read past file end.
2018-11-01 13:12:05 +00:00
Gleb Smirnoff
9319dded3d Remove unnecessary include from libstand. 2018-10-31 19:59:20 +00:00
Toomas Soome
09312399a7 loader: issue edd probe before legacy ah=08 and detect no media
while probing for drives, use int13 extended info before standard one and
provide workaround for case we are not getting needed information in case
of floppy drive.

In case of INT13 errors, there are (at least) 3 error codes appearing in case
of missin media - 20h, 31h and 80h. Flag the no media and do not print an
error.

Differential Revision:	https://reviews.freebsd.org/D17667
2018-10-31 16:42:40 +00:00
Kyle Evans
5beb550712 lualoader: Fix try_include error handling
The previous iteration of try_include attempted to be 'friendly' and error()
out if we hit an error that wasn't ENOENT. This was semi-OK, but fragile as
it relied on pattern matching the error message.

Move the responsibility for handling failure to the caller. Following
a common lua pattern, we'll return the return value of the underlying
require() on success, or false and an error message.

Reported by:	bcran
MFC after:	3 days
2018-10-29 02:58:30 +00:00
Warner Losh
16633f3a2d Move LUA_ROOT to /boot/lua
While this is mostly unused today, this is a better place than
/usr/local/lua.
2018-10-28 02:57:50 +00:00
Kyle Evans
e1f1ddeb35 lualoader: Always return a proper dictionary for blacklist
If module_blacklist isn't specified, we have an empty blacklist; effectively
the same as if module_blacklist="" were specified in loader.conf(5).

This was reported when switching to a BE that predated the module_blacklist
introduction, but the problem is valid all the same and likely to be tripped
over in other scenarios.

Reported by:	bwidawsk
MFC after:	3 days
2018-10-27 04:10:42 +00:00
Warner Losh
48f0136d52 Fix pointer arithmetic
Pointer math to find the size in bytes only works with char types.
Use correct pointer math to determine if we have enough of a header to
look at or not.

MFC After: 3 days
X-MFX-With: r339800
Noticed by: jhb@
Sponsored by: Netflix, Inc
2018-10-26 23:44:50 +00:00
Warner Losh
df65fbc569 Ensure we have a full EFI_DEVICE_PATH header before we try to look at
its length. Some BIOSes pad the length of the device path to an even
amount. When we had a device path that was somehow an odd length, we'd
wind up having 1 byte left that we were bogusly interpreting as a full
device path. We'd then dereference 2 bytes into that to get a length
of the node, which had undefined (and quite undesired) effects.

Sponsored by: Netflix, Inc
MFC After: 3 days
2018-10-26 23:08:22 +00:00
Rebecca Cran
9a815e0a58 Simplify the EFI delay() function by calling BS->Stall()
Differential Revision: https://reviews.freebsd.org/D16753
2018-10-26 21:57:22 +00:00
Kyle Evans
3078173c8d lualoader: Improve module loading diagnostics
Some fixes:

- Maintain historical behavior more accurately w.r.t verbose_loading;
  verbose_loading strictly prints "${module_name...}" and later "failed!"
  or "ok" based on load success
- With or without verbose_loading, dump command_errbuf on load failure.
  This usually happens prior to ok/failed if we're verbose_loading

Reviewed by:	imp
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D17694
2018-10-25 02:14:35 +00:00
Kyle Evans
041929aab1 menu.lua: Abort autoboot sequence on failed command
Currently, a timeout in the menu autoboot sequence would effectively do
nothing. We would return from the autoboot handling, then begin processing
the menu without redrawing it.

This change makes the behavior a little more friendly. Returning the user to
the menu can't have any good effects, so abort the autoboot sequence and
drop to the loader prompt.

MFC after:	3 days
2018-10-24 03:14:10 +00:00
Kyle Evans
e414851f3e lualoader: unload upon kernel change if a kernel was previously loaded
In the majority of cases, a kernel is not loaded before we hit the menu.
However, if a password is set, we'll trigger autoboot and have loadelf'd
beforehand. We also need to take into account one dropping to the loader
prompt and twiddling with things manually; if they try to toggle through
kernels, we'll assume they mean it.

Reported by:	trasz
MFC after:	 3 days
2018-10-24 02:02:37 +00:00
Konstantin Belousov
ad6f5f9ab5 Fix stand/ build after r339671.
ffs_subr.c requires calculate_crc32c() from libkern.  Unfortunately we
cannot just add libkern/crc32.c to libstand because crc32.o is already
compiled from contrib/zlib/crc32.c. Use the include trick to rename
the source.

Note that libstand also provides crc32.c which seems to be unused.

Reviewed by:	imp
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D17677
2018-10-23 23:11:38 +00:00
Toomas Soome
8b7db46557 loader: biosdisk interface should be able to cope with 4k sectors
The 4kn support in current bios specific biosdisk.c is broken, as the code
is only implementing the support for the 512B sector size.

This work is building the support for custom size sectors, we still do assume
the requested data to be multiple of 512B blocks and we only do address the
biosdisk.c interface here.

For reference, see also:
https://www.illumos.org/issues/8303
https://www.illumos.org/rb/r/547

As the GELI is moved above biosdisk "layer", the GELI should just work

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D11174
2018-10-23 14:44:32 +00:00
Toomas Soome
bb489cd7ad libsa: re-send ACK for older data packets in tftp
In current tftp code we drop out-of-order packets; however, we should play
nice and re-send ACK for older data packets we are receiving. This will
hopefully stop server repeating those packets we already have received.
Note we do not answer duplicates from "previous" session (that is, session
with different port number), those will eventually time out.

Differential Revision:	https://reviews.freebsd.org/D17087
2018-10-23 13:38:39 +00:00
Devin Teske
ff9154be8b Restore the ability to prevent the user from interrupting the boot process
without first entering the password stored in loader.conf(5).

PR:		kern/207069
Reported by:	david@dcrosstech.com
MFC after:	3 days
Sponsored by:	Smule, Inc.
2018-10-21 00:15:51 +00:00
Ed Maste
188b0da1ce libi386: remove CLANG_NO_IAS workaround
Clang's Integrated Assembler was previously disabled for i386 with the
note that it "doesn't grok .codeNN directives yet."  This is no longer
the case (and hasn't been for some time), and the assembled output .text
is identical between gas and IAS.

MFC after:	2 months
Sponsored by:	The FreeBSD Foundation
2018-10-20 22:35:06 +00:00
Toomas Soome
0f31e1e6a8 loader.efi: add poweroff command
Add poweroff command to make life a bit easier.

Reviewed by:	imp, allanjude
Approved by:	re (kib)
Differential Revision:	https://reviews.freebsd.org/D17535
2018-10-12 16:24:49 +00:00
Kyle Evans
e0a28d2492 Enable lualoader's kernel autodetection, disabled on install media
As documented in loader.conf(5), kernels_autodetect="YES" will cause the
Lua scripts to effectively scan /boot for directories with a "kernel" file
inside, to be listed in the loader menu.

Approved by:	re (kib)
2018-10-11 17:17:54 +00:00
Kyle Evans
76c75816cf lualoader: Provide a 'menu' command to redraw the menu at the loader prompt
Reported by:	allanjude
Approved by:	re (kib)
2018-10-11 17:16:39 +00:00
Glen Barber
dbffe0f105 Fix a minor typo in loader.conf(5).
Approved by:	re (kib)
Sponsored by:	The FreeBSD Foundation
2018-10-10 20:25:41 +00:00
Kyle Evans
1613f09199 lualoader: Honor boot_* variables at lua init
For non-UEFI systems, boot.config(5) may have -s or -v specified for
single-user and verbose boot respectively. These were not being properly
taken into account and reflected in the "Boot Options" submenu. When we
initialize core.lua, we'll record boot_single and boot_verbose as we do ACPI
and consider these the system defaults.

Reported by:	David Wolfskill <david@catwhisker.org>
Approved by:	re (kib)
2018-10-07 15:28:50 +00:00
Kyle Evans
532dc17243 lualoader: Create a module blacklist, add DRM modules to it
This is a step in the process of easing migration into the new world order
of DRM drivers. Strongly encourage users towards loading DRM modules via
rc.conf(5) instead of loader.conf(5) by failing the load from loader(8).
Users so inclined may wipe out the blacklist via module_blacklist="" in
loader.conf(5), and it is expected that these modules will eventually be
removed from the blacklist. They may still be loaded as dependencies of
other modules or explicitly via the loader prompt, but this should not be a
major problem.

Approved by:	re (rgrimes)
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D16914
2018-10-07 01:53:43 +00:00
Kyle Evans
c84dbc5329 lualoader: Don't draw loader menu with autoboot_delay=-1
This was mostly a cosmetic issue. autoboot_delay=-1 is documented to bypass
the loader menu and immediately execute the boot command, but lualoader
would draw the menu and immediately execute the boot command. No interaction
was possible with the menu.

The fix lifts autoboot_delay processing out of menu.autoboot, which now
takes a delay and does nothing if no delay is specified. This lines up with
my expectations of menu.autoboot's usage from a third party, which may
want more control over the process than the default behavior.

PR:		231610
Approved by:	re (gjb)
2018-10-05 17:07:10 +00:00
Edward Tomasz Napierala
6c8e9a8471 Improve loader passwords:
1. Be clear about which password is being requested
2. Remove extraneous whitespace between the prompt and the cursor
3. Move the twiddle to where the prompt is, instead of two characters to the right
4. Fix erasing the 'incorrect password' message when retrying; previously it was erased partially
5. Remove the unneeded exclamation mark

Reviewed by:	kevans
Approved by:	re (gjb)
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D17236
2018-09-22 13:14:44 +00:00
Toomas Soome
7e63e808d7 libsa: validate tftp_makereq() after we did reset the read
The name check referred in the comment is not the only possible error source,
we need to validate the result.

Reviewed by:	allanjude
Approved by:	re (kib)
Differential Revision:	https://reviews.freebsd.org/D17081
2018-09-09 06:30:15 +00:00
Toomas Soome
7ee96df3b3 libsa: memory leak in tftp_open()
tftpfile is allocated just above and needs to be freed.

Reviewed by:	imp
Approved by:	re (kib)
Differential Revision:	https://reviews.freebsd.org/D17058
2018-09-08 19:17:22 +00:00
Warner Losh
0125fb6352 Be a little conservative about when to force size optimizations.
Reports have come in that there's issue with powerpc and sparc64 since
we've switched to using -Oz / -Os. We don't strictly need them for
!x86, so be conservative about when we enable them.

Approved by: re@ (gjb)
Differential Revision: https://reviews.freebsd.org/D17016
2018-09-05 20:02:23 +00:00
Ruslan Bukin
888c8381ad Enable 'C'-compressed ISA extension.
This was disabled recently due to lack of support in KDB disassembler
and DTrace FBT provider. Support for 'C'-extension to both of these was
added, so we can now enable 'C'-extension.

This reduces size of the kernel important for low-end embedded devices,
and saves cache footprint for high perfomance machines.

Approved by:	re (kib)
Sponsored by:	DARPA, AFRL
2018-09-03 14:43:16 +00:00
Robert Watson
deea362c80 The kernel DTrace audit provider (dtaudit) relies on auditd(8) to load
/etc/security/audit_event to provide a list of audit event-number <->
name mappings.  However, this occurs too late for anonymous tracing.
With this change, adding 'audit_event_load="YES"' to /boot/loader.conf
will cause the boot loader to preload the file, and then the kernel
audit code will parse it to register an initial set of audit event-number
<-> name mappings.  Those mappings can later be updated by auditd(8) if
the configuration file changes.

Reviewed by:	gnn, asomers, markj, allanjude
Discussed with:	jhb
Approved by:	re (kib)
MFC after:	1 week
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D16589
2018-09-03 14:26:43 +00:00
Kyle Evans
a500341916 lualoader: Handle comma-separated kernels as well
The format for kernels is documented as being space-delimited, but
forthloader was more lenient on this and so people began to depend on it.

A later pass will be made to document all of the fun features that forthloader
allowed that may not be immediately obvious.

Reported by:	mmacy
Approved by:	re (kib)
2018-09-03 03:23:09 +00:00
Kyle Evans
d3d381b2b1 userboot: handle guest interpreter mismatches more intelligently
The switch to lualoader creates a problem with userboot: the host is
inclined to build userboot with Lua, but the host userboot's interpreter
must match what's available on the guest. For almost all FreeBSD guests in
the wild, Lua is not yet available and a Lua-based userboot will fail.

This revision updates userboot protocol to version 5, which adds a
swap_interpreter callback to request a different interpreter, and tries to
determine the proper interpreter to be used based on how the guest
/boot/loader is compiled. This is still a bit of a guess, but it's likely
the best possible guess we can make in order to get it right. The
interpreter is now embedded in the resulting executable, so we can open
/boot/loader on the guest and hunt that down to derive the interpreter it
was built with.

Using -l with bhyveload will not allow an intepreter swap, even if the
loader specified happens to be a userboot with the wrong interpreter. We'll
simply complain about the mismatch and bail out.

For legacy guests without the interpreter marker, we assume they're 4th.
For new guests with the interpreter marker, we'll read it and swap over
to the proper interpreter if it doesn't match what the userboot we're using
was compiled with.

Both flavors of userboot are installed by default, userboot_4th.so and
userboot_lua.so. This fixes the build WITHOUT_FORTH as a coincidence, which
was broken by userboot being forced to 4th.

Reviewed by:	imp, jhb, araujo (earlier version)
Approved by:	re (gjb)
Differential Revision:	https://reviews.freebsd.org/D16945
2018-09-01 02:23:45 +00:00
Kyle Evans
2ac6dfb0c2 lualoader: Print error messages from command failures at the prompt
Previously lualoader would remain silent, rather than printing
command_errmsg or noting that a command had failed or was not found.

Approved by:	re (gjb)
2018-08-31 15:02:53 +00:00
Kyle Evans
ca703fe987 lualoader: fix color usage
Resetting to the default color scheme was done prior to reading the config.
This is bogus; colors may only be declined by the user with the
loader.conf(5) variable "loader_color", so such a request for no color will
not be completely honored as we reset to the default color scheme
unconditionally.

Approved by:	re (rgrimes)
2018-08-30 13:29:32 +00:00
Mark Johnston
f6a0fd4490 Document the cpu_microcode_* tunables.
Reviewed by:	bcr (previous version), kib
Approved by:	re (gjb)
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D16923
2018-08-28 17:14:46 +00:00
Andrew Turner
78da604641 Ensure we have a large enough stack for the lua loader
Lua has a few places where it allocates a large buffer on the stack. This
is normally fine, except there are a few places where there can be multiple
frames with this buffer. This can cause a stack overflow on some arm64 SoCs.

Fix this by allocating our own stack in loader.efi large enough for these
objects. The required size has been found by tracing how the stack pointer
changes in a virtual machine and found to be no larger than 50kB. A
larger stack is allocated to reduce the likelihood of overflow from future
changes.

Reviewed by:	kevans
Approved by:	re (kib)
Differential Revision:	https://reviews.freebsd.org/D16886
2018-08-27 11:14:49 +00:00
Kyle Evans
5dd1b8342c lualoader: Fix override of module_path on loader prompt
Earlier changes setup a config.module_path variable that was populated upon
reading of loader.conf(5) and used for restoring module_path to pristine
condition if multiple kernels are attempted. This broke the ability to
override module_path at the loader prompt in case of emergency.

Approved by:	re (rgrimes)
2018-08-25 04:28:02 +00:00
Kyle Evans
13eade284e stand: fdt: Drop some write-only assignments/variables and leaked bits
Generally straightforward enough; a copy of argv[1] was being made in
command_fdt_internal, solely used for a comparison within the
handler-search, then promptly leaked.

Reported by:	ports gcc and clang's static analyzer
2018-08-23 18:01:34 +00:00
Kyle Evans
1ee89ab5dd lualoader: Accept that people use unquoted values in loader.conf
While loader.conf(5) suggests that all values should be quoted, reality is
that this was never strictly enforced and it is used. We already make some
concession to this in number values, which aren't strictly quoted either.

The compromise here is that multi-word values must be quoted. This lets
things like `foo_load=YES` work, while denying more complex expressions on
the right hand side. This likely catches the vast majority of current usage.

A bit of a kludge is needed to accomplish this since Lua regex doesn't
support branching. I had considered splitting up expressions and generating
the right-hand side of the expressions completely in config.parse, but
deemed this too large of an overhaul to take given the current timing. This
should be re-worked shortly after the thaw.

Reported by:	royger
2018-08-23 17:27:02 +00:00
Kyle Evans
0d7bee6a2a lualoader: Fix (add) Xen support
lualoader was not respecting the 'xen_kernel' environment variable, which
hints to the interpreter that it should load a Xen kernel prior to loading
any other kernel that might be specified. If a Xen kernel is specified and
we fail to load it, we should not proceed to boot.

Reported by:	royger
Tested by:	royger
2018-08-23 16:26:03 +00:00
Kyle Evans
35437b1f16 efiloader: Setup FDT in autoload to fix overlays clobbering kenv
manu found in the noted PR that overlays seemed to be clobbering the kenv
and killing the boot. Further inspection revealed that one can `fdt ls` at
the loader prompt for a successful boot, but autoboot breaks it.

In the autoboot case, first setup of FDT is happening in the middle of
bi_load, which triggers loading of the DTBO from /boot.

This is bad, bad, bad. Files in the loader are loaded somewhere in the
middle of the address space one after another. bi_load starts building the
needed kernel bootinfo immediately after the highest-addr loaded file. File
loads in the middle of bi_load suddenly clobber bootinfo and everything goes
off the rails.

The solution to this is to use take advantage of arch_autoload to setup FDT
in efiloader compiled with LOADER_FDT_SUPPORT. This matches how it works in
ubldr land, and is how it should have worked when overlay support was added
to efiloader since fdt_setup_fdtp now has the potential to load files
(courtesy of fdt_platform_load_dtb).

PR:		230804
Discussed with:	imp
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D16858
2018-08-23 13:38:38 +00:00
Kyle Evans
98d0335366 fdt_fixups: relocate the /chosen node after applying fixups
As indicated by the comment, any fixups applied (which might include
overlays) can invalidate the previously located node by adding nodes or
setting/adding properties. The later fdt_setprop of fixup-applied property
would then fail because of the bad/wrong node offset.

This would have generally been harmless, but potentially caused multiple
applications of fixups and caused a little bit of bloat.

MFC after:	1 week
2018-08-23 01:22:13 +00:00
Kurt Lidl
cefee54838 Increase the size of the heap size available on sparc64 during
operation of "loader".  The dramatic increase in size of
SPA_MAXBLOCKSIZE in r304321 causes the heap space to be exhausted,
so malloc() fails, ultimately leading to a memcpy() with a
destination of 0x0.

MFC after:	3 days
2018-08-22 14:33:57 +00:00
Toomas Soome
45a3e13ca8 loader: bios loader should allow to chain load a file
The current chain command does accept only device, allow also a file to be used,
such as /boot/pmbr or /boot/mbr (or stored third party MBR/VBR block).

Also fix file descriptor leak.
2018-08-22 10:04:42 +00:00
Kyle Evans
9a16e110d0 lualoader: Fix loader.conf(5) EOL validation for 'exec' lines
This includes some light rework to simplify the line parsing, as well.  If
we hit a line match, we'll always either use the line and move on to the
next line, or we'll spew out malformed line errors.

We had multiple spots to output the error and set the status based on
whether we had a non-nil first capture group or failed EOL validation, but
it was always the same error.  Light rework entails a small label jump to
skip error handling and elimination of 'found' local.
2018-08-22 01:52:55 +00:00
Kyle Evans
058c692e15 lualoader: Refactor config line expressions
A couple of issues addressed:

1.) Modules with - in the name were not recognized as modules
2.) The module regex was repeated for each place a module name may appear
3.) The 'strip leading space' bits were repeated for each expression
4.) The trailing 'comment validation' stuff was repeated every expression

#4 still has some more work to be done. exec lines, for instance, don't
capture a 'value' -- there's only one capture pattern. This throws off the
'c' value that we match, so the trailing bits aren't *actually* being
validated. This isn't a new issue, though, so a future comit will address
this.
2018-08-21 23:42:20 +00:00
Kyle Evans
b83a355d70 lualoader: Just compare expression directly 2018-08-21 23:34:30 +00:00
Warner Losh
116c531459 Serial console menus for lua.
Remove a bunch of special cases for UEFI and serial consoles.  We do
want to do curses and menu things here. This makes us match what we do
in FORTH, with the possible exception of boxes around menus.

Differential Revision:  https://reviews.freebsd.org/D16816
2018-08-20 16:44:09 +00:00
Kyle Evans
b991b318d4 lualoader: Install all manpages
Now that a complete set is written, save for one describing loader.lua,
install all of them. This was not previously done as they were written to
hopefully avoid confusion as bits and pieces of the overall system were
undocumented.
2018-08-20 02:40:10 +00:00
Kyle Evans
75658c965c Add color.lua(8), password.lua(8), and screen.lua(8) 2018-08-20 02:37:24 +00:00