138 Commits

Author SHA1 Message Date
nwhitehorn
59b9a761ea Provide a shim layer in loader to condense the Open Firmware device tree to
an FDT. This is how Linux and OS X boot and can avoid some issues with
using Open Firmware at runtime. The code is highly experimental and disabled
by default; it can be turned on by setting the loader environment variable
"usefdt" to a non-NULL value.
2015-03-09 02:57:34 +00:00
bdrewery
b619f0c747 Revert r267233 for now. PIE support needs to be reworked.
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
   build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
   where it never would work anyhow, such as csu or loader. This suggests
   there may be better ways of adding support to the tree. Many of these
   cases can be fixed such that -fPIE will work but there is really no
   reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
   really building libraries but have been using bsd.prog.mk because the code
   is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
   been needed.

We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.

Reported by:	kib
2014-08-19 15:04:32 +00:00
marcel
42335f4752 Give loaders more control over the Forth initialization process. In
particular, allow loaders to define the name of the RC script the
interpreter needs to use. Use this new-found control to have the
PXE loader (when compiled with TFTP support and not NFS support)
read from ${bootfile}.4th, where ${bootfile} is the name of the
file fetched by the PXE firmware.

The normal startup process involves reading the following files:
1.  /boot/boot.4th
2.  /boot/loader.rc or alternatively /boot/boot.conf

When these come from a FreeBSD-defined file system, this is all
good. But when we boot over the network, subdirectories and fixed
file names are often painful to administrators and there's really
no way for them to change the behaviour of the loader.

Obtained from:	Juniper Networks, Inc.
2014-07-27 16:12:51 +00:00
bdrewery
989e2c6000 In preparation for ASLR [1] support add WITH_PIE to support building with -fPIE.
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.

Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]

Mark known build failures as NO_PIE for now.

The only known runtime failure was rtld.

[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by:		Shawn Webb <lattera@gmail.com>
Discussed between:	des@ and Shawn Webb [2]
2014-06-08 17:29:31 +00:00
imp
2118f42afd Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
imp
c39e6fc2c9 NO_MAN= has been deprecated in favor of MAN= for some time, go ahead
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
2014-04-13 05:21:56 +00:00
royger
b13d7383ff howto_names: unify declaration
Approved by: gibbs
Sponsored by: Citrix Systems R&D

boot/i386/efi/bootinfo.c:
boot/i386/libi386/bootinfo.c:
boot/ia64/common/bootinfo.c:
boot/powerpc/ofw/metadata.c:
boot/powerpc/ps3/metadata.c:
boot/sparc64/loader/metadata.c:
boot/uboot/common/metadata.c:
boot/userboot/userboot/bootinfo.c:
i386/xen/xen_machdep.c:
 - Include sys/boot.h
 - Remove custom definition of howto_names.

sys/boot.h:
 - Define howto_names.

x86/xen/pv.c:
 - Include sys/boot.h
2014-03-11 10:13:06 +00:00
dim
4abdabbce7 For now, clang spells -mcmodel=medlow as -mcmodel=small. 2014-02-21 21:51:19 +00:00
marius
6bae06c63f - The method introduced as part of r234898 for not altering the boot path
when booting from ZFS turned out to also cause the boot path not being
  adjusted if booting from CD-ROM with firmware versions that do not employ
  the "cdrom" alias in that case. So shuffle the code around instead in order
  to achieve the original intent. Ideally, we shouldn't fiddle with the boot
  path when booting from UFS on a disk either; unfortunately, there doesn't
  seem to be an universal way of telling disks and CD-ROMs apart, though. [1]
- Use NULL instead of 0 for pointers.

PR:		179289
MFC after:	1 week
2013-06-09 23:50:30 +00:00
avg
51fe15e297 zfs/sparc64 boot: fix booting after r242230
arch_zfs_probe method is supposed to only probe for ZFS vdevs, but it can
not expect that ZFS data is in a ready state yet.
So, move some code from sparc64_zfs_probe to main to meet the constraints.

Reported by:	Chris Ross <cross+freebsd@distal.com>
Tested by:	Chris Ross <cross+freebsd@distal.com>
MFC after:	4 days
2013-01-20 19:55:49 +00:00
marius
cfc83fc6d6 Restore pre-r234898 printing of boot loader and path.
MFC after:	3 days
2012-12-16 20:43:29 +00:00
marius
4e78de3f1a Fix build after r243245.
Submitted by:	trasz
2012-11-19 19:31:54 +00:00
dteske
4f8fc97af9 Hook in new files menusets.4th and manual.
Approved by:	adrian (co-mentor) (implicit)
2012-11-07 02:14:03 +00:00
ae
3e78c7c382 Slightly reduce an overhead for the open() call in the zfsloader.
libstand(3) tries to detect file system in the predefined order,
but zfsloader usually is used for the booting from ZFS, and there is
no need to try detect several file system types for each open() call.
2012-09-11 04:54:44 +00:00
marius
ee6fcc0784 Pull the tier-2 card and change the sparc64 ZFS loader to no longer probe
all diskN aliases for providers (which more or less corresponds to how the
x86 version behaves) but instead probe only those listed in the boot-device
OFW environment variable. This has the following advantages:
- avoids otherwise unavoidable OFW warnings about failures to open disks
  for which aliases exist but no actual hardware is connected
- avoids issues due to different diskN naming schemes
- aligns us with Solaris

MFC after:	3 days
2012-07-27 18:23:11 +00:00
marius
569112bb5f The loaddev environment variable is not modifiable once set, so it is not
update for ZFS. It seems that this does not really affect anything except
the help command. Nevertheless, rearrange things so loaddev is set only
once in all cases in order to get it right.
Pointed out by: avg

MFC after:	r235364
2012-06-04 20:56:40 +00:00
gleb
2dc26af444 Use 32-bit ufs_ino_t instead of ino_t to keep boot2 small and prevent
unnecessary 64-bit math on 32-bit machines.

Sponsored by:	Google Summer of Code 2011
2012-05-25 09:36:39 +00:00
avg
5a967fbfcc sparc64/zfs boot: take advantage of new libzfsboot capabilities
Also drop the now unneeded compatibility shims.

Tested by:	marius
MFC after:	1 month
2012-05-12 20:27:33 +00:00
avg
a1cf7817fd zfsboot/zfsloader: support accessing filesystems within a pool
In zfs loader zfs device name format now is "zfs:pool/fs",
fully qualified file path is "zfs:pool/fs:/path/to/file"
loader allows accessing files from various pools and filesystems as well
as changing currdev to a different pool/filesystem.

zfsboot accepts kernel/loader name in a format pool:fs:path/to/file or,
as before, pool:path/to/file; in the latter case a default filesystem
is used (pool root or bootfs).  zfsboot passes guids of the selected
pool and dataset to zfsloader to be used as its defaults.

zfs support should be architecture independent and is provided
in a separate library, but architectures wishing to use this zfs support
still have to provide some glue code and their devdesc should be
compatible with zfs_devdesc.
arch_zfs_probe method is used to discover all disk devices that may
be part of ZFS pool(s).

libi386 unconditionally includes zfs support, but some zfs-specific
functions are stubbed out as weak symbols.  The strong definitions
are provided in libzfsboot.
This change mean that the size of i386_devspec becomes larger
to match zfs_devspec.

Backward-compatibility shims are provided for recently added sparc64
zfs boot support.  Currently that architecture still works the old
way and does not support the new features.

TODO:
- clear up pool root filesystem vs pool bootfs filesystem distinction
- update sparc64 support
- set vfs.root.mountfrom based on currdev (for zfs)

Mid-future TODO:
- loader sub-menu for selecting alternative boot environment

Distant future TODO:
- support accessing snapshots, using a snapshot as readonly root

Reviewed by:	marius (sparc64),
		Gavin Mu <gavin.mu@gmail.com> (sparc64)
Tested by:	Florian Wagner <florian@wagner-flo.net> (x86),
		marius (sparc64)
No objections:	fs@, hackers@
MFC after:	1 month
2012-05-12 09:03:30 +00:00
marius
25b8009240 Use a non-tricky approach for building and installing zfsboot sharing
the Makefile with boot1.

Submitted by:	ru
2012-05-09 19:08:54 +00:00
avg
c4c31a507d sys/boot: add common CTASSERT definition 2012-05-09 07:55:42 +00:00
marius
c79645eb6d Add initial support for booting from ZFS on sparc64. At least on Sun Fire
V100, the firmware is known to be broken and not allowing to simultaneously
open disk devices, causing attempts to boot from a mirror or RAIDZ to cause
a crash. This will be worked around later. The firmwares of newer sun4u models
don't seem to exhibit this problem though.

Steps for ZFS booting:

1. create VTOC8 label
# gpart create -s vtoc8 da0

2. add partitions, f.e.:
# gpart add -t freebsd-zfs -s 60g da0
# gpart add -t freebsd-swap da0
resulting in something like:
# gpart show
=>        0  143331930  da0  VTOC8  (68G)
          0  125821080    1  freebsd-zfs  (60G)
  125821080   17510850    2  freebsd-swap  (8.4G)

3. create zpool
# zpool create bunker da0a
or for mirror/RAIDZ (after preparing additional disks as in steps 1. + 2.):
# zpool create bunker mirror da0a da1a
# zpool create bunker raidz da0a da1a da2a ...

4. set bootfs
# zpool set bootfs=bunker bunker

5. install zfsboot
# zpool export bunker
# gpart bootcode -p /boot/zfsboot da0

6. write zfsloader to the ZFS Boot Block (so far, there's no dedicated tool
for this, so dd(1) has to be used for this purpose)
When using mirror/RAIDZ, step 4. and the dd(1) invocation should be repeated
for the additional disks in order to be able to boot from another disk in
case of failure.
# sysctl kern.geom.debugflags=0x10
# dd if=/boot/zfsloader of=/dev/da0a bs=512 oseek=1024 conv=notrunc
# zpool import bunker

7. install system on ZFS filesystem
Don't forget to set 'zfs_load="YES"' and vfs.root.mountfrom="zfs:bunker" in
loader.conf as well as 'zfs_enable="YES"'in rc.conf.

8. copy zpool.cache to the ZFS filesystem
cp -p /boot/zfs/zpool.cache /bunker/boot/zfs/zpool.cache

9. set mountpoint
# zfs set mountpoint=/ bunker

10. Now, given that aliases for all disks in the zpool exists (check with
the `devalias` command on the boot monitor prompt) and disk0 corresponds
to da0 (likewise for additional disks), the system can be booted from the
ZFS with:
{1} ok boot disk0

PR:             165025
Submitted by:   Gavin Mu
2012-05-01 17:16:01 +00:00
marius
0ac9f41881 Add a command for showing the heap usage.
PR:		165025
Submitted by:	Gavin Mu
MFC after:	1 week
2012-05-01 16:38:33 +00:00
marius
100c1f73e9 - For Cheetah- and Zeus-class CPUs don't flush all unlocked entries from
the TLBs in order to get rid of the user mappings but instead traverse
  them an flush only the latter like we also do for the Spitfire-class.
  Also flushing the unlocked kernel entries can cause instant faults which
  when called from within cpu_switch() are handled with the scheduler lock
  held which in turn can cause timeouts on the acquisition of the lock by
  other CPUs. This was easily seen with a 16-core V890 but occasionally
  also happened with 2-way machines.
  While at it, move the SPARC64-V support code entirely to zeus.c. This
  causes a little bit of duplication but is less confusing than partially
  using Cheetah-class bits for these.
- For SPARC64-V ensure that 4-Mbyte page entries are stored in the 1024-
  entry, 2-way set associative TLB.
- In {d,i}tlb_get_data_sun4u() turn off the interrupts in order to ensure
  that ASI_{D,I}TLB_DATA_ACCESS_REG actually are read twice back-to-back.

Tested by:      Peter Jeremy (16-core US-IV), Michael Moll (2-way SPARC64-V)
2011-07-02 11:14:54 +00:00
julian
1d72c8b97a Include forgotten framework changes to get some of the new menu files installed correctly on non x86/amd systems.
pointy-hut to  devin
2011-05-30 04:23:33 +00:00
julian
36cd7cef5e New boot loader menus from Devin Teske.
Discussed on hackers and recommended for inclusion into 9.0 at the devsummit.
All support email to devin   dteske at vicor dot ignoreme dot com .

Submitted by:	dteske at vicor dot ignoreme dot com
Reviewed by:	me and many others
2011-05-28 08:50:38 +00:00
attilio
96139278ce Disconnect sun4v architecture from the three.
Some files keep the SUN4V tags as a code reference, for the future,
if any rewamped sun4v support wants to be added again.

Reviewed by:	marius
Tested by:	sbruno
Approved by:	re
2011-05-14 01:53:38 +00:00
marcel
0e834fdaf3 Revert rev 165325. The arch_maphint interface hasn't been in use for
more than 4 years.
2011-04-03 05:09:25 +00:00
marius
430f89aef8 Partially revert r203829; as it turns out what the PowerPC OFW loader did
was incorrect as further down the road cons_probe() calls malloc() so the
former can't be called before init_heap() has succeed. Instead just exit
to the firmware in case init_heap() fails like OF_init() does when hitting
a problem as we're then likely running in a very broken environment where
hardly anything can be trusted to work.
2010-10-29 20:42:02 +00:00
marius
a6703db12b Merge from powerpc:
- Change putc_func_t to use a char instead of an int for the character.
- Make functions and variables not used outside of this source file static.
- Remove unused prototypes and variables.
- The OFW read and seek methods take 3 and not 4 input arguments.
2010-09-16 12:05:00 +00:00
ed
294b044a4b Use -Wl,-N instead of the undocumented -N option for GCC.
GCC forwards the -N flag directly to ld. This flag is not documented and
not supported by (for example) Clang. Just use -Wl,-N.

Submitted by:	Pawel Worach
2010-06-03 17:42:32 +00:00
marius
630328c1b5 Add support for SPARC64 V (and where it already makes sense for other
HAL/Fujitsu) CPUs. For the most part this consists of fleshing out the
MMU and cache handling, it doesn't add pmap optimizations possible with
these CPU, yet, though.
With these changes FreeBSD runs stable on Fujitsu Siemens PRIMEPOWER 250
and likely also other models based on SPARC64 V like 450, 650 and 850.
Thanks go to Michael Moll for providing access to a PRIMEPOWER 250.
2010-05-02 19:38:17 +00:00
marius
27efbf647d Some machines can not only consist of CPUs running at different speeds
but also of different types, f.e. Sun Fire V890 can be equipped with a
mix of UltraSPARC IV and IV+ CPUs, requiring different MMU initialization
and different workarounds for model specific errata. Therefore move the
CPU implementation number from a global variable to the per-CPU data.
Functions which are called before the latter is available are passed the
implementation number as a parameter now.
2010-02-20 23:24:19 +00:00
marius
1f07dfb1de Correct the panic strings introduced in r203830 to match their arguments. 2010-02-13 15:12:46 +00:00
marius
867b356aaa Use the SUNW,{d,i}tlb-load methods for entering locked TLB entries like
OpenBSD and OpenSolaris do instead of fiddling with the MMUs ourselves.
Unlike direct access the firmware methods don't automatically use the
next free (?) TLB slot, instead the slot to be used has to be specified.
We allocate the TLB slots for the kernel top-down as OpenSolaris suggests
that the firmware will always allocate the ones for its own use bottom-up.
Besides being simpler, according to OpenBSD using the firmware methods is
required to allow booting on Sun Fire E10K with multi-systemboard domains.
2010-02-13 14:40:42 +00:00
marius
a9f745a780 - Assert that HEAPSZ is a multiple of PAGE_SIZE as at least the firmware
of Sun Fire V1280 doesn't round up the size itself but instead lets
  claiming of non page-sized amounts of memory fail.
- Change parameters and variables related to the TLB slots to unsigned
  which is more appropriate.
- Search the whole OFW device tree instead of only the children of the
  root nexus device for the BSP as starting with UltraSPARC IV the 'cpu'
  nodes hang off of from 'cmp' (chip multi-threading processor) or 'core'
  or combinations thereof. Also in large UltraSPARC III based machines
  the 'cpu' nodes hang off of 'ssm' (scalable shared memory) nodes which
  group snooping-coherency domains together instead of directly from the
  nexus.
- Add support for UltraSPARC IV and IV+ BSPs. Due to the fact that these
  are multi-core each CPU has two Fireplane config registers and thus the
  module/target ID has to be determined differently so the one specific
  to a certain core is used. Similarly, starting with UltraSPARC IV the
  individual cores use a different property in the OFW device tree to
  indicate the CPU/core ID as it no longer is in coincidence with the
  shared slot/socket ID.
  While at it additionally distinguish between CPUs with Fireplane and
  JBus interconnects as these also use slightly different sizes for the
  JBus/agent/module/target IDs.
- Check the return value of init_heap(). This requires moving it after
  cons_probe() so we can panic when appropriate. This should be fine as
  the PowerPC OFW loader uses that order for quite some time now.
2010-02-13 14:13:39 +00:00
marius
74871d34a1 - Add code allowing a network device to only be open and closed once
by keeping it opened after the first open and closing it via the
  cleanup handler when NETIF_OPEN_CLOSE_ONCE is defined in order to
  avoid the open-close-dance on every file access which with firmware
  that for example performs an auto-negotiation on every open causes
  netbooting to take horribly long. Basically the behavior with this
  knob enabled resembles the one employed between r60506 and r177108
  (and for sparc64 also again since r182919) with the addition that
  the network device now is closed eventually before entering the
  kernel and before rebooting. Actually I think this should be the
  desired MI behavior, however the U-Boot loader actually requires
  net_close() to be called after every transaction in order for some
  local shutdown operations to be performed (and which I think thus
  will break on concurrent opens, i.e. when netdev_opens is > 1, like
  the loader does at least for disks when LOADER_GZIP_SUPPORT is
  enabled).
- Use NETIF_OPEN_CLOSE_ONCE to replace the hack, which artificially
  increased netdev_opens for sparc64 in order to keep the network
  device opened forever, as at least some firmware versions require
  the network device to be closed eventually before entering the
  kernel or otherwise will DMA received packets to stale memory.
  The powerpc OFW loader probably wants NETIF_OPEN_CLOSE_ONCE to be
  set as well for the same reasons.
2010-01-09 21:23:39 +00:00
marius
77111865f4 Execute the cleanup handlers before jumping to the kernel just
like the other architectures do.
2009-12-24 15:23:51 +00:00
marius
d91f9c5793 Revert r183628 as with the current ata(4) ATAPI DMA with AcerLabs
M5229 appears to be once again fixed. If this happens to return
we probably should disable ATAPI DMA in ataacerlabs(4) instead
just like the Linux libATA does.
2009-12-24 15:14:35 +00:00
marius
93da89bedb Fix masking of TTE bits; the TD_*_MASK macros need shifting via the
corresponding TD_*_SHIFT.

MFC after:	3 days
2009-04-14 19:02:34 +00:00
marius
e3bf6fb1d2 Fix whitespace. 2009-04-13 19:43:37 +00:00
ru
21f7074ade Fix build when WITH_SSP is set explicitly.
Submitted by:	Jeremie Le Hen
2009-02-21 15:04:31 +00:00
marius
9618354cad - Use the generally more appropriate PROM base rather than the
kernel one as the non-faulting flush address in the loader so
  we can can change KERNBASE and VM_MIN_KERNEL_ADDRESS if we
  ever want to without needing to worry about using a compatible
  loader.
- Correctly check for LOADER_DEBUG.
- Add a missing const for page_sizes[].
2009-02-10 21:48:42 +00:00
marius
7b4d5cb9c8 Disable ATAPI DMA as it's once again broken in that it causes data
corruption with the on-board AcerLabs M5229 controllers. While at
it, remove the pointless "nothing to autoload yet." message.

MFC after:	3 days
2008-10-05 14:00:44 +00:00
marius
5f92bd8a23 Work around Cheetah+ erratum 34 (USIII+ erratum #10) by relocating
the locked entry in it16 slot 0, which typically is occupied by the
PROM, and manually entering locked entries in slots != 0.

Thanks to Hubert Feyrer for donating the Blade 2000 this change was
developed on.
2008-09-10 20:07:08 +00:00
marius
45e57c6bd2 USIII and beyond CPUs have stricter requirements when it comes
to synchronization needed after stores to internal ASIs in order
to make side-effects visible. This mainly requires the MEMBAR #Sync
after such stores to be replaced with a FLUSH. We use KERNBASE as
the address to FLUSH as it is guaranteed to not trap. Actually,
the USII synchronization rules also already require a FLUSH in
pretty much all of the cases changed.
We're also hitting an additional USIII synchronization rule which
requires stores to AA_IMMU_SFSR to be immediately followed by a DONE,
FLUSH or RETRY. Doing so triggers a RED state exception though so
leave the MEMBAR #Sync. Linux apparently also has gotten away with
doing the same for quite some time now, apart from the fact that
it's not clear to me why we need to clear the valid bit from the
SFSR in the first place.

Reviewed by:	nwhitehorn
2008-09-08 20:38:48 +00:00
marius
f8a9831413 Ensure interrupts are off while in {d,i}tlb_va_to_pa_sun4u().
I think this is necessary in order to make sure the workarounds
in {d,i}tlb_get_data_sun4u() work correctly.
2008-09-04 19:41:54 +00:00
marius
15fcbd3b7f - Read ASI_{D,I}TLB_DATA_ACCESS_REG twice in order to work around
errata of USIII and beyond (USIII erratum #19, USIII+ erratum #1,
  USIIIi erratum #1).
- Use the cheetah PA mask in {d,i}tlb_va_to_pa_sun4u() for USIII
  and beyond. This is done so that these functions will still mask
  the debug bits of spitfire-class CPUs once we increase TD_PA_BITS
  to match the number of bits used for the PA by cheetah-class CPUs.
- Change {d,i}tlb_enter_sun4u() to also set TLB_CTX_KERNEL as the
  context of the mappings entered. This is more or less cosmetic as
  TLB_CTX_KERNEL is 0.
- Now that we have to distinguish between different sun4u CPUs in
  the loader anyway, no longer do trial and error when reading the
  portid property.
2008-08-30 16:03:22 +00:00
marius
b09c8c9fe7 cosmetic changes and style fixes 2008-08-22 20:28:19 +00:00
marius
d335d6871a - Reimplement {d,i}tlb_enter() and {d,i}tlb_va_to_pa() in C. There's
no particular reason for them to be implemented in assembler and
  having them in C allows easier extension as well as using more C
  macros and {d,i}tlb_slot_max rather than hard-coding magic (and
  actually spitfire-only) values.
- Fix the compilation of pmap_print_tte().
- Change pmap_print_tlb() to use ldxa() rather than re-rolling it
  inline as well as TLB_DAR_SLOT and {d,i}tlb_slot_max rather than
  hardcoding magic (and actually spitfire-only) values.
- While at it, suffix the above mentioned functions with "_sun4u" to
  underline they're architecture-specific.
- Use __FBSDID and macros instead of magic values in locore.S.
- Remove unused includes and smp_stack in locore.S.
2008-08-07 22:46:25 +00:00