876 Commits

Author SHA1 Message Date
Toomas Soome
295586e818 i386_parsedev() needs to support fd devices
MFC after:	2 weeks
2019-01-02 20:31:15 +00:00
Toomas Soome
46aedfa274 Add Copyright.
Reported by:	Rodney W. Grimes
2018-12-30 15:34:12 +00:00
Toomas Soome
75772fa26e loader: create bio_alloc and bio_free for bios bounce buffer
We do have 16KB buffer space defined in pxe.c, move it to bio.c and implement
bio_alloc()/bio_free() interface to make it possible to use this space for
other BIOS calls (notably, from biosdisk.c).

MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D17131
2018-12-30 09:35:47 +00:00
Rebecca Cran
d5cee48f3e Wait a maximum of 300 seconds for network send/recv in libsa
The reason for this change is that currently, a send/recv
takes many hours to time out.
This is suboptimal in the bootloader because it means for example
that NFS will take hours to fail before allowing subsequent access
methods such as gzip to be tried.

Setting MAXWAIT to 300 seconds (5 minutes) still allows slow
connections of 1Mb to be used to download a 30MB kernel file.

Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D18544
2018-12-20 19:27:46 +00:00
Toomas Soome
4f22b40a32 loader: zfs reader should not probe partitionless disks (UEFI case)
With r342151 I did fix the BIOS version of zfs_probe_dev() from accessing
the whole disk, but the fix was not complete - we actually did not check
if the device name was really for whole disk. Since UEFI version
is only calling the zfs_probe_dev() with partitions and not with whole
disk, the UEFI loader was not able to find the zfs pools.

This update does correct the issue by calling archsw.arch_getdev() to
translate the device name back to dev_desc, and we have whole disk when both
partition and slice values are -1.

Reported by:	alvisen_gmail.com
Differential Revision:	https://reviews.freebsd.org/D18558
2018-12-17 07:43:29 +00:00
Toomas Soome
1309bed839 loader: zfs reader should not probe partitionless disks
First of all, normal setups can not boot such pools as the tools
do not support installing boot programs.

Secondly, for proper pool configuration detection, we need to checks all
four label copies on disk, 2 from front and 2 from the end of the disk,
but zfs label does not contain the size of the disk - so we depend on
firmware to report the correct disk size or use information from the
partition table.

Without partition table, we only can rely on firmware to report and support
disk IO properly.

There is a specific case: 8TB disks are reported by BIOS to have 4294967295
sectors (0x00000000ffffffff), the sectors reported by OS is 15628053168
(0x00000003a3812ab0), so the reported size is less than actual but is hitting
32-bit max. Unfortuantely the real limit must be even lower because probing
this disk in this system will wnd up with hung system.

UEFI boot of this system seems not to be affected.

Reviewed by:	imp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D18558
2018-12-16 08:58:14 +00:00
Rebecca Cran
122229de87 Cast error message in efi_main.c to CHAR16* to avoid build error 2018-12-13 23:49:20 +00:00
Rebecca Cran
974df0a915 Print an error message in efi_main.c if we can't allocate memory for the heap
With the default Qemu parameters, only 128MB RAM gets given to a VM. This causes
the loader to be unable to allocate the 64MB it needs for the heap. This change
makes the cause of the error more obvious.

Differential Revision:	https://reviews.freebsd.org/D17958
2018-12-13 23:20:58 +00:00
Justin Hibbits
9471caaba7 powerpc/ubldr: Teach powerpc's ubldr to boot 64-bit kernels
This is just a copy of powerpc/ofw's ppc64_elf_freebsd.c modified to fit
ubldr's boot format.

MFC after:	1 week
2018-12-10 01:52:39 +00:00
Ian Lepore
9631ae8267 Don't reference zfs-specific variables if LOADER_ZFS_SUPPORT is undefined
because the variables will be undefined too.

Reported by:	sjg@
Pointy hat:	ian@
2018-12-06 20:28:09 +00:00
Kirk McKusick
fb14e73cb4 Normally when an attempt is made to mount a UFS/FFS filesystem whose
superblock has a check-hash error, an error message noting the
superblock check-hash failure is printed and the mount fails. The
administrator then runs fsck to repair the filesystem and when
successful, the filesystem can once again be mounted.

This approach fails if the filesystem in question is a root filesystem
from which you are trying to boot. Here, the loader fails when trying
to access the filesystem to get the kernel to boot. So it is necessary
to allow the loader to ignore the superblock check-hash error and make
a best effort to read the kernel. The filesystem may be suffiently
corrupted that the read attempt fails, but there is no harm in trying
since the loader makes no attempt to write to the filesystem.

Once the kernel is loaded and starts to run, it attempts to mount its
root filesystem. Once again, failure means that it breaks to its prompt
to ask where to get its root filesystem. Unless you have an alternate
root filesystem, you are stuck.

Since the root filesystem is initially mounted read-only, it is
safe to make an attempt to mount the root filesystem with the failed
superblock check-hash. Thus, when asked to mount a root filesystem
with a failed superblock check-hash, the kernel prints a warning
message that the root filesystem superblock check-hash needs repair,
but notes that it is ignoring the error and proceeding. It does
mark the filesystem as needing an fsck which prevents it from being
enabled for writing until fsck has been run on it. The net effect
is that the reboot fails to single user, but at least at that point
the administrator has the tools at hand to fix the problem.

Reported by:    Rick Macklem (rmacklem@)
Discussed with: Warner Losh (imp@)
Sponsored by:   Netflix
2018-12-06 00:09:39 +00:00
Ian Lepore
7297dc4441 Fix args cross-threading between gptboot(8) and loader(8) with zfs support.
When loader(8) is built with zfs support enabled, it assumes that any extarg
data present is a zfs_boot_args struct, but if the first-stage loader was
gptboot(8) the extarg data is actually a geli_boot_args struct.  Luckily,
zfsboot(8) and gptzfsboot(8) have always passed KARGS_FLAGS_ZFS along with
KARGS_FLAGS_EXTARG, so we can use KARGS_FLAGS_ZFS to decide whether the
extarg data is a zfs_boot_args struct.

To avoid similar problems in the future, gptboot(8) now passes a new
KARGS_FLAGS_GELI to indicate that extarg data is geli_boot_args.  In
loader(8), if the neither KARGS_FLAGS_ZFS nor KARGS_FLAGS_GELI is set but
extarg data is present (which will be the case for gptboot compiled before
this change), we now check for the known size of the geli_boot_args struct
passed by the older versions of gptboot as a way of confirming what type of
extarg data is present.

In a semi-related tidying up, since loader's main() has already decided
what type of extarg data is present and set the global 'zargs' var
accordingly, don't repeat the check in extract_currdev, just check whether
zargs is NULL or not.

X-MFC after:	a few days, along with prior related changes.
2018-12-04 16:43:50 +00:00
Ed Maste
f7eb23ee34 stand/i386: rename .s to .S to use Clang IAS
As part of the migration away from obsolete binutils we want to retire
GNU as.  Most assembly files used on amd64 have a .S extension and
(via rules in share/mk/bsd.suffixes.mk) are assembled with Clang's
Integrated Assembler (IAS).  Rename files in stand/i386 to .S to use
the integrated assembler.

Clang's IAS supports the defsym option (via -Wa,) but only with one
dash, not two.  As both -defsym and --defsym are accepted by GNU as,
use the former.

PR:		233611
Reviewed by:	tsoome
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D18369
2018-12-03 19:16:34 +00:00
Warner Losh
991699dbba Move inclusion of src.opts.mk later.
src.opts.mk includes bsd.own.mk. This in turn defines CTFCONVERT_CMD
depending on the MK_CTF value. We then set MK_CTF to no, which has no
real effect. The solution is to set all the MK_foo values before
including src.opts.mk.

This should stop the cdboot binary from exploding in size for releases
built WITH_CTF=yes in src.conf.

Sponsored by: Netflix
2018-12-03 17:51:10 +00:00
Ian Lepore
df108aafe9 Eliminate duplicated code and struct member definitions in the handoff
of args data between gptboot/zfsboot and loader(8).

Despite what seems like a lot of changes here, there are no actual
changes in behavior, or in the data layout in the structures involved.
This is just eliminating identical code pasted into multiple locations.

In detail, the changes are...

- Move struct zfs_boot_args definition from libsa/zfs/libzfs.h to
  i386/common/bootargs.h because it is specific to x86 booting and the
  handoff between zfsboot and loader, and has no relation to the zfs
  library code in general.

- The geli_boot_args and zfs_boot_args structs both contain an identical
  set of member variables containing geli information.  Extract this out
  to a new geli_boot_data struct, and embed it in the arg-passing structs.

- Provide new routines geli_import_boot_data() and geli_export_boot_data()
  that can be shared between gptboot, zfsboot, and loader instead of
  pasting identical code into several different .c files.

- Remove some checks for a NULL pointer that can never be true because the
  pointer being tested was set using pointer math (kargs + 1) and that can
  never result in NULL in this code.
2018-12-03 03:58:30 +00:00
Justin Hibbits
781dc30c1b ubldr: Force 'usefdt' variable to 1 for powerpc
The fdt is gated, on powerpc, with a 'usefdt' environment variable.  Force
enable it in ubldr, so that the fdt is passed through the metadata.
2018-12-02 02:20:35 +00:00
Toomas Soome
fb0df66629 loader.efi: fix EFI getchar() for multiple consoles
This fix is ported from illumos (issue #9970), the analysis and initial
implementation was done by John Levon.

See also: https://www.illumos.org/issues/9970

Currently, efi_cons_getchar() will wait for a key. While this seems to make
sense, the implementation of getchar() in common/console.c will loop across
getchar() for all consoles without doing ischar() first.

This means that if we've configured multiple consoles, we can't input into
the serial, as getchar() will be sat waiting for input only from efi_console.c

This patch does implement a bit more generic key buffer to support
translation of input keys, and we use generic efi_readkey() to reduce
duplication from calls from getchar() and poll().
2018-11-30 08:42:14 +00:00
Toomas Soome
cdff10360e loader: create separate lists for fd, cd and hd, merge bioscd with biosdisk
Create unified block IO implementation in BIOS version, like it is done in UEFI
side. Implement fd, disk and cd device lists, this will split floppy devices
from disks and will allow us to have consistent, predictable device naming
(modulo BIOS issues).

Differential Revision:	https://reviews.freebsd.org/D17888
2018-11-30 08:01:11 +00:00
Maxim Sobolev
d92fb78458 When handling CMD_CRIT error set command_errmsg to NULL after we dump it out,
so that it does not result in error message printed twice.

OK load doodoo
can't find 'doodoo'
can't find 'doodoo'
OK

MFC after:	2 weeks
2018-11-30 02:14:41 +00:00
Maxim Sobolev
55d5c94943 The libstand's panic() appends its own '\n' to the message, so that users of the API
don't need to supply one.

MFC after:	2 weeks
2018-11-29 18:37:48 +00:00
Toomas Soome
13dcff6bd8 loader: command_bcache() should print unsigned values
All bcache counters are unsigned.
2018-11-29 14:21:01 +00:00
Ian Lepore
b92c2c907e Add comments describing the bootargs handoff between loader(8) and gptboot
or zfsboot, when loader(8) is the BTX loader.  No functional changes.
2018-11-28 18:09:42 +00:00
Justin Hibbits
89797c881d powerpcspe: Don't crash the loader on ubldr with SPE instructions.
-msoft-float seems to be insufficient for disabling the SPE on powerpcspe.
Force it off with -mno-spe as well.  This prevents a crash in ubldr on
powerpcspe.
2018-11-28 01:47:01 +00:00
Ian Lepore
52c0ec1455 Restore the ability to override the disk unit/partition at the boot: prompt
in gptboot.

When arch-independent geli support was added, a new static 'gdsk' struct
was added, but there was still a static 'dsk' struct, and when you typed
in an alternate disk/partition, the string was parsed into that struct,
which was then never used for anything.  Now the string gets parsed into
gdsk.dsk, the struct that's actually used.

X-MFC after:	3 days
2018-11-27 16:16:38 +00:00
Guangyuan Yang
71cf0a4e29 Bump the date of pxeboot(8) manual page for r340917.
PR:		123484
MFC after:	5 days
2018-11-27 08:51:15 +00:00
Ed Maste
4f7c9c3e4e stand/i386/libi386: rename .s file to .S to use Clang IAS
As part of the migration away from obsolete binutils we want to retire
GNU as.  Most assembly files used on amd64 have a .S extension and are
assembled with Clang's Integrated Assembler (IAS); rename pxetram.s to
.S to use IAS as well.

The generated .text is identical (the entire .o file is not, as Clang
adds debug info.)

PR:		205250, 233094
Sponsored by:	The FreeBSD Foundation
2018-11-26 19:29:18 +00:00
Ed Maste
e5b8bced3f btx: rename .s files to .S to use Clang IAS
As part of the migration away from obsolete binutils we want to retire
GNU as.  Most assembly files used on amd64 have a .S extension and are
assembled with Clang's integrated assembler; rename two files in
stand/i386/btx/lib to .S to use IAS as well.

The generated .text is identical (the entire .o files are not, as Clang
adds debug info).

PR:		205250, 233094
Discussed with:	imp
Sponsored by:	The FreeBSD Foundation
2018-11-26 19:14:33 +00:00
Guangyuan Yang
2dfc267231 Update pxeboot(8) manual page to reflect the next-server change in the ISC DHCP v3 server.
PR:		123484
Submitted by:	edwin@mavetju.org
Reviewed by:	AllanJude
MFC after:	1 week
2018-11-25 09:37:57 +00:00
Maxim Sobolev
6c81fe160c Nuke out buffer overflow safety marker code, it duplicates similar code in
the malloc()/free() as well as having potential of softening the handling
in case error is detected down to a mere warning as compared to hard panic
in free().

Submitted by:	tsoome
Differential Revision:	https://reviews.freebsd.org/D18299
2018-11-23 22:36:56 +00:00
Ed Maste
76b6af6731 Disable build-id in i386 binary boot components
A user may enable build-id for all builds by adding
LDFLAGS=-Wl,--build-id=sha1 to /etc/make.conf.  In this case the build-id
note ends added up to mbr and pmbr's .text, which makes it too large (it
ends up being 532 bytes). To avoid this explicitly turn off build-id for
these components.

Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D15470
2018-11-23 13:50:18 +00:00
Ed Maste
02c4bf4391 stand: remove CLANG_NO_IAS from btx and gptboot
Many components under stand/ had CLANG_NO_IAS added when Clang's
Integrated Assembler (IAS) did not handle .codeNN directives.  Clang
gained support quite some time ago, and we can now build stand/ with
IAS.

Note that in some cases there are small differences in the generated
output, so CLANG_NO_IAS should be removed only after testing (or after
finding no differences in the output).

PR:		205250, 233094
Sponsored by:	The FreeBSD Foundation
2018-11-20 16:54:42 +00:00
Toomas Soome
a3fd276be0 loader: ptable_open() check for ptable_cd9660read result is wrong
The ptable_*read() functions return NULL on read errors (and partition table
closed as an side effect). The ptable_open must check the return value and
act properly.

PR:		232483
Reported by:	lev
Reviewed by:	lev,cem
Differential Revision:	https://reviews.freebsd.org/D17890
2018-11-07 21:36:52 +00:00
Toomas Soome
53e3fbee09 loader: always set media size from partition.
The disk access is validated by using partition table definitions, therefore
we have no need for if statements, just set the disk size.

Of course the partition table itself may be incorrect/inconsistent, but if
so, we are in trouble anyhow.

Differential Revision:	https://reviews.freebsd.org/D17822
2018-11-07 11:14:22 +00:00
Kyle Evans
bdf12807be lualoader: Add chainload menu entry
MFC after:	4 days
2018-11-05 16:20:07 +00:00
Toomas Soome
0d0ffe4faa loader: biosdisk should check if the media is present
The bd_print/bd_open/bd_strategy need to make sure the device does have
media, before getting into performing IO operations. Some systems can
hung if the device without a media is accessed.

Reported by:	yuripv
2018-11-02 11:41:58 +00:00
Toomas Soome
c50609fc32 loader: do not probe floppy devices for zfs
The subject is telling it all.
2018-11-02 09:47:18 +00:00
Kyle Evans
83f7a74cda lualoader: Implement boot-conf
MFC after:	3 days
2018-11-02 03:25:23 +00:00
Toomas Soome
3c3779dc20 libsa: cstyle cleanup tftp.c
No functinal changes intended.
2018-11-01 22:13:18 +00:00
Toomas Soome
c658866914 libsa: tftp should use calloc
instead of malloc() memset(), use calloc().
2018-11-01 13:29:55 +00:00
Toomas Soome
f442898fe7 libsa: tftp should not read past file end
When we have the file size via tsize option, use it to make sure we
will not attempt to read past file end.
2018-11-01 13:12:05 +00:00
Gleb Smirnoff
9319dded3d Remove unnecessary include from libstand. 2018-10-31 19:59:20 +00:00
Toomas Soome
09312399a7 loader: issue edd probe before legacy ah=08 and detect no media
while probing for drives, use int13 extended info before standard one and
provide workaround for case we are not getting needed information in case
of floppy drive.

In case of INT13 errors, there are (at least) 3 error codes appearing in case
of missin media - 20h, 31h and 80h. Flag the no media and do not print an
error.

Differential Revision:	https://reviews.freebsd.org/D17667
2018-10-31 16:42:40 +00:00
Kyle Evans
5beb550712 lualoader: Fix try_include error handling
The previous iteration of try_include attempted to be 'friendly' and error()
out if we hit an error that wasn't ENOENT. This was semi-OK, but fragile as
it relied on pattern matching the error message.

Move the responsibility for handling failure to the caller. Following
a common lua pattern, we'll return the return value of the underlying
require() on success, or false and an error message.

Reported by:	bcran
MFC after:	3 days
2018-10-29 02:58:30 +00:00
Warner Losh
16633f3a2d Move LUA_ROOT to /boot/lua
While this is mostly unused today, this is a better place than
/usr/local/lua.
2018-10-28 02:57:50 +00:00
Kyle Evans
e1f1ddeb35 lualoader: Always return a proper dictionary for blacklist
If module_blacklist isn't specified, we have an empty blacklist; effectively
the same as if module_blacklist="" were specified in loader.conf(5).

This was reported when switching to a BE that predated the module_blacklist
introduction, but the problem is valid all the same and likely to be tripped
over in other scenarios.

Reported by:	bwidawsk
MFC after:	3 days
2018-10-27 04:10:42 +00:00
Warner Losh
48f0136d52 Fix pointer arithmetic
Pointer math to find the size in bytes only works with char types.
Use correct pointer math to determine if we have enough of a header to
look at or not.

MFC After: 3 days
X-MFX-With: r339800
Noticed by: jhb@
Sponsored by: Netflix, Inc
2018-10-26 23:44:50 +00:00
Warner Losh
df65fbc569 Ensure we have a full EFI_DEVICE_PATH header before we try to look at
its length. Some BIOSes pad the length of the device path to an even
amount. When we had a device path that was somehow an odd length, we'd
wind up having 1 byte left that we were bogusly interpreting as a full
device path. We'd then dereference 2 bytes into that to get a length
of the node, which had undefined (and quite undesired) effects.

Sponsored by: Netflix, Inc
MFC After: 3 days
2018-10-26 23:08:22 +00:00
Rebecca Cran
9a815e0a58 Simplify the EFI delay() function by calling BS->Stall()
Differential Revision: https://reviews.freebsd.org/D16753
2018-10-26 21:57:22 +00:00
Kyle Evans
3078173c8d lualoader: Improve module loading diagnostics
Some fixes:

- Maintain historical behavior more accurately w.r.t verbose_loading;
  verbose_loading strictly prints "${module_name...}" and later "failed!"
  or "ok" based on load success
- With or without verbose_loading, dump command_errbuf on load failure.
  This usually happens prior to ok/failed if we're verbose_loading

Reviewed by:	imp
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D17694
2018-10-25 02:14:35 +00:00
Kyle Evans
041929aab1 menu.lua: Abort autoboot sequence on failed command
Currently, a timeout in the menu autoboot sequence would effectively do
nothing. We would return from the autoboot handling, then begin processing
the menu without redrawing it.

This change makes the behavior a little more friendly. Returning the user to
the menu can't have any good effects, so abort the autoboot sequence and
drop to the loader prompt.

MFC after:	3 days
2018-10-24 03:14:10 +00:00