Commit Graph

1074 Commits

Author SHA1 Message Date
Toomas Soome
4a2d7cee02 loader: vdev_read() can corrupt memory
When reading less than sector size but from sector boundary,
the vdev_read() will read full sector into the provided buffer
and therefore corrupting memory past buffer end.

MFC after:	2 days
2020-05-09 06:25:20 +00:00
Andrew Turner
4495f36874 Fix the EFI_DEBUG case, prio_str is only used when EFI_DEBUG is unset.
Sponsored by:	Innovate UK
2020-05-05 10:01:10 +00:00
Andrew Turner
3d5e12ebce As with r352446 align blocks in boot1.efi
We need to ensure the buffers are aligned before passing them to ReadBlocks.
Assume 512 bytes is enough for now.

Reviewed by:	imp
MFC after:	1 month
Sponsored by:	Innovate UK
2020-05-05 09:42:26 +00:00
Warner Losh
272a882b37 Redo r360540 to retain the ifndef sparc code, not delete it.
Also undo the BROKEN stuff, since it was based on the same misreading.

Noticed by: Jens Schweikhardt
2020-05-01 18:36:48 +00:00
Warner Losh
9053d5b70c Remove more stray sparc64 ifdefs.
Also, dmabuf appears to only be set for sparc64 case, but there was a
comment at its only use that says it was broken for some apple
adapters. #ifdef it all of that out now that nothing sets it.
2020-05-01 17:50:21 +00:00
Brandon Bergren
a10ed08fe0 [PowerPC] Set fixed boot1.elf load address
Due to the way claiming works, we need to ensure on AIM OFW machines that
we don't have overlapping ranges on any step of the load.

Load boot1.elf at 0x38000 so it will not overlap with anything even if the
entire PReP partition gets loaded by OFW.

Tested on an iBook G4, a PowerBook G4, a PowerMac G5, and qemu pseries.
(qemu pseries is broken without this patch due to the high address used
by lld10.)

Reviewed by:	adalava
Sponsored by:	Tag1 Consulting, Inc.
Differential Revision:	https://reviews.freebsd.org/D24623
2020-05-01 16:56:36 +00:00
Brandon Bergren
892df83817 Remove sparc relocation support from reloc_elf.c.
It got missed in the sparc64 removal.
2020-05-01 16:47:54 +00:00
Kyle Evans
3fe0ac6aa5 lualoader: config: improve readConfFiles, rename to readConf
The previous interface was pretty bad, and required the caller to get some
implementation details correct that it really shouldn't need to (e.g.
loader_conf_files handling) and pass in an empty table for it to use.

The new and much improved interface, readConf, is much less of a hack;
hiding these implementation details and just doing the right thing.
config.lua will now use it to process /boot/defaults/loader.conf and the
subsequent loader_conf_files from there, and read-conf will also use it.

This improvement submitted by Olivier (cited below), loader_conf_files
handling from the original patch was changed to just clobber it before
processing and not bother restoring it after the fact following r360505
where it's now guaranteed to evade the loader environment.

PR:		244640
Submitted by:	Olivier Certner (olivier freebsd free fr>
2020-04-30 21:04:39 +00:00
Kyle Evans
bf832717cf lualoader: config: add a table for restricted environment vars
This new table should be used for transient values that don't need to end up
in the loader environment. Generally, these will be things that are internal
details that really aren't needed or interesting outside of the config
module (e.g. if we changed how ${module}_* directives work, they might use
this instead).

To start, populate it with loader_conf_files. Any specific value of
loader_conf_files isn't all that interesting; if we're going to export it,
we should really instead export a loader_conf_files that indicates all of
the configuration files we processed. This will be used to reduce
bookkeeping overhead in a future commit that cleans up readConfFiles.
2020-04-30 20:58:58 +00:00
Kyle Evans
80a623bf52 loader.conf(5): document that loader_conf_files may be clobbered
A future change in lualoader may take some liberties with the
loader_conf_files in the name of efficiency; namely, it may start omitting
it from the loader environment entirely so that it doesn't need to worry
about maintaining any specific value.

This variable has historically been incredibly volatile anyways, as it may
get set to completely different values in any given configuration file to
trigger a load of more files.

Document now that we may not maintain it in the future, but perhaps we'll
reserve the right to change our minds and eventually formally export all of
the loader configuration files that were read using this variable.

MFC after:	3 days
2020-04-30 02:50:58 +00:00
Kyle Evans
60a2823c66 config.lua(8): catch up to recently added hooks
While we're here, let's stylize these as functions instead of just raw text.
A future change may allow arbitrary data arguments to be passed some of
these, and the distinction is useful.
2020-04-28 03:43:55 +00:00
Kyle Evans
aa3d34de88 config.lua(8): "may should" is not proper grammar
Reported by:	rpokala
X-MFC-With:	r360421
2020-04-28 02:13:17 +00:00
Kyle Evans
cc0380718e lualoader: cli: clobber loader_conf_files before proceeding
This makes sure that config.readConfFiles doesn't see a stale
loader_conf_files from before, in case the newly loaded file doesn't set it.

MFC after:	3 days
2020-04-28 02:08:55 +00:00
Kyle Evans
e40d2a04ea lualoader: cli: add read-conf
This is a straightforward match to the command used by many in forthloader;
it uses the newly-exported config.readConfFiles() to make sure that any
loader_conf_files gets done as appropriate.

PR:		244640
Submitted by:	Olivier Certner <olivier freebsd free fr>
MFC after:	3 days
2020-04-28 02:04:51 +00:00
Kyle Evans
7a5c6c8bfe lualoader: config: start exporting readConfFiles
In the process, change it slightly: readConfFiles will take a string like
loader_conf_files in addition to the loaded_files table that it normally
takes. This is to facilitate the addition of a read-conf CLI command, which
will just pass in the single file to read and an empty table.

MFC after:	3 days
2020-04-28 02:03:03 +00:00
Kyle Evans
ecacf5ff1e lualoader config: don't call loader.getenv() as much
We don't actually need to fetch loader_conf_files as much as we do; we've
already fetched it once at the beginning, we only really need to fetch it
again after each file we've processed. If it changes, then we can stash that
off into our local prefiles.

While here, drop a note about the recursion so that I stop trying to
change it. It may very well make redundant some of the work we're doing, but
that's OK.

MFC after:	3 days
2020-04-28 01:39:34 +00:00
Mark Johnston
5c17092568 Stop setting PG_U in bootstrap mappings.
These mappings are never visible to userspace as they get replaced when
the amd64 pmap is bootstrapped, but there is no need to set PG_U in the
first place.

Reviewed by:	alc, kib
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D24547
2020-04-24 13:53:40 +00:00
Andrew Turner
a2e2311a40 Build the arm64 loader with -ffixed-x18
This stops the compiler from using the x18 register. Some UEFI
implementations assume this will be preserved when calling the Boot
Services.

MFC after:	2 weeks
Sponsored by:	Innovate UK
2020-04-24 10:03:11 +00:00
Ryan Moeller
d2187b39cf menu.lua: Give names to menu entries
Make menu customizations easier by naming the entries and using the
names to build the table entries.

Reviewed by:	kevans
Approved by:	mav (mentor)
MFC after:	1 week
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D24527
2020-04-22 17:04:31 +00:00
Adrian Chadd
6c88ef1c81 [libsa] Fix typecast of pointer for st_dev
This code was trying to use a pointer value for st_dev, which is definitely
not a pointer.  Instead, cast to uintptr_t so it becomes a non-pointer value
before casting it.

Tested: mips-gcc cross compile, mips32 build
2020-04-16 23:29:49 +00:00
Kyle Evans
c318828929 Preload hostuuid for early-boot use
prison0's hostuuid will get set by the hostid rc script, either after
generating it and saving it to /etc/hostid or by simply reading /etc/hostid.

Some things (e.g. arbitrary MAC address generation) may use the hostuuid as
a factor in early boot, so providing a way to read /etc/hostid (if it's
available) and using it before userland starts up is desirable. The code is
written such that the preload doesn't *have* to be /etc/hostid, thus not
assuming that there will be newline at the end of the buffer or even the
exact shape of the newline. White trailing whitespace/non-printables
trimmed, the result will be validated as a valid uuid before it's used for
early boot purposes.

The preload can be turned off with hostuuid_load="NO" in /boot/loader.conf,
just as other preloads; it's worth noting that this is a 37-byte file, the
overhead is believed to be generally minimal.

It doesn't seem necessary at this time to be concerned with kern.hostid.

One does wonder if we should consider validating hostuuids coming in
via jail_set(2); some bits seem to care about uuid form and we bother
validating format of smbios-provided uuid and in-fact whatever uuid comes
from /etc/hostid.

Reviewed by:	karels, delphij, jamie
MFC after:	1 week (don't preload by default, probably)
Differential Revision:	https://reviews.freebsd.org/D24288
2020-04-16 00:54:06 +00:00
Leandro Lupori
0660bb6fa5 Add support to MSDOS FS in PPC loader
Although PPC OFW loader already had a LOADER_MSDOS_SUPPORT option, a few lines
were missing in conf.c, in order to support FAT filesystems.

This is useful when running FreeBSD under QEMU, to be able to easily change the
kernel and modules when running on hosts without UFS read/write support.

Reviewed by:	jhibbits
Sponsored by:	Eldorado Research Institute (eldorado.org.br)
Differential Revision:	https://reviews.freebsd.org/D24328
2020-04-07 19:46:00 +00:00
Simon J. Gerraty
723f904176 Improve interaction of vectx and tftp
On slow platforms, it helps to spread the hashing load
over time so that tftp does not timeout.

Also, some .4th files are too big to fit in cache of pkgfs,
so increase cache size and ensure fully populated.

Reviewed by:	stevek
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D24287
2020-04-07 16:56:34 +00:00
Kyle Evans
ed648b3f39 stand: -fno-common fixes for !x86 loaders
- beriloader: archsw is declared extern and defined elsewhere
- ofwloader: ofw_elf{,64} are defined in elf_freebsd.c and
  ppc64_elf_freebsd.c respectively
- ubldr: syscall_ptr is defined in start.S for whichever ubldr platform is
  building

-fno-common will become the default in GCC10/LLVM11.

MFC after:	3 days
2020-04-07 12:57:50 +00:00
Leandro Lupori
8883b17065 [PPC] Fix loader call to instantiate-rtas
OpenFirmware (OF) method instantiate-rtas was being called with a wrong
rtas-base-address argument. It must use the memory that is already being
allocated to this end instead. This issue was causing QEMU netboot to hang
when building the FDT from OF DT.

Reviewed by:	jhibbits
Sponsored by:	Eldorado Research Institute (eldorado.org.br)
Differential Revision:	https://reviews.freebsd.org/D24313
2020-04-07 12:46:26 +00:00
Toomas Soome
5292d0a7f3 loader: use #elif defined() in stand.h
Small cleanup.

Reported by:	imp
2020-03-29 06:48:59 +00:00
Kyle Evans
b3a1768824 userboot: mark host_fsops as extern
This is already defined elsewhere; mark this declaration extern to the fix
the -fno-common build.

MFC after:	3 days
2020-03-29 02:29:06 +00:00
Toomas Soome
a536ed419e loader.efi: restore the init and fix the color setup
The efi console init is avoided since conin setup was moved to probe.
In case the console is re-initialized, we need to pick up colors
from environment.
2020-03-28 22:37:50 +00:00
Toomas Soome
6c01b7102d loader: typo did slip into 359408
somehow r was lost from 'char'.
2020-03-28 21:55:42 +00:00
Toomas Soome
215597f05f loader: strdup name strings from dataset walker
The removal of zfs scratch buffer did miss the fact the dataset
lookup was picking up the names from zap list.
2020-03-28 21:50:27 +00:00
Toomas Soome
c907ec9e16 loader: add knob to build with user malloc
This option is intended to aid development, to allow building with user malloc.
The use case would be to build userboot & test with libc (or other) malloc and
use extra malloc debug features.
2020-03-28 21:47:44 +00:00
Toomas Soome
db31623660 loader.efi: conout->QueryMode() can fail to return screen dimensions
Some systems are reported to fail to report screen dimensions unless the
screen mode is set first.
2020-03-27 18:01:01 +00:00
Ryan Moeller
73531a2abd loader: Fully reset terminal settings, not just colors
Reviewed by:	kevans
Reviewed by:	tsoome
Approved by:	mav (mentor)
MFC after:	1 week
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D21733
2020-03-27 17:37:31 +00:00
Brandon Bergren
a04ec978b3 [PowerPC] Switch powerpc and powerpcspe to lld
Now that LLD 10 is out, and required patches have landed, we are now ready
to finally switch away from the ancient in-tree ld.bfd.

Special thanks to Fangrui Song for many hours of work on getting the
32-bit powerpc lld ready for prime-time.

Reviewed by:	emaste (earlier revision), jhibbits
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D24111
2020-03-27 01:00:03 +00:00
Simon J. Gerraty
53f151f906 Fix pkgfs stat so it satisfies libsecureboot
We need a valid st_dev, st_ino and st_mtime
to correctly track which files have been verified
and to update our notion of time.

ve_utc_set(): ignore utc if it would jump our current time
by more than VE_UTC_MAX_JUMP (20 years).

Allow testing of install command via userboot.
Need to fix its stat implementation too.

bhyveload also needs stat fixed - due to change to userboot.h

Call ve_error_get() from vectx_close() when hash is wrong.

Track the names of files we have hashed into pcr

For the purposes of measured boot, it is important
to be able to reproduce the hash reflected in
loader.ve.pcr
so loader.ve.hashed provides a list of names in the order they
were added.

Reviewed by:	imp
MFC after:	1 week
Sponsored by:	Juniper Networks
Differential Revision:	https://reviews.freebsd.org//D24027
2020-03-25 19:12:19 +00:00
Toomas Soome
27bae6150a loader: remove libsa/crc32.c and use version from zlib
we have crc32(const void *, size_t) in libsa. Unfortunately zlib has
crc32(long, const unigned char *, unsigned) and we have conflict.

Since we do build libsa with zlib, we can use zlib version instead.

Reviewed by:	allanjude
Differential Revision:	https://reviews.freebsd.org/D24068
2020-03-19 21:05:11 +00:00
Toomas Soome
87d8d5ea3d loader: misaligned access of dos_partition structure
armv7 crash due to misligned access of dos_partition dp_start field.

Allocate and make copy of dos_partition array to make sure the data
is aligned.

Reported by:	marklmi at yahoo.com
2020-03-19 17:27:08 +00:00
Toomas Soome
34edaae605 loader.efi: handle efi_cons_init() failure cases better
if we fail to allocate buffer, set up the TERM_EMU and continue.
On output, use TERM_EMU in case we did fail to allocate buffer.
2020-03-18 22:21:42 +00:00
Ryan Moeller
4bee618957 Fixup line lost from previous commit (r359072)
Reviewed by:	kevans
Approved by:	mav (mentor)
MFC after:	1 week
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D24115
2020-03-18 17:01:03 +00:00
Ryan Moeller
79c20f2260 loader: Add a "kernel.loaded" hook
This hook can be useful, for example to run a local function to choose
different modules to load when a user has picked a different kernel
from the menu.

Reviewed by:	kevans
Approved by:	mav (mentor)
MFC after:	1 week
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D24115
2020-03-18 16:21:11 +00:00
Toomas Soome
ebe8cd79d2 loader: add comconsole implementation on top of SIO protocol
Provide comconsole on top of SIO for arm platforms (x86 does use bios version).
2020-03-14 06:36:03 +00:00
Toomas Soome
7f505e7f79 test if port does exist via using scratch register
The SCR, scratch register was not present on the 8250 and 8250B UART, so we
can use to test if we actually do have serial port.

We need this test because some systems will get long delays while attempting
to write to non-existing port and this will slow down the console IO
to extreme.

MFC after:	1 week
2020-03-12 06:45:08 +00:00
Simon J. Gerraty
91cd69ee2c veloader use vectx API for kernel and modules
The vectx API, computes the hash for verifying a file as it is read.
This avoids the overhead of reading files twice - once to verify, then
again to load.

For doing an install via loader, avoiding the need to rewind
large files is critical.

This API is only used for modules, kernel and mdimage as these are the
biggest files read by the loader.
The reduction in boot time depends on how expensive the I/O is
on any given platform.  On a fast VM we see 6% improvement.

For install via loader the first file to be verified is likely to be the
kernel, so some of the prep work (finding manifest etc) done by
verify_file() needs to be factored so it can be reused for
vectx_open().

For missing or unrecognized fingerprint entries, we fail
in vectx_open() unless verifying is disabled.

Otherwise fingerprint check happens in vectx_close() and
since this API is only used for files which must be verified
(VE_MUST) we panic if we get an incorrect hash.

Reviewed by:	imp,tsoome
MFC after:	1 week
Sponsored by:	Juniper Networks
Differential Revision:	https://reviews.freebsd.org//D23827
2020-03-09 16:02:54 +00:00
Simon J. Gerraty
212e103f2f veloader use vectx API for kernel and modules
The vectx API, computes the hash for verifying a file as it is read.
This avoids the overhead of reading files twice - once to verify, then
again to load.

For doing an install via loader, avoiding the need to rewind
large files is critical.

This API is only used for modules, kernel and mdimage as these are the
biggest files read by the loader.
The reduction in boot time depends on how expensive the I/O is
on any given platform.  On a fast VM we see 6% improvement.

For install via loader the first file to be verified is likely to be the
kernel, so some of the prep work (finding manifest etc) done by
verify_file() needs to be factored so it can be reused for
vectx_open().

For missing or unrecognized fingerprint entries, we fail
in vectx_open() unless verifying is disabled.

Otherwise fingerprint check happens in vectx_close() and
since this API is only used for files which must be verified
(VE_MUST) we panic if we get an incorrect hash.

Reviewed by:	imp,tsoome
MFC after:	1 week
Sponsored by:	Juniper Networks
Differential Revision:	https://reviews.freebsd.org//D23827
2020-03-09 15:48:53 +00:00
Simon J. Gerraty
fbcf3b4fad veloader use vectx API for kernel and modules
The vectx API, computes the hash for verifying a file as it is read.
This avoids the overhead of reading files twice - once to verify, then
again to load.

For doing an install via loader, avoiding the need to rewind
large files is critical.

This API is only used for modules, kernel and mdimage as these are the
biggest files read by the loader.
The reduction in boot time depends on how expensive the I/O is
on any given platform.  On a fast VM we see 6% improvement.

For install via loader the first file to be verified is likely to be the
kernel, so some of the prep work (finding manifest etc) done by
verify_file() needs to be factored so it can be reused for
vectx_open().

For missing or unrecognized fingerprint entries, we fail
in vectx_open() unless verifying is disabled.

Otherwise fingerprint check happens in vectx_close() and
since this API is only used for files which must be verified
(VE_MUST) we panic if we get an incorrect hash.

Reviewed by:	imp,tsoome
MFC after:	1 week
Sponsored by:	Juniper Networks
Differential Revision:	https://reviews.freebsd.org//D23827
2020-03-08 18:48:01 +00:00
Simon J. Gerraty
afc571b1a6 veloader use vectx API for kernel and modules
The vectx API, computes the hash for verifying a file as it is read.
This avoids the overhead of reading files twice - once to verify, then
again to load.

For doing an install via loader, avoiding the need to rewind
large files is critical.

This API is only used for modules, kernel and mdimage as these are the
biggest files read by the loader.
The reduction in boot time depends on how expensive the I/O is
on any given platform.  On a fast VM we see 6% improvement.

For install via loader the first file to be verified is likely to be the
kernel, so some of the prep work (finding manifest etc) done by
verify_file() needs to be factored so it can be reused for
vectx_open().

For missing or unrecognized fingerprint entries, we fail
in vectx_open() unless verifying is disabled.

Otherwise fingerprint check happens in vectx_close() and
since this API is only used for files which must be verified
(VE_MUST) we panic if we get an incorrect hash.

Reviewed by:	imp,tsoome
MFC after:	1 week
Sponsored by:	Juniper Networks
Differential Revision:	https://reviews.freebsd.org//D23827
2020-03-08 17:42:42 +00:00
Dimitry Andric
a2037dba7e Link stand/i386 components using a linker script
LLD 10.0.0 changed the behavior of the -Ttext option, so that using
-Ttext=0x0 now causes linking of the loaders to fail with:

ld: error: output file too large: 18446744073707016908 bytes

I reported this in https://bugs.llvm.org/show_bug.cgi?id=44715, and
initially reverted the upstream change in r357259 to work around it.

However, after some discussion with Fangrui Song in the upstream ticket,
I think we can classify this as an unfortunate interaction between using
-Ttext=0 in combination with --no-rosegment.  (We added the latter
in r332090, because btxld does not correctly handle input with more
than 2 PT_LOAD segments.)

Fangrui suggested to use a linker script instead, and Warner was already
attempting this in r305353, but had to revert it due to "crypto-using
boot problems" (not sure what those were :).

This review updates the stand/i386/boot.ldscript to handle more
sections, inserts some symbols like _edata and such that we use in
libsa, and also discards any .interp section.

It uses ORG which is defined on the linker command line using
--defsym ORG=value to set the start of all the sections.

Reviewed by:	imp
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D23952
2020-03-04 21:01:22 +00:00
Toomas Soome
ca25195805 loader: crc32 is provided by libsa
Seems like leftover from moving crc32.c to libsa.
2020-03-04 18:38:09 +00:00
Toomas Soome
c1c4c81fd7 loader: replace zfs_alloc/zfs_free with malloc/free
Use common memory management.
2020-02-26 18:12:12 +00:00
Brandon Bergren
20ae0afeac [PowerPC] Fix LLD10 linking of ofw loader on ppc
Before this change, LLD10 was creating several extra PT_LOAD sections,
which OFW does not understand.

Like we do for the kernel already, specify the program headers manually.

Additionally, to work around a crash in our base ld.bfd, we need to
actually assign something to the output section. LLD does not need this.

One side effect of this change is the removal of the GNU_STACK header.
This is more correct, since we are using a statically-allocated stack and
RWX mappings across the board this early in boot.

Reviewed by:	jhibbits, Fangrui Song <i@maskray.me>
Sponsored by:	Tag1 Consulting, Inc.
Differential Revision:	https://reviews.freebsd.org/D23778
2020-02-25 00:45:09 +00:00