Commit Graph

46 Commits

Author SHA1 Message Date
Toomas Soome
1d1140af58 loader should boot pre-feature flags pools.
The feature flags chek is missing the corner case where we have valid pool
version, but feature flags are not enabled - as for example plain v28 pool.

This update does fix the boot support for such pools.

Reviewed by:	avg, allanjude
Approved by:	allanjude (mentor)
Differential Revision:	https://reviews.freebsd.org/D8331
2016-10-24 16:28:54 +00:00
Toomas Soome
2c55d0903d Add SHA512, skein, large blocks support for loader zfs.
Updated sha512 from illumos.
Using skein from freebsd crypto tree.
Since loader itself is using 64MB memory for heap, updated zfsboot to
use same, and this also allows to support zfs large blocks.

Note, adding additional features does increate zfsboot code, therefore
this update does increase zfsboot code to 128k, also I have ported gptldr.S
update to zfsldr.S to support 64k+ code.

With this update, boot1.efi has almost reached the current limit of the size
set for it, so one of the future patches for boot1.efi will need to
increase the limit.

Currently known missing zfs features in boot loader are edonr and gzip support.

Reviewed by:	delphij, imp
Approved by:	imp (mentor)
Obtained from:	sha256.c update and skein_zfs.c stub from illumos.
Differential Revision:	https://reviews.freebsd.org/D7418
2016-08-18 00:37:07 +00:00
Allan Jude
4deb8929ea Make boot code and loader check for unsupported ZFS feature flags
OpenZFS uses feature flags instead of a zpool version number to track
features since the split from Oracle. In addition to avoiding confusion
on ZFS vs OpenZFS version numbers, this also allows features to be added
to different operating systems that use OpenZFS in different order.

The previous zfs boot code (gptzfsboot) and loader (zfsloader) blindly
tries to read the pool, and if failed provided only a vague error message.

With this change, both the boot code and loader check the MOS features
list in the ZFS label and compare it against the list of features that
the loader supports. If any unsupported feature is active, the pool is
not considered as a candidate for booting, and a helpful diagnostic
message is printed to the screen. Features that are merely enabled via
zpool upgrade, but not in use, do not block booting from the pool.

Submitted by:	Toomas Soome <tsoome@me.com>
Reviewed by:	delphij, mav
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D6857
2016-08-01 19:37:43 +00:00
Steven Hartland
276a15676c Prevent bogus compiler in ZFS boot code
Silence a bogus compiler warning about indexing past the end of dn_bonus.

The ZFS code ensures this is not possible but the compiler can't determine
this so added an additional check to prevent this warning.

Sponsored by:	Multiplay
2016-01-14 21:31:26 +00:00
Allan Jude
f1aba489c1 Introduce the ZFS Boot Environments menu to the loader menu
If the system was booted with ZFS, a new menu item (#7) appears
It contains an autogenerated list of ZFS Boot Environments

This allows the user to switch to an alternate root file system
Use Cases:
 - Revert a failed upgrade
 - Concurrently run different versions of FreeBSD with common home directory
 - Easier integration with the sysadmin/beadm utility

Requested by:	many
Reviewed by:	dteske
MFC after:	10 days
Relnotes:	yes
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D3167
2015-12-31 20:00:53 +00:00
Andriy Gapon
649a80dc4c dnode_read: fixup r284025, BP_IS_HOLE macro expects a pointer
PR:		199804
Reported by:	sbruno
Pointyhat to:	avg
MFC after:	10 days
X-MFC with:	r284025
2015-06-05 17:02:21 +00:00
Andriy Gapon
dade6e27ab dnode_read: handle hole blocks in zfs boot code
A hole block pointer can be encountered at any level and the hole
can cover multiple data blocks, but we are reading the data blocks
one by one, so we care only about the current one.

PR:		199804
Reported by:	Toomas Soome <tsoome@me.com>
Submitted by:	Toomas Soome <tsoome@me.com> (earlier version)
Tested by:	Toomas Soome <tsoome@me.com>
MFC after:	11 days
2015-06-05 15:32:04 +00:00
Xin LI
8bcd603968 MFV r274273:
ZFS large block support.

Please note that booting from datasets that have recordsize greater
than 128KB is not supported (but it's Okay to enable the feature on
the pool).  This *may* remain unchanged because of memory constraint.

Limited safety belt is provided for mounted root filesystem but use
caution is advised.

Illumos issue:
    5027 zfs large block support

MFC after:	1 month
2014-11-10 08:20:21 +00:00
Xin LI
29441ba3fa MFV r267565:
4757 ZFS embedded-data block pointers ("zero block compression")
4913 zfs release should not be subject to space checks

MFC after:	2 weeks
2014-07-01 06:43:15 +00:00
Xin LI
f4c8ba8370 MFV r259170:
4370 avoid transmitting holes during zfs send

4371 DMU code clean up

illumos/illumos-gate@43466aae47

NOTE: Make sure the boot code is updated if a zpool upgrade is
done on boot zpool.

MFC after:	2 weeks
2014-01-01 00:45:28 +00:00
Andriy Gapon
aae0c9de03 zfs boot: export boot/primary pool and vdev guid all the way to kenv
This is work in progress to for znextboot and it also provides
some convenient infrastructure.

MFC after:	20 days
2012-10-06 19:47:24 +00:00
Andriy Gapon
edfd4fce8f zfs boot spa_status: print bootfs for each reported pool
MFC after:	9 days
2012-10-06 19:42:05 +00:00
Andriy Gapon
62c725a9db boot/zfs: call zfs_spa_init for all found pools
... and drop those for which it fails.
Also, add more sanity checking to the function.

MFC after:	16 days
2012-10-06 19:40:12 +00:00
Andriy Gapon
74b3e265c7 zfs boot: add code for listing child datasets of a given dataset
- only filesystem datasets are supported
- children names are printed to stdout

To do: allow to iterate over the list and fetch names programatically

MFC after:	17 days
2012-10-06 19:27:04 +00:00
Andriy Gapon
7ae0dc79b7 zfs boot: add a size check for a value in fzap_lookup
MFC after:	25 days
2012-09-11 07:15:11 +00:00
Andriy Gapon
4b7fc6b08e zfs boot: print only an attribute name in fzap_list
... this matches mzap_list behavior

MFC after:	12 days
2012-09-11 07:13:58 +00:00
Andriy Gapon
e644b976b0 zfs boot: fix/replace fzap_rlookup implementation
The previous one was totally bogus as it used hash value of
_output_ variable as an index for searching...
The only reliable way to do a reverse lookup here is to iterate
over all entries.

MFC after:	15 days
2012-09-11 07:12:48 +00:00
Andriy Gapon
b6910e777e zfs boot: bring zap_leaf_chunk field names in sync with kernel code
This change is cosmetic.

MFC after:	10 days
2012-09-11 07:11:32 +00:00
Martin Matuska
253a9c296c Fix ZFS boot with pre-features pools (version <= 28) broken in r236884
Reported by:	mav
MFC after:	1 month
2012-06-13 08:00:32 +00:00
Martin Matuska
2d9cf57e18 Introduce "feature flags" for ZFS pools (bump SPA version to 5000).
Add first feature "com.delphix:async_destroy" (asynchronous destroy
of ZFS datasets).
Implement features support in ZFS boot code.

Illumos revisions merged:
13700:2889e2596bd6
13701:1949b688d5fb
2619 asynchronous destruction of ZFS file systems
2747 SPA versioning with zfs feature flags

References:
https://www.illumos.org/issues/2619
https://www.illumos.org/issues/2747

Obtained from:	illumos (issue #2619, #2747)
MFC after:	1 month
2012-06-11 11:35:22 +00:00
Andriy Gapon
dfc351d8e9 zfs boot code: mark spa_t arguments as const where they are used as such
MFC after:	1 month
2012-05-13 09:22:18 +00:00
Andriy Gapon
32df866434 sparc64/zfs boot: take advantage of new libzfsboot capabilities
Also drop the now unneeded compatibility shims.

Tested by:	marius
MFC after:	1 month
2012-05-12 20:27:33 +00:00
Andriy Gapon
f7f7b759f6 zfs boot code: use %j and uintmax_t instead %ll and uint64_t in printfs
This is to silence warnings that result from different definitions of
uint64_t on different architectures, specifically i386 and sparc64.

MFC after:	1 month
2012-05-12 20:23:30 +00:00
Andriy Gapon
1702e62f67 zfsboot/zfsloader: support accessing filesystems within a pool
In zfs loader zfs device name format now is "zfs:pool/fs",
fully qualified file path is "zfs:pool/fs:/path/to/file"
loader allows accessing files from various pools and filesystems as well
as changing currdev to a different pool/filesystem.

zfsboot accepts kernel/loader name in a format pool:fs:path/to/file or,
as before, pool:path/to/file; in the latter case a default filesystem
is used (pool root or bootfs).  zfsboot passes guids of the selected
pool and dataset to zfsloader to be used as its defaults.

zfs support should be architecture independent and is provided
in a separate library, but architectures wishing to use this zfs support
still have to provide some glue code and their devdesc should be
compatible with zfs_devdesc.
arch_zfs_probe method is used to discover all disk devices that may
be part of ZFS pool(s).

libi386 unconditionally includes zfs support, but some zfs-specific
functions are stubbed out as weak symbols.  The strong definitions
are provided in libzfsboot.
This change mean that the size of i386_devspec becomes larger
to match zfs_devspec.

Backward-compatibility shims are provided for recently added sparc64
zfs boot support.  Currently that architecture still works the old
way and does not support the new features.

TODO:
- clear up pool root filesystem vs pool bootfs filesystem distinction
- update sparc64 support
- set vfs.root.mountfrom based on currdev (for zfs)

Mid-future TODO:
- loader sub-menu for selecting alternative boot environment

Distant future TODO:
- support accessing snapshots, using a snapshot as readonly root

Reviewed by:	marius (sparc64),
		Gavin Mu <gavin.mu@gmail.com> (sparc64)
Tested by:	Florian Wagner <florian@wagner-flo.net> (x86),
		marius (sparc64)
No objections:	fs@, hackers@
MFC after:	1 month
2012-05-12 09:03:30 +00:00
Andriy Gapon
05b096ff61 zfs boot: allow file vdevs to be used in testing (e.g. with zfsboottest)
MFC after:	1 week
2011-12-04 21:29:56 +00:00
Pawel Jakub Dawidek
9838b8b0ee - Correctly read gang header from raidz.
- Decompress assembled gang block data if compressed.
- Verify checksum of a gang header.
- Verify checksum of assembled gang block data.
- Verify checksum of uber block.

Submitted by:	avg
MFC after:	3 days
2011-10-20 15:42:38 +00:00
Pawel Jakub Dawidek
81fdf04870 Always pass data size for checksum verification function, as using
physical block size declared in bp may not always be what we want.
For example in case of gang block header physical block size declared
in bp is much larger than SPA_GANGBLOCKSIZE (512 bytes) and checksum
calculation failed. This bug could lead to accessing unallocated
memory and resets/failures during boot.

MFC after:	3 days
2011-10-19 23:44:38 +00:00
Pawel Jakub Dawidek
8565a6f600 Never pass NULL block pointer when reading. This is neither expected nor
handled by lower layers like vdev_raidz, which uses bp for checksum
verification. This bug could lead to NULL pointer reference and resets
during boot.

MFC after:	3 days
2011-10-19 23:40:37 +00:00
Pawel Jakub Dawidek
f8d5a41b64 Don't mark vdev as healthy too soon, so we won't try to use invalid vdevs.
MFC after:	3 days
2011-10-19 23:37:30 +00:00
Pawel Jakub Dawidek
10b9d77bf1 Finally... Import the latest open-source ZFS version - (SPA) 28.
Few new things available from now on:

- Data deduplication.
- Triple parity RAIDZ (RAIDZ3).
- zfs diff.
- zpool split.
- Snapshot holds.
- zpool import -F. Allows to rewind corrupted pool to earlier
  transaction group.
- Possibility to import pool in read-only mode.

MFC after:	1 month
2011-02-27 19:41:40 +00:00
Pawel Jakub Dawidek
a0e2fdedd1 - Split code shared by almost any boot loader into separate files and
clean up most layering violations:

	sys/boot/i386/common/rbx.h:

		RBX_* defines
		OPT_SET()
		OPT_CHECK()

	sys/boot/common/util.[ch]:

		memcpy()
		memset()
		memcmp()
		bcpy()
		bzero()
		bcmp()
		strcmp()
		strncmp() [new]
		strcpy()
		strcat()
		strchr()
		strlen()
		printf()

	sys/boot/i386/common/cons.[ch]:

		ioctrl
		putc()
		xputc()
		putchar()
		getc()
		xgetc()
		keyhit() [now takes number of seconds as an argument]
		getstr()

	sys/boot/i386/common/drv.[ch]:

		struct dsk
		drvread()
		drvwrite() [new]
		drvsize() [new]

	sys/boot/common/crc32.[ch] [new]

	sys/boot/common/gpt.[ch] [new]

- Teach gptboot and gptzfsboot about new files. I haven't touched the
  rest, but there is still a lot of code duplication to be removed.

- Implement full GPT support. Currently we just read primary header and
  partition table and don't care about checksums, etc. After this change we
  verify checksums of primary header and primary partition table and if
  there is a problem we fall back to backup header and backup partition
  table.

- Clean up most messages to use prefix of boot program, so in case of an
  error we know where the error comes from, eg.:

	gptboot: unable to read primary GPT header

- If we can't boot, print boot prompt only once and not every five
  seconds.

- Honour newly added GPT attributes:

	bootme - this is bootable partition
	bootonce - try to boot from this partition only once
	bootfailed - we failed to boot from this partition

- Change boot order of gptboot to the following:

	1. Try to boot from all the partitions that have both 'bootme'
	   and 'bootonce' attributes one by one.
	2. Try to boot from all the partitions that have only 'bootme'
	   attribute one by one.
	3. If there are no partitions with 'bootme' attribute, boot from
	   the first UFS partition.

- The 'bootonce' functionality is implemented in the following way:

	1. Walk through all the partitions and when 'bootonce'
	   attribute is found without 'bootme' attribute, remove
	   'bootonce' attribute and set 'bootfailed' attribute.
	   'bootonce' attribute alone means that we tried to boot from
	   this partition, but boot failed after leaving gptboot and
	   machine was restarted.
	2. Find partition with both 'bootme' and 'bootonce' attributes.
	3. Remove 'bootme' attribute.
	4. Try to execute /boot/loader or /boot/kernel/kernel from that
	   partition. If succeeded we stop here.
	5. If execution failed, remove 'bootonce' and set 'bootfailed'.
	6. Go to 2.

   If whole boot succeeded there is new /etc/rc.d/gptboot script coming
   that will log all partitions that we failed to boot from (the ones with
   'bootfailed' attribute) and will remove this attribute. It will also
   find partition with 'bootonce' attribute - this is the partition we
   booted from successfully. The script will log success and remove the
   attribute.

   All the GPT updates we do here goes to both primary and backup GPT if
   they are valid. We don't touch headers or partition tables when
   checksum doesn't match.

Reviewed by:	arch (Message-ID: <20100917234542.GE1902@garage.freebsd.pl>)
Obtained from:	Wheel Systems Sp. z o.o. http://www.wheelsystems.com
MFC after:	2 weeks
2010-09-24 19:49:12 +00:00
Pawel Jakub Dawidek
fc1b42b552 Remove empty lines committed by accident.
MFC after:	2 weeks
2010-09-09 21:32:09 +00:00
Pawel Jakub Dawidek
f60ec6d63d Ignore log vdevs.
MFC after:	2 weeks
2010-09-09 21:19:09 +00:00
Pawel Jakub Dawidek
c42f230131 Allow to boot from a pool within which replacing is in progress.
Before the change it wasn't possible and the following error was printed:

	ZFS: can only boot from disk, mirror or raidz vdevs

Now if the original vdev (the one we are replacing) is still present we will
read from it, but if it is not present we won't read from the new vdev, as it
might not have enough valid data yet.

MFC after:	2 weeks
2010-09-09 21:18:00 +00:00
Pawel Jakub Dawidek
e66811b193 Remove duplicated code.
MFC after:	2 weeks
2010-09-09 21:15:16 +00:00
Martin Matuska
833aeb586b Return EIO if vdev->v_phys_read is NULL.
This fixes booting from a ZFS mirror with a unavailable primary device.

PR:		kern/148655
Reviewed by:	avg
Approved by:	delphij (mentor)
MFC after:	3 days
2010-08-09 06:36:11 +00:00
Andriy Gapon
7bdc66dab8 boot/zfs: fix gang block reading code
- use correct size (512) while reading a gang block
- skip holes while reading child blocks
- advance buffer pointer while reading child blocks

PR:		144214
MFC after:	10 days
2010-05-28 07:34:20 +00:00
Xin LI
6f2c3084b5 Space cleanup for revision 201689 committed separately for easier review.
This commit is purely space changes.

Submitted by:	Matt Reimer
Sponsored by:	VPOP Technologies, Inc.
MFC after:	2 weeks
2010-01-06 23:11:56 +00:00
Xin LI
03ec6213ee Instead of assuming all vdevs are healthy, check the newest vdev label
for each vdev's status.  Booting from a degraded vdev should now be
more robust.

Submitted by:	Matt Reimer <mattjreimer at gmail.com>
Sponsored by:	VPOP Technologies, Inc.
MFC after:	2 weeks
2010-01-06 23:09:23 +00:00
John Baldwin
4497287f20 - Port bios_getmem() from libi386 to {gpt,}zfsboot() and use it to
safely allocate a heap region above 1MB.  This enables {gpt,}zfsboot()
  to allocate much larger buffers than before.
- Use a larger buffer (1MB instead of 128K) for temporary ZFS buffers.  This
  allows more reliable reading of compressed files in a raidz/raidz2 pool.

Submitted by:	Matt Reimer  mattjreimer of gmail
MFC after:	1 week
2009-12-09 20:36:56 +00:00
Robert Noland
14c436e101 Correct some issues with zfs boot.
- Teach it to read gang blocks. (essentially untested)
   If you see "ZFS: gang block detected!", please let
   me know, so we can either remove the printf if it
   works, or fix it if it doesn't.

 - If multiple partitions exist on a disk, probe them all.
   We also need to reset dsk->start to 0 to read the right
   sector here.

 - With GPT, we can have 128 partitions.

 - If the bootfs property has ever been set on a pool
   it seems that it never goes away.  zpool won't allow
   you to add to the pool with the bootfs property set.
   However, if you clear the property back to default
   we end up getting 0 for the object number and read
   a bogus block pointer and fail to boot.

 - Fix some error printfs. The printf in the loader is
   only capable of c,s and u formats.

 - Teach printf how to display %llu

Reviewed by:	dfr, jhb
MFC after:	2 weeks
2009-10-23 18:44:53 +00:00
Doug Rabson
e1899ef6c8 Add support for booting from raidz1 and raidz2 pools. 2009-05-16 10:48:20 +00:00
Doug Rabson
7b3569ff05 Use full 64bit arithmetic when converting file offsets to block numbers - fixes
booting on filesystems with inode numbers with values above 4194304.

Submitted by:	ps
2008-12-17 18:12:01 +00:00
Doug Rabson
937a012e5d Don't get confused if we encounter a device which is part of a raidz or raidz2
pool while probing for vdevs.

PR:		129539
Submitted by:	Paul Wootton (paul at fletchermoorland dot co dot uk)
2008-12-10 10:46:34 +00:00
Doug Rabson
0d16312b46 Some zfsboot fixes from Norikatsu Shigemura:
1. zfsboot2 (boot2) doesn't %d (printf), so change %d to %u.
2. chase new zpool versioning as SPA_VERSION.
   Obtained from: sys/cddl/contrib/opensolaris/uts/common/sys/fs/zfs.h

Submitted by:	nork
2008-11-19 16:59:19 +00:00
Pawel Jakub Dawidek
1ba4a712dd Update ZFS from version 6 to 13 and bring some FreeBSD-specific changes.
This bring huge amount of changes, I'll enumerate only user-visible changes:

- Delegated Administration

	Allows regular users to perform ZFS operations, like file system
	creation, snapshot creation, etc.

- L2ARC

	Level 2 cache for ZFS - allows to use additional disks for cache.
	Huge performance improvements mostly for random read of mostly
	static content.

- slog

	Allow to use additional disks for ZFS Intent Log to speed up
	operations like fsync(2).

- vfs.zfs.super_owner

	Allows regular users to perform privileged operations on files stored
	on ZFS file systems owned by him. Very careful with this one.

- chflags(2)

	Not all the flags are supported. This still needs work.

- ZFSBoot

	Support to boot off of ZFS pool. Not finished, AFAIK.

	Submitted by:	dfr

- Snapshot properties

- New failure modes

	Before if write requested failed, system paniced. Now one
	can select from one of three failure modes:
	- panic - panic on write error
	- wait - wait for disk to reappear
	- continue - serve read requests if possible, block write requests

- Refquota, refreservation properties

	Just quota and reservation properties, but don't count space consumed
	by children file systems, clones and snapshots.

- Sparse volumes

	ZVOLs that don't reserve space in the pool.

- External attributes

	Compatible with extattr(2).

- NFSv4-ACLs

	Not sure about the status, might not be complete yet.

	Submitted by:	trasz

- Creation-time properties

- Regression tests for zpool(8) command.

Obtained from:	OpenSolaris
2008-11-17 20:49:29 +00:00