Commit Graph

147 Commits

Author SHA1 Message Date
scottph
1634c861be stand/reloc_elf: Handle relative relocations for arm{,64} and riscv
Extend the powerpc relative relocation handling from r240782 to a
handful of other architectures.  This is needed to properly read
dependency information from kernel modules.

Reviewed by:	jhb
Approved by:	scottl (implicit)
MFC after:	1 week
Sponsored by:	Ampere Computing, Inc.
Differential Revision:	https://reviews.freebsd.org/D26365
2020-09-21 22:24:46 +00:00
tsoome
a9be09f45f loader: zfs should support bootonce an nextboot
bootonce feature is temporary, one time boot, activated by
"bectl activate -t BE", "bectl activate -T BE" will reset the bootonce flag.

By default, the bootonce setting is reset on attempt to boot and the next
boot will use previously active BE.

By setting zfs_bootonce_activate="YES" in rc.conf, the bootonce BE will
be set permanently active.

bootonce dataset name is recorded in boot pool labels, bootenv area.

in case of nextboot, the nextboot_enable boolean variable is recorded in
freebsd:nvstore nvlist, also stored in boot pool label bootenv area.
On boot, the loader will process /boot/nextboot.conf if nextboot_enable
is "YES", and will set nextboot_enable to "NO", preventing /boot/nextboot.conf
processing on next boot.

bootonce and nextboot features are usable in both UEFI and BIOS boot.

To use bootonce/nextboot features, the boot loader needs to be updated on disk;
if loader.efi is stored on ESP, then ESP needs to be updated and
for BIOS boot, stage2 (zfsboot or gptzfsboot) needs to be updated
(gpart or other tools).

At this time, only lua loader is updated.

Sponsored by:	Netflix, Klara Inc.
Differential Revision:	https://reviews.freebsd.org/D25512
2020-09-21 09:01:10 +00:00
sjg
114f25a1f5 zalloc_malloc:Free hexdump preceeding buffer when we detect overflow
Move hexdump from stand/common/misc.c to stand/libsa/hexdump.c
(svn cp)
Disable use of pager - causes linking issue for boot1
can be re-enabled by defining HEXDUMP_PAGER.

Reviewed by:	stevek, imp
MFC after:	1 week
Sponsored by:	Juniper Networks
Differential Revision: https://reviews.freebsd.org/D26235
2020-08-29 21:05:43 +00:00
arichardson
225e1efa48 Fix stand/newvers.sh with zsh in sh mode
When building on macOS with sh==zsh, newvers.sh was producing an
unterminated string literal due to \\n being turned as a newline. Fix this
by using a here document instead.

Reviewed By:	imp
Differential Revision: https://reviews.freebsd.org/D26036
2020-08-12 15:49:10 +00:00
stevek
5904f93598 Fix compilation error for install.c in loader
Fix typo in interp_include() invocation (missing 'p')
Remove setting tftpip, as servip is used by the tftp code in libsa. There
is no separate tftpip global variable any more.

Obtained from:	Juniper Networks, Inc.
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D25897
2020-07-31 16:08:25 +00:00
mhorne
4886ed8d88 RISC-V boot1.efi and loader.efi support
This implementation doesn't have any major deviations from the other EFI
ports. I've copied the boilerplate from arm and arm64.

I've tested this with the following boot flows:
OpenSBI (M-mode) -> u-boot (S-mode) -> loader.efi -> FreeBSD
OpenSBI (M-mode) -> u-boot (S-mode) -> boot1.efi -> loader.efi -> FreeBSD

Due to the way that u-boot handles secondary CPUs, OpenSBI >= v0.7 is required,
as the HSM extension is needed to bring them up explicitly. Because of this,
using BBL as the SBI implementation will not be possible. Additionally, there
are a few recent u-boot changes that are required as well, all of which will be
present in the upcoming v2020.07 release.

Looks good:	emaste
Differential Revision:	https://reviews.freebsd.org/D25135
2020-07-06 18:19:42 +00:00
kevans
b18c4f7d50 stand: remove redundant declarations
These are picked out by the amd64-gcc6 build; time() is declared in <time.h>
and delay() is declared in <bootstrap.h>. These are the correct places for
these in stand/, so remove the duplicate declarations and make sure the
delay() consumer in libefi that depended on the extra delay() declaration
includes <bootstrap.h>.

MFC after:	1 week
2020-06-23 23:52:43 +00:00
tsoome
a216c01968 loader: zfs_cmd.c does not really compile without libzfs.h
Having libzfs.h wrapped in LOADER_ZFS_SUPPORT check does not really make sense,
because we do need function declarations with C99.

Sponsored by:	Netflix, Klara Inc.
2020-06-16 07:30:34 +00:00
tsoome
f5ecabad31 loader: variable i is unused without MBR/GPT support built in
Because i is only used as index in for loop, declare it in for statement.

Sponsored by:	Netflix, Klara Inc.
2020-06-16 07:05:03 +00:00
sjg
48922d113c Minor cleanup of initialized variables
Sort the list and cleanup trailing white-space

Reviewed by:	stevek
MFC after:	1 week
2020-06-12 21:48:46 +00:00
sjg
ebc1f2ee78 loader: install allow for more complete device spec in url
Rework to simplify and impose sane url syntax.
That is we allow for file://[devname[:fstype]]/package

Reviewed by:	stevek
MFC after:	1 week
Sponsored by:	Juniper Networks
Differential Revision: https://reviews.freebsd.org//D25134
2020-06-08 18:13:38 +00:00
kevans
83f4464bb7 lualoader: drop the filename and word "LUA" from errors
The filename is nearly always wrong since it's /boot/lua/loader.lua, which
is not useful for diagnostics. The actual errmsg will include a lua filename
if this is relevant.

Dropping "LUA" while we're here because that's almost universally
irrelevant to whatever error follows, unless the error states that it's
actually a lua problem.

Both of these are minor nits that just detract from identifying the
pertinent information.

MFC after:	3 days
2020-06-03 18:29:32 +00:00
kevans
4173d344e7 loader: fix userboot's ability to detect a guest's interpreter
Some time after r338418, I believe with -Os/-Oz -ffunction-sections
-fdata-sections, the bootprog_interp variable that held our "$Interpreter:"
marker started getting strip from all loaders, with exception to userboot
since it used bootprog_interp to determine what flavor of userboot it was.

At some point, it had been brought to my attention that this was no longer
working and I had worked up some potential solutions to use the variable
that involved printing it out. My vague recollection is that this was
rejected, and I forgot to explore the alternatives; I cannot find records of
this discussion anymore.

Fast forward to present day, Andrew reported that it was non-functional and
offered (effectively) this patch (sans comment) to stop the compiler from
optimizing it out by assigning it to a volatile variable. This removes
concerns about user-facing change while retaining the interpreter marker.
Furthermore, it could certainly be uglier.

Reported and tested by:	Andrew Gierth <andrew_tao173.riddles.org.uk>
MFC after:	3 days
2020-05-20 21:02:08 +00:00
bdragon
06d4e4b8ae Remove sparc relocation support from reloc_elf.c.
It got missed in the sparc64 removal.
2020-05-01 16:47:54 +00:00
sjg
59b95f1bfb Fix pkgfs stat so it satisfies libsecureboot
We need a valid st_dev, st_ino and st_mtime
to correctly track which files have been verified
and to update our notion of time.

ve_utc_set(): ignore utc if it would jump our current time
by more than VE_UTC_MAX_JUMP (20 years).

Allow testing of install command via userboot.
Need to fix its stat implementation too.

bhyveload also needs stat fixed - due to change to userboot.h

Call ve_error_get() from vectx_close() when hash is wrong.

Track the names of files we have hashed into pcr

For the purposes of measured boot, it is important
to be able to reproduce the hash reflected in
loader.ve.pcr
so loader.ve.hashed provides a list of names in the order they
were added.

Reviewed by:	imp
MFC after:	1 week
Sponsored by:	Juniper Networks
Differential Revision:	https://reviews.freebsd.org//D24027
2020-03-25 19:12:19 +00:00
tsoome
3a22819456 loader: remove libsa/crc32.c and use version from zlib
we have crc32(const void *, size_t) in libsa. Unfortunately zlib has
crc32(long, const unigned char *, unsigned) and we have conflict.

Since we do build libsa with zlib, we can use zlib version instead.

Reviewed by:	allanjude
Differential Revision:	https://reviews.freebsd.org/D24068
2020-03-19 21:05:11 +00:00
tsoome
9dbc56a1e9 loader: misaligned access of dos_partition structure
armv7 crash due to misligned access of dos_partition dp_start field.

Allocate and make copy of dos_partition array to make sure the data
is aligned.

Reported by:	marklmi at yahoo.com
2020-03-19 17:27:08 +00:00
sjg
a1a62ee99a veloader use vectx API for kernel and modules
The vectx API, computes the hash for verifying a file as it is read.
This avoids the overhead of reading files twice - once to verify, then
again to load.

For doing an install via loader, avoiding the need to rewind
large files is critical.

This API is only used for modules, kernel and mdimage as these are the
biggest files read by the loader.
The reduction in boot time depends on how expensive the I/O is
on any given platform.  On a fast VM we see 6% improvement.

For install via loader the first file to be verified is likely to be the
kernel, so some of the prep work (finding manifest etc) done by
verify_file() needs to be factored so it can be reused for
vectx_open().

For missing or unrecognized fingerprint entries, we fail
in vectx_open() unless verifying is disabled.

Otherwise fingerprint check happens in vectx_close() and
since this API is only used for files which must be verified
(VE_MUST) we panic if we get an incorrect hash.

Reviewed by:	imp,tsoome
MFC after:	1 week
Sponsored by:	Juniper Networks
Differential Revision:	https://reviews.freebsd.org//D23827
2020-03-08 18:48:01 +00:00
sjg
7993a62d04 veloader use vectx API for kernel and modules
The vectx API, computes the hash for verifying a file as it is read.
This avoids the overhead of reading files twice - once to verify, then
again to load.

For doing an install via loader, avoiding the need to rewind
large files is critical.

This API is only used for modules, kernel and mdimage as these are the
biggest files read by the loader.
The reduction in boot time depends on how expensive the I/O is
on any given platform.  On a fast VM we see 6% improvement.

For install via loader the first file to be verified is likely to be the
kernel, so some of the prep work (finding manifest etc) done by
verify_file() needs to be factored so it can be reused for
vectx_open().

For missing or unrecognized fingerprint entries, we fail
in vectx_open() unless verifying is disabled.

Otherwise fingerprint check happens in vectx_close() and
since this API is only used for files which must be verified
(VE_MUST) we panic if we get an incorrect hash.

Reviewed by:	imp,tsoome
MFC after:	1 week
Sponsored by:	Juniper Networks
Differential Revision:	https://reviews.freebsd.org//D23827
2020-03-08 17:42:42 +00:00
tsoome
33376070a8 loader: alloc_pread() should set errno if malloc fails
We may want to find out why alloc_pread() failed.
2020-02-23 15:21:15 +00:00
kevans
5cc7b9437a interp_lua: fix bogus indentation, NFC 2020-02-12 16:10:00 +00:00
kevans
8e6539b311 lualoader: disable autoboot on high-level interpreter errors
If we hit an error at this level, we are almost certainly not in any kind
of sane state where autoboot can do the right thing. Instead of letting it
try and probably failing, disable autoboot so they immediately get kicked
into a loader prompt for manual remediation/diagnosis.

Reviewed by:	tsoome
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D23611
2020-02-12 16:09:01 +00:00
imp
e4792f367c Remove sparc64 support from the boot loader.
Remove all the sparc64 specific bits, both files and ifdefs.
2020-02-03 17:34:57 +00:00
tsoome
7320de6aed loader: clean up devopen and devclose a bit
devopen should undo setup of f->f_dev in case of error.
devclose can just call free().

MFC after:	1 week
2019-12-13 08:41:37 +00:00
tsoome
e8f876a8e6 loader: vdisk dereference after free
print out the information and then free the memory used.

MFC after:	1 week
2019-12-13 08:20:20 +00:00
imp
a476ba06d5 Regularize my copyright notice
o Remove All Rights Reserved from my notices
o imp@FreeBSD.org everywhere
o regularize punctiation, eliminate date ranges
o Make sure that it's clear that I don't claim All Rights reserved by listing
  All Rights Reserved on same line as other copyright holders (but not
  me). Other such holders are also listed last where it's clear.
2019-12-04 16:56:11 +00:00
tsoome
84a0026054 loader: add support for hybrid PMBR for GPT partition table
Note hybrid table is nor really UEFI specification compliant.

Sample hybrid partition table:
> ::mbr
Format: unknown
Signature: 0xaa55 (valid)
UniqueMBRDiskSignature: 0

PART TYPE                  ACTIVE  STARTCHS    ENDCHS      SECTOR     NUMSECT
0    EFI_PMBR:0xee         0       1023/254/63 1023/254/63 1          409639
1    0xff                  0       1023/254/63 1023/254/63 409640     978508408
2    FDISK_EXT_WIN:0xc     0       1023/254/63 1023/254/63 978918048  31250000
3    0xff                  0       1023/254/63 1023/254/63 1010168048 32
>
2019-11-15 20:43:39 +00:00
tsoome
2ce9b4fef1 loader: show APFS partition type name
Add small visual aid in lsdev output.
2019-11-04 12:20:19 +00:00
kevans
c271ee8eb9 stand: consolidate knowledge of lua path
Multiple places coordinate to 'know' where lua scripts are installed. Knock
this down to being formally defined (and overridable) in exactly one spot,
defs.mk, and spread the knowledge to loaders and liblua alike. A future
commit will expose this to lua as loader.lua_path, so it can build absolute
paths to lua scripts as needed.

MFC after:	1 week
2019-11-02 03:37:58 +00:00
jhibbits
5c5f385b1b Loader: Add load offset to powerpc kernel entry point
Summary:
There is logic in ELF loadimage() to relocate kernels, but currently
only type ET_EXEC.  PowerPC kernels are ET_DYN, and can be relocated anywhere.
Add the load offset to kernel entry points on this platform.

Reviewed by:	imp, ian
Differential Revision:	https://reviews.freebsd.org/D21286
2019-09-06 02:28:03 +00:00
sjg
78f217e836 loader: ignore some variable settings if input unverified
libsecureboot can tell us if the most recent file opened was
verfied or not.
If it's state is VE_UNVERIFIED_OK, skip if variable
matches one of the restricted prefixes.

Reviewed by:	stevek
MFC after:	1 week
Sponsored by:	Juniper Networks
Differential Revision:	https://reviews.freebsd.org//D20909
2019-07-17 23:33:14 +00:00
imp
0ea6c510f8 Remove NAND and NANDFS support
NANDFS has been broken for years. Remove it. The NAND drivers that
remain are for ancient parts that are no longer relevant. They are
polled, have terrible performance and just for ancient arm
hardware. NAND parts have evolved significantly from this early work
and little to none of it would be relevant should someone need to
update to support raw nand. This code has been off by default for
years and has violated the vnode protocol leading to panics since it
was committed.

Numerous posts to arch@ and other locations have found no actual users
for this software.

Relnotes:	Yes
No Objection From: arch@
Differential Revision: https://reviews.freebsd.org/D20745
2019-06-25 04:50:09 +00:00
imp
651ae00bd8 Move to using a common kernel path between the boot / laoder bits and
the kernel.
2019-06-24 20:34:53 +00:00
tsoome
278c316e05 loader: disk_open() should honor D_PARTNONE
The D_PARTNONE is documented to make it possible to open raw MBR
partition, but the current disk_open() does not really implement this
statement.

The current code is checking partition against -1 (D_PARTNONE) but does
attempt to open partition table in case we do have FreeBSD MBR partition type.
Instead, we should check -2 (D_PARTWILD).

In case we do have MBR + BSD label, this code is only working because
by default, the first BSD partiton is created starting with relative sector
0, and we can still access the BSD table from that MBR slice.

Reviewed by:	imp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D20501
2019-06-06 16:27:05 +00:00
imp
7f21fef8c9 [zfsboot] Fix boot env back compat (#190)
* Fix boot env back compat

zfsboot must try zfsloader before loader in order to remain compatible
with boot environments created prior to zfs functionality being rolled
into loader proper.

* Improve comments in zfsboot

Explain the significance of the load path order, and put the comment
about looping through the paths in the appropriate scope.

Obtained From:  TrueNAS commit 4c60c62fcf0b6b6eac98ee8d46e7bbea64bc86f5
Submitted by: Ryan Moeller <ryan@freqlabs.com>
2019-06-03 19:10:46 +00:00
bcran
56449d8947 Fix comment parsing in interp_simple.c
loader.rc has comment lines without a trailing space, which get
interpreted as commands. Avoid this by only matching against the
backslash character.

Reviewed by:	imp, tsoome
Differential Revision:	https://reviews.freebsd.org/D20491
2019-06-01 19:47:15 +00:00
jkim
784c918f6a Initialize a variable to fix build with GCC. 2019-05-23 22:49:03 +00:00
jkim
77a5e9362e Remove yet another unused variable. 2019-05-23 22:01:05 +00:00
manu
4012193a35 loader: Remove unused variable
Reported by:	lwshu, ci@
2019-05-23 20:04:22 +00:00
manu
6fbab7eb4f loader: Add pnp functions for autoloading modules based on linker.hints
This adds some new commands to loader :

- pnpmatch
   This takes a pnpinfo string as argument and tries to find a kernel module
   associated with it. -v and -d option are available and are the same as in
   devmatch (v is verbose, d dumps the hints).
- pnpload
   This takes a pnpinfo string as argument and tries to load a kernel module
   associated with it.
- pnpautoload
   This will attempt to load every kernel module for each buses. Each buses are
   probed, the probe function will generate pnpinfo string and load kernel module
   associated with it if it exists.

Only simplebus for FDT system is implemented for now.
Since we need the dtb and overlays to be applied before searching the tree
fdt_devmatch_next will load and apply the dtb + overlays.

All the pnp parsing code comes from devmatch and is the same at 99%.

Reviewed by:	imp, kevans
Differential Revision:	https://reviews.freebsd.org/D19498
2019-05-23 19:26:50 +00:00
ngie
4ac8e90cc6 Unbreak the build when ELF_VERBOSE is defined after r348005
This change properly terminates the formatting string quote modification done
in r348005, which is triggered when `ELF_VERBOSE` is defined.

MFC with:	r348005
Reported by:	ci (amd64, gcc)
2019-05-21 00:46:47 +00:00
luporl
cc2e8ef566 [PowerPC64] stand: fix build using clang 8 as compiler
This change fixes "stand" build issues when using clang 8
as compiler.

Submitted by:   alfredo.junior_eldorado.org.br
Reviewed by:    jhibbits
Differential Revision: https://reviews.freebsd.org/D20026
2019-05-20 19:21:35 +00:00
tsoome
33d8160d67 loader: fix memory handling errors in module.c
file_loadraw():
check for file_alloc() and strdup() results.
we leak 'name'.

mod_load() does leak 'filename'.

mod_loadkld() does not need to check fp, file_discard() does check.
2019-05-13 22:17:11 +00:00
tsoome
edcc1fb7d7 loader: use DPRINTF in biosdisk.c and define safe DPRINTF
r345066 did miss biosdisk.c.

Also define DPRINTF as ((void)0) for case we do not want debug printouts.

MFC after:	1 week
2019-05-09 13:12:43 +00:00
tsoome
c3e96d5122 loader: ptable_print() needs two tabs sometimes
Since the partition/slice names do vary in length, check the length
of the fixed part of the line against 3 * 8, if the lenth is less than
3 tab stops, print out extra tab.

use snprintf() instead of sprintf.
2019-05-09 11:04:10 +00:00
tsoome
b9bb0a1f15 command_bcache() does not use argv
Therefore mark argv __unused.
2019-05-07 10:01:45 +00:00
tsoome
8d47118c9e loader: bcache code does not need to check argument for free() 2019-05-07 08:14:30 +00:00
tsoome
9236c6f0b8 loader: use safer DPRINTF body for non-debug case 2019-05-07 07:46:40 +00:00
tsoome
38b668d19f loader: validate sectorsize argument in disk_open()
The bug and patch is reported against 11.2, but it is good idea to have
the check in place for all versions.

PR:		236585
Submitted by:	john@feith.com
Reported by:	john@feith.com
MFC after:	1 day
2019-05-05 06:38:47 +00:00
imp
c2d2307dd8 Use D_PARTISGPT rather than bare 255
These three cases dovetail with other places in the code where we use
or set D_PARTISGPT when we mean that the partitioning scheme is
GPT. Use this #define to make the code easier to undertand.

Reviewed by: tsoome@
Differential Revision: https://reviews.freebsd.org/D20122
2019-05-01 05:42:13 +00:00