freebsd-skq/sys/geom/geom_redboot.c
kevans dd6f2f2c8d Annotate geom modules with MODULE_VERSION
GEOM ELI may double ask the password during boot. Once at loader time, and
once at init time.

This happens due a module loading bug. By default GEOM ELI caches the
password in the kernel, but without the MODULE_VERSION annotation, the
kernel loads over the kernel module, even if the GEOM ELI was compiled into
the kernel. In this case, the newly loaded module
purges/invalidates/overwrites the GEOM ELI's password cache, which causes
the double asking.

MFC Note: There's a pc98 component to the original submission that is
omitted here due to pc98 removal in head. This part will need to be revived
upon MFC.

Reviewed by:	imp
Submitted by:	op
Obtained from:	opBSD
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D14992
2018-04-10 19:18:16 +00:00

361 lines
9.5 KiB
C

/*-
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
*
* Copyright (c) 2009 Sam Leffler, Errno Consulting
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer,
* without modification.
* 2. Redistributions in binary form must reproduce at minimum a disclaimer
* similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any
* redistribution must be conditioned upon including a substantially
* similar Disclaimer requirement for further binary redistribution.
*
* NO WARRANTY
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
* THE POSSIBILITY OF SUCH DAMAGES.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/errno.h>
#include <sys/endian.h>
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/fcntl.h>
#include <sys/malloc.h>
#include <sys/bio.h>
#include <sys/lock.h>
#include <sys/mutex.h>
#include <sys/bus.h>
#include <sys/sbuf.h>
#include <geom/geom.h>
#include <geom/geom_slice.h>
#define REDBOOT_CLASS_NAME "REDBOOT"
struct fis_image_desc {
uint8_t name[16]; /* null-terminated name */
uint32_t offset; /* offset in flash */
uint32_t addr; /* address in memory */
uint32_t size; /* image size in bytes */
uint32_t entry; /* offset in image for entry point */
uint32_t dsize; /* data size in bytes */
uint8_t pad[256-(16+7*sizeof(uint32_t)+sizeof(void*))];
struct fis_image_desc *next; /* linked list (in memory) */
uint32_t dsum; /* descriptor checksum */
uint32_t fsum; /* checksum over image data */
};
#define FISDIR_NAME "FIS directory"
#define REDBCFG_NAME "RedBoot config"
#define REDBOOT_NAME "RedBoot"
#define REDBOOT_MAXSLICE 64
#define REDBOOT_MAXOFF \
(REDBOOT_MAXSLICE*sizeof(struct fis_image_desc))
struct g_redboot_softc {
uint32_t entry[REDBOOT_MAXSLICE];
uint32_t dsize[REDBOOT_MAXSLICE];
uint8_t readonly[REDBOOT_MAXSLICE];
g_access_t *parent_access;
};
static void
g_redboot_print(int i, struct fis_image_desc *fd)
{
printf("[%2d] \"%-15.15s\" %08x:%08x", i, fd->name,
fd->offset, fd->size);
printf(" addr %08x entry %08x\n", fd->addr, fd->entry);
printf(" dsize 0x%x dsum 0x%x fsum 0x%x\n", fd->dsize,
fd->dsum, fd->fsum);
}
static int
g_redboot_ioctl(struct g_provider *pp, u_long cmd, void *data, int fflag, struct thread *td)
{
return (ENOIOCTL);
}
static int
g_redboot_access(struct g_provider *pp, int dread, int dwrite, int dexcl)
{
struct g_geom *gp = pp->geom;
struct g_slicer *gsp = gp->softc;
struct g_redboot_softc *sc = gsp->softc;
if (dwrite > 0 && sc->readonly[pp->index])
return (EPERM);
return (sc->parent_access(pp, dread, dwrite, dexcl));
}
static int
g_redboot_start(struct bio *bp)
{
struct g_provider *pp;
struct g_geom *gp;
struct g_redboot_softc *sc;
struct g_slicer *gsp;
int idx;
pp = bp->bio_to;
idx = pp->index;
gp = pp->geom;
gsp = gp->softc;
sc = gsp->softc;
if (bp->bio_cmd == BIO_GETATTR) {
if (g_handleattr_int(bp, REDBOOT_CLASS_NAME "::entry",
sc->entry[idx]))
return (1);
if (g_handleattr_int(bp, REDBOOT_CLASS_NAME "::dsize",
sc->dsize[idx]))
return (1);
}
return (0);
}
static void
g_redboot_dumpconf(struct sbuf *sb, const char *indent, struct g_geom *gp,
struct g_consumer *cp __unused, struct g_provider *pp)
{
struct g_redboot_softc *sc;
struct g_slicer *gsp;
gsp = gp->softc;
sc = gsp->softc;
g_slice_dumpconf(sb, indent, gp, cp, pp);
if (pp != NULL) {
if (indent == NULL) {
sbuf_printf(sb, " entry %d", sc->entry[pp->index]);
sbuf_printf(sb, " dsize %d", sc->dsize[pp->index]);
} else {
sbuf_printf(sb, "%s<entry>%d</entry>\n", indent,
sc->entry[pp->index]);
sbuf_printf(sb, "%s<dsize>%d</dsize>\n", indent,
sc->dsize[pp->index]);
}
}
}
#include <sys/ctype.h>
static int
nameok(const char name[16])
{
int i;
/* descriptor names are null-terminated printable ascii */
for (i = 0; i < 15; i++)
if (!isprint(name[i]))
break;
return (name[i] == '\0');
}
static struct fis_image_desc *
parse_fis_directory(u_char *buf, size_t bufsize, off_t offset, uint32_t offmask)
{
#define match(a,b) (bcmp(a, b, sizeof(b)-1) == 0)
struct fis_image_desc *fd, *efd;
struct fis_image_desc *fisdir, *redbcfg;
struct fis_image_desc *head, **tail;
int i;
fd = (struct fis_image_desc *)buf;
efd = fd + (bufsize / sizeof(struct fis_image_desc));
#if 0
/*
* Find the start of the FIS table.
*/
while (fd < efd && fd->name[0] != 0xff)
fd++;
if (fd == efd)
return (NULL);
if (bootverbose)
printf("RedBoot FIS table starts at 0x%jx\n",
offset + fd - (struct fis_image_desc *) buf);
#endif
/*
* Scan forward collecting entries in a list.
*/
fisdir = redbcfg = NULL;
*(tail = &head) = NULL;
for (i = 0; fd < efd; i++, fd++) {
if (fd->name[0] == 0xff)
continue;
if (match(fd->name, FISDIR_NAME))
fisdir = fd;
else if (match(fd->name, REDBCFG_NAME))
redbcfg = fd;
if (nameok(fd->name)) {
/*
* NB: flash address includes platform mapping;
* strip it so we have only a flash offset.
*/
fd->offset &= offmask;
if (bootverbose)
g_redboot_print(i, fd);
*tail = fd;
*(tail = &fd->next) = NULL;
}
}
if (fisdir == NULL) {
if (bootverbose)
printf("No RedBoot FIS table located at %lu\n",
(long) offset);
return (NULL);
}
if (redbcfg != NULL &&
fisdir->offset + fisdir->size == redbcfg->offset) {
/*
* Merged FIS/RedBoot config directory.
*/
if (bootverbose)
printf("FIS/RedBoot merged at 0x%jx (not yet)\n",
offset + fisdir->offset);
/* XXX */
}
return head;
#undef match
}
static struct g_geom *
g_redboot_taste(struct g_class *mp, struct g_provider *pp, int insist)
{
struct g_geom *gp;
struct g_consumer *cp;
struct g_redboot_softc *sc;
int error, sectorsize, i;
struct fis_image_desc *fd, *head;
uint32_t offmask;
u_int blksize; /* NB: flash block size stored as stripesize */
u_char *buf;
off_t offset;
const char *value;
char *op;
offset = 0;
if (resource_string_value("redboot", 0, "fisoffset", &value) == 0) {
offset = strtouq(value, &op, 0);
if (*op != '\0') {
offset = 0;
}
}
g_trace(G_T_TOPOLOGY, "redboot_taste(%s,%s)", mp->name, pp->name);
g_topology_assert();
if (!strcmp(pp->geom->class->name, REDBOOT_CLASS_NAME))
return (NULL);
/* XXX only taste flash providers */
if (strncmp(pp->name, "cfi", 3) &&
strncmp(pp->name, "flash/spi", 9))
return (NULL);
gp = g_slice_new(mp, REDBOOT_MAXSLICE, pp, &cp, &sc, sizeof(*sc),
g_redboot_start);
if (gp == NULL)
return (NULL);
/* interpose our access method */
sc->parent_access = gp->access;
gp->access = g_redboot_access;
sectorsize = cp->provider->sectorsize;
blksize = cp->provider->stripesize;
if (powerof2(cp->provider->mediasize))
offmask = cp->provider->mediasize-1;
else
offmask = 0xffffffff; /* XXX */
if (bootverbose)
printf("%s: mediasize %ld secsize %d blksize %d offmask 0x%x\n",
__func__, (long) cp->provider->mediasize, sectorsize,
blksize, offmask);
if (sectorsize < sizeof(struct fis_image_desc) ||
(sectorsize % sizeof(struct fis_image_desc)))
return (NULL);
g_topology_unlock();
head = NULL;
if(offset == 0)
offset = cp->provider->mediasize - blksize;
again:
buf = g_read_data(cp, offset, blksize, NULL);
if (buf != NULL)
head = parse_fis_directory(buf, blksize, offset, offmask);
if (head == NULL && offset != 0) {
if (buf != NULL)
g_free(buf);
offset = 0; /* check the front */
goto again;
}
g_topology_lock();
if (head == NULL) {
if (buf != NULL)
g_free(buf);
return NULL;
}
/*
* Craft a slice for each entry.
*/
for (fd = head, i = 0; fd != NULL; fd = fd->next) {
if (fd->name[0] == '\0')
continue;
error = g_slice_config(gp, i, G_SLICE_CONFIG_SET,
fd->offset, fd->size, sectorsize, "redboot/%s", fd->name);
if (error)
printf("%s: g_slice_config returns %d for \"%s\"\n",
__func__, error, fd->name);
sc->entry[i] = fd->entry;
sc->dsize[i] = fd->dsize;
/* disallow writing hard-to-recover entries */
sc->readonly[i] = (strcmp(fd->name, FISDIR_NAME) == 0) ||
(strcmp(fd->name, REDBOOT_NAME) == 0);
i++;
}
g_free(buf);
g_access(cp, -1, 0, 0);
if (LIST_EMPTY(&gp->provider)) {
g_slice_spoiled(cp);
return (NULL);
}
return (gp);
}
static void
g_redboot_config(struct gctl_req *req, struct g_class *mp, const char *verb)
{
struct g_geom *gp;
g_topology_assert();
gp = gctl_get_geom(req, mp, "geom");
if (gp == NULL)
return;
gctl_error(req, "Unknown verb");
}
static struct g_class g_redboot_class = {
.name = REDBOOT_CLASS_NAME,
.version = G_VERSION,
.taste = g_redboot_taste,
.dumpconf = g_redboot_dumpconf,
.ctlreq = g_redboot_config,
.ioctl = g_redboot_ioctl,
};
DECLARE_GEOM_CLASS(g_redboot_class, g_redboot);
MODULE_VERSION(geom_redboot, 0);