#
344399 |
|
21-Feb-2019 |
kevans |
MFC GELI Loader Improvements: r336252, r336254, r336256, r336354, r336532-r336534, r336537, r336626, r337326, r337349, r341071, r341160, r341420, r341473, r341651, r342793
Note that this MFC contains some seemingly unrelated zfsloader bits -- this was needed in order to pull in some later fixes for GELI hand-off w/ ZFS bits included.
r336252: Extend loader(8) geli support to all architectures and all disk-like devices.
This moves the bulk of the geli support from lib386/biosdisk.c into a new geli/gelidev.c which implements a devsw-type device whose dv_strategy() function handles geli decryption. Support for all arches comes from moving the taste-and-attach code to the devopen() function in libsa.
After opening any DEVT_DISK device, devopen() calls the new function geli_probe_and_attach(), which will "attach" the geli code to the open_file struct by creating a geli_devdesc instance to replace the disk_devdesc instance in the open_file. That routes all IO for the device through the geli code.
A new public geli_add_key() function is added, to allow arch/vendor-specific code to add keys obtained from custom hardware or other sources.
With these changes, geli support will be compiled into all variations of loader(8) on all arches because the default is WITH_LOADER_GELI.
r336254: Use if rather than case for a simple boolean. gcc thinks blks is undefined sometimes with the case, but enc is always 0 or 1, so and if / else is better anyway.
r336256: Fix glitched indentation (and rewrap as needed due to deeper indent). No functional changes.
r336354: zfsboot: fix build with WITHOUT_LOADER_GELI
r336532: Collapse zfsloader functionality back down into loader.
We no longer really need a separate zfsloader. It was useful when we were first supporting ZFS and had limited ability to properly boot off of ZFS without the special boot loader. Now that the boot loader has matured, go the way loader.efi pioneered and just build one binary. Change the name of the loader to load in the secondary boot blocks to be just /boot/loader. Provide a symbolic link from zfsloader to loader so people who have not upgraded their boot blocks are not affected. This has the happy benefit of making coexistence easier as well (fewer binaries in the matrix).
r336533: Eliminate zfsloader man page.
Remove all cross references to zfsloader.8 and /boot/zfsloader. Move ZFS specific info into loader.8.
r336534: NM and OBJCOPY are already defined for all builds. There's no need to conditionally define them here.
r336537: Mention zfsloader being folded into loader in UPDATING.
r336626: Older zfs boot blocks don't support symlinks. install the link to zfsloader as a hard link. While newer ones do, the whole point of the link was to transition to the new world order smoothly. A hard link is less flexible, but it works and will result in fewer bumps. Adjust UPDATING entry to match.
r337326: loader: biosdisk.c has leftover geli header.
A small cleanup, remove unneeded #include.
r337349: zfsboot: Fix startup crash
On a FreeNAS mini XL, with geli encrypted drives the loader crashed in geli_read().
When we iterate over the list of disks and allocate the zfsdsk structures we don’t zero out the gdev pointer. In one case that resulted in geli_read() (called on the bogus pointer) dividing by zero.
Use calloc() to ensure the zfsdsk structure is always zeroed, so the pointer is initialised to NULL. As a side benefit it gets rid of one #ifdef LOADER_GELI_SUPPORT.
r341071: Restore the ability to override the disk unit/partition at the boot: prompt in gptboot.
When arch-independent geli support was added, a new static 'gdsk' struct was added, but there was still a static 'dsk' struct, and when you typed in an alternate disk/partition, the string was parsed into that struct, which was then never used for anything. Now the string gets parsed into gdsk.dsk, the struct that's actually used.
r341160: Add comments describing the bootargs handoff between loader(8) and gptboot or zfsboot, when loader(8) is the BTX loader. No functional changes.
r341420: Eliminate duplicated code and struct member definitions in the handoff of args data between gptboot/zfsboot and loader(8).
Despite what seems like a lot of changes here, there are no actual changes in behavior, or in the data layout in the structures involved. This is just eliminating identical code pasted into multiple locations.
In detail, the changes are...
- Move struct zfs_boot_args definition from libsa/zfs/libzfs.h to i386/common/bootargs.h because it is specific to x86 booting and the handoff between zfsboot and loader, and has no relation to the zfs library code in general.
- The geli_boot_args and zfs_boot_args structs both contain an identical set of member variables containing geli information. Extract this out to a new geli_boot_data struct, and embed it in the arg-passing structs.
- Provide new routines geli_import_boot_data() and geli_export_boot_data() that can be shared between gptboot, zfsboot, and loader instead of pasting identical code into several different .c files.
- Remove some checks for a NULL pointer that can never be true because the pointer being tested was set using pointer math (kargs + 1) and that can never result in NULL in this code.
r341473: Fix args cross-threading between gptboot(8) and loader(8) with zfs support.
When loader(8) is built with zfs support enabled, it assumes that any extarg data present is a zfs_boot_args struct, but if the first-stage loader was gptboot(8) the extarg data is actually a geli_boot_args struct. Luckily, zfsboot(8) and gptzfsboot(8) have always passed KARGS_FLAGS_ZFS along with KARGS_FLAGS_EXTARG, so we can use KARGS_FLAGS_ZFS to decide whether the extarg data is a zfs_boot_args struct.
To avoid similar problems in the future, gptboot(8) now passes a new KARGS_FLAGS_GELI to indicate that extarg data is geli_boot_args. In loader(8), if the neither KARGS_FLAGS_ZFS nor KARGS_FLAGS_GELI is set but extarg data is present (which will be the case for gptboot compiled before this change), we now check for the known size of the geli_boot_args struct passed by the older versions of gptboot as a way of confirming what type of extarg data is present.
In a semi-related tidying up, since loader's main() has already decided what type of extarg data is present and set the global 'zargs' var accordingly, don't repeat the check in extract_currdev, just check whether zargs is NULL or not.
r341651: Don't reference zfs-specific variables if LOADER_ZFS_SUPPORT is undefined because the variables will be undefined too.
r342793: MK_ZFS -> {MK_ZFS|MK_LOADER_ZFS}, this is so we can diable userland / kernel ZFS but keep the boot-loaders when using ZoL port.
Relnotes: yes (GELI support extended) Relnotes: yes (zfsloader has been collapsed into loader and may be removed after boot blocks have been updated)
|
#
344295 |
|
19-Feb-2019 |
kevans |
MFC r335245-r335248, r335254, r335276, r335298, r335398, r335868, r335883
r335245: Correct logic error in biosdisk.c:bd_realstrategy()
The wrong condition is used when evaluating the return of disk_ioctl() This results in reaching the 'We should not get here' branch in most casts
r335246: biosdisk.c remove redundant variable
`rdev` and `disk` serve the same purpose, read the partition table without the `d_offset` or `d_slice` set, so the read is relative to the start of the disk. Reuse the already initialized `disk` instead of making another copy later.
r335247: biosdisk.c: add missing \n to error message
r335248: biosdisk.c: fix type in debug printf
r335254: Avoid reading past the end of the disk in zfsboot.c and biosdisk.c
The GELI boot code rounds reads up to 4k, since the encrypted sectors are 4k, and must be decrypted as a unit. With oddball sized disks (almost always virtual), this can lead to reading past the end of the disk.
r335276: gptboot, zfsboot, gptzfsboot: Enable the video and serial consoles early
Normally the serial console is not enabled until /boot.config is read and we know how the serial console should be configured. Initialize the consoles early in 'dual' mode (serial & keyboard) with a default serial rate of 115200. Then serial is re-initialized once the disk is decrypted and the /boot.config file can be read.
This allows the GELIBoot passphrase to be provided via the serial console.
r335298: stand/common/disk.c: Update debug printf
This was missed in r330809 because it is compiled out by default
r335398: Revert r335276
This was causing issues for people booting. I will likely bring this back as an optional feature, similar to boot0sio, like gptboot-serial or something.
r335868: stand/common/disk.c: Read partition table relative to the start of the disk
If a disk is of an oddball size, like the 200mb + 512b used in rootgen.sh, when disk_open() is called on a GELI encrypted partition, attempts to read the partition table fail, as they pass through the decryption process which turns the already plaintext data into jibberish.
When reading the partition table, always pass a slice and partition setting of -1, and an offset of 0. Setting the slice to -1 prevents a false positive when checking the slice against the cache of GELI encrypted slices.
r335883: stand/common/disk.c: dev->d_offset still needs to be set to 0
With r335868, I thought this was no longer necessary. I was wrong.
|
#
329175 |
|
12-Feb-2018 |
kevans |
MFC Loader Fixes 2017q4p7: r324844,r326089,r326926,r326440,r326484,r326494, r326588,r326708,r326784,r326914,r327390,r328446,r326090,r326143,r326144, r326182,r326384,r326421,r326440,r326441,r326442,r326443,r326444,r326445, r326446,r326447,r326448,r326484,r326485,r326486,r326487,r326488,r326490, r326491,r326492,r326493,r326494,r326495,r326504,r326507,r326509,r326584, r326585,r326586,r326587,r326588,r326589,r326590,r326591,r326592,r326593, r326594,r326600,r326616,r326671,r326707,r326708,r326709,r326710,r326711, r326712,r326714,r326720,r326768,r326772,r326784,r326792,r326812,r326854, r326855,r326856,r326858,r326886,r326887,r326914,r326926,r326927,r326960, r326961,r326962,r326963,r327351,r327453,r327390,r327523,r327524,r326489, r327880,r328437,r328438,r328439,r328441,r328446,r328448,r328449,r328612, r328613,r328615
While here, undo our libfdt hack of not including <stdlib.h> if we're compiling _STANDALONE.
r324844: When building standalone, don't define errno. Let the definition from stand.h override. This is similar to what we do in the kernel.
r326089: loader.efi: efipart does not recognize partitionless disks
r326090: net_parse_rootpath() has no parameters
r326143: Fix theoretical integer overflow issues. If the product here is
r326144: Mark the func pointer as __dead2. It looks up loader_main, which
r326182: Modify all FreeBSD bootloaders on PowerPC AIM (Book-S) systems
r326384: Use const pointers to avoid casting away constness.
r326421: loader.efi: efipart should exclude iPXE stub block protocol
r326440: Remove stale dependency on ufsread.c
r326441: Minor flags cleanup
r326442: Cleanup CFALGS usage here
r326443: We don't need both _STAND and _STANDALONE, use the latter.
r326444: Move geli to common DO32 stuff
r326445: Fix random() and srandom() prototypes to match the standard.
r326446: Undefine _STANDALONE since this is test code.
r326447: Tweaks to the beri boot loader so that it builds w/o warnings.
r326448: Fix all warnings related to geli and ZFS support on x86.
r326484: Const poison the propname.
r326485: Delcare md_load in libofw.h. Make all prototypes match for ofw
r326486: Include machine/md_var to pick up __syncicache prototype.
r326487: Cast mdp (a vm_offset_t) to void * to match prototype.
r326488: e_entry can be smaller than a pointer. Cast it to an intptr_t
r326490: Declare our strange brand of main().
r326491: Disconnet ps3 from the build. There's too many warnings to fix.
r326492: Cast void * pointer to char * so the arg matches the %s format.
r326493: Provide a md_load64 prototype.
r326494: Mark two things as unused (since they are only sometimes used)
r326495: Now it's safe to bump WARNS to 1.
r326504: Switch to proper MK_LOADER_GELI tests.
r326507: increase maximum size of zfsboot
r326509: loader.efi: add note about iPXE into the efipart.c
r326584: When building standalone, include stand.h rather than the kernel
r326585: Include ficl.h before anything else
r326586: No need to include the userland md5.h, the kernel one is just fine.
r326587: Use the kernel relative paths, rather than the userland relative paths
r326588: Need to include skein in the include path
r326589: Make sure we include the right path for skein.h
r326590: Prefer stdint.h to inttypes.h
r326591: This isn't NetBSD specific code. Include these for any kernel /
r326592: Don't inherit CFLAGS. This a specialized test program.
r326593: Stop building with the standard system headers.
r326594: Now that we offer a semi-sane standards-ish set of #include files, stop hacking includes with sed.
r326600: Since this is contrib code, create an upstreamable version of my
r326616: dhcp_try_rfc1048() is not used any more
r326671: Avoid setting -Wno-tentative-definition-incomplete-type with gcc.
r326707: Add partial support signal.h functioanlity. Pull in machine/signal.h
r326708: Remove _KERNEL hack now that errno.h does the right thing when built standalone.
r326709: Provide implementations for iscntrl, ispunct and isgraph.
r326710: Put the files we're copying over into a few variables and clean hings up.
r326711: Const poison a couple of interfaces.
r326712: Create interp class.
r326714: boot1.c needs EFI_ZFS_BOOT too, so add it globally.
r326720: This path belongs in ficl/Makefile, not the common defines for users
r326768: Fix a comment to be more accurate
r326772: Fix regression with lua import
r326784: Revert part of 362772. It was causing problems for includes
r326792: Attempt to unbreak buildworld
r326812: Revert r326792, r326784, r326772, r326712
r326854: libefi: make efichar.h more usable in stand code
r326855: Cargo cut a fix for the regressions r326585 caused.
r326856: Fix comments after bump in size.
r326858: Revert r326855: Cargo cut a fix for the regressions r326585 caused.
r326886: Panic in sbrk if setheap hasn't been called yet. This is preferable o a mysterious crash
r326887: Remove the 'mini libstand in libstand' that util.[ch] provided.
r326914: Move loader-only defines to loader.mk from defs.mk
r326926: Move loader help file definitions to being 100% inside of loader.mk.
r326927: libficl is only ever used in a loader (never a boot) program. Move it.
r326960: Simplify things a little. The RETURN macro isn't required.
r326961: Interact is always called with NULL. Simplify code a little
r326962: Hoist btx include stuff to i386/Makefile.inc
r326963: No need to use relative paths like this here.
r327351: Fix ubldr. uboot/lib uses defines for the loader.
r327453: Add a validbcd() routine that uses the bcd2bin_data[] array
r327390: Garbage-collect loader.ps3. It is currently disconnected from the build and kboot replaces.
r327523: Don't clobber system LDFLAGS for beri boot loaders.
r327524: Use 'extern uint8_t' instead of 'extern void' for external symbols.
r326489: Allow this file to be used in libsa without warning...
r327880: Move getsecs() prototype to stand.h from net.h so it can be used
r328437: Split panic routine
r328438: Implement abort() as a call to panic.
r328439: Provide abs form stdlib.h.
r328441: abort() should be marked __dead2 since it won't return.
r328446: Now that exit is __dead2, we need to tag ub_exit() as __dead2.
r328448: Make exit() never return until host_exit can be written.
r328449: Tag unreachable places as such. I left the while (1); in place
r328612: Move strtold wrapper from strtol.c to its own strtold.c.
r328613: Kill copies of strtol and strtoul.
r328615: Update stand.h for changes for strto*l
PR: 223969
|