346477 |
21-Apr-2019 |
kevans |
MFC r337871, r339970, r342151, r342161, r343123-r343124, r344226, r344234, r344248, r344387
r337871: pkgfs_init: Initialize pkg
new_package may not set *pp if it errors out, leaving pkg uninitialized.
r339970: Remove unnecessary include from libstand.
r342151: loader: zfs reader should not probe partitionless disks
First of all, normal setups can not boot such pools as the tools do not support installing boot programs.
Secondly, for proper pool configuration detection, we need to checks all four label copies on disk, 2 from front and 2 from the end of the disk, but zfs label does not contain the size of the disk - so we depend on firmware to report the correct disk size or use information from the partition table.
Without partition table, we only can rely on firmware to report and support disk IO properly.
There is a specific case: 8TB disks are reported by BIOS to have 4294967295 sectors (0x00000000ffffffff), the sectors reported by OS is 15628053168 (0x00000003a3812ab0), so the reported size is less than actual but is hitting 32-bit max. Unfortuantely the real limit must be even lower because probing this disk in this system will wnd up with hung system.
UEFI boot of this system seems not to be affected.
r342161: loader: zfs reader should not probe partitionless disks (UEFI case)
With r342151 I did fix the BIOS version of zfs_probe_dev() from accessing the whole disk, but the fix was not complete - we actually did not check if the device name was really for whole disk. Since UEFI version is only calling the zfs_probe_dev() with partitions and not with whole disk, the UEFI loader was not able to find the zfs pools.
This update does correct the issue by calling archsw.arch_getdev() to translate the device name back to dev_desc, and we have whole disk when both partition and slice values are -1.
r343123: loader should ignore active multi_vdev_crash_dump feature on zpool
Since the loader zfs reader does not need to read the dump zvol, we can just enable the feature.
illumos issue #9051 https://www.illumos.org/issues/9051
r343124: libsa: add asprintf()
asprintf() is a nice tool for string processing.
r344226: Fix memory corruption bug introduced in r325310
The bug occurred when a bounce buffer was used and the requested read size was greater than the size of the bounce buffer. This commit also rewrites the read logic so that it is easier to systematically verify all alignment and size cases.
r344234: It turns out r344226 narrowed the overrun bug but did not eliminate it entirely
This commit fixes a remaining output buffer overrun in the single-sector case when there is a non-zero tail.
r344248: cd9660: dirmatch fails to unmatch when name is prefix for directory record
Loader does fail to properly match the file name in directory record and does open file based on prefix match.
For fix, we check the name lengths first.
r344387: loader: really fix cd9660 dirmatch
The cd9660_open() does pass whole path to dirmatch() and we need to compare only the current path component, not full path.
Additinally, skip over duplicate / (if any) and check if the last component in the path was meant to be directory (having trailing /). If it is in fact a file, error out. |
344408 |
21-Feb-2019 |
kevans |
MFC various libsa fixes: r337037-r337039, r337065, r337412-r337413, r337874, r338535, r338540, r339651, r339992-r339993, r340026
r337037: libsa: pointer differs in signedness
A small cleanup, fix the argument type and while there, replace (char *)0 with NULL.
r337038: libsa: bootp is using pointers with different sign
Just change bp_file to char and same for variable s.
r337039: libsa: assignment to char * from u_char *
Cast to char * instead of u_char *
r337065: libsa: dereferencing type-punned pointer in cd9660
The warning is given by gcc build, but it is good to fix anyhow. use bcopy instead of direct assignment.
r337412: libsa: dos_checksum() should take unsigned chars
Fix pointers to integers with different sign issue.
r337413: libsa: gzipfs.c converts pointers to integer types with different sign
Signed versus unsigned char.
r337874: libsa: zfs_probe() needs to set spa to NULL
Silence the warning about possibly uninitialized use of spa.
r338535: libsa: memory leak in tftp_open()
tftpfile is allocated just above and needs to be freed.
r338540: libsa: validate tftp_makereq() after we did reset the read
The name check referred in the comment is not the only possible error source, we need to validate the result.
r339651: libsa: re-send ACK for older data packets in tftp
In current tftp code we drop out-of-order packets; however, we should play nice and re-send ACK for older data packets we are receiving. This will hopefully stop server repeating those packets we already have received. Note we do not answer duplicates from "previous" session (that is, session with different port number), those will eventually time out.
r339992: libsa: tftp should not read past file end
When we have the file size via tsize option, use it to make sure we will not attempt to read past file end.
r339993: libsa: tftp should use calloc
instead of malloc() memset(), use calloc().
r340026: libsa: cstyle cleanup tftp.c
No functinal changes intended. |
344399 |
21-Feb-2019 |
kevans |
MFC GELI Loader Improvements: r336252, r336254, r336256, r336354, r336532-r336534, r336537, r336626, r337326, r337349, r341071, r341160, r341420, r341473, r341651, r342793
Note that this MFC contains some seemingly unrelated zfsloader bits -- this was needed in order to pull in some later fixes for GELI hand-off w/ ZFS bits included.
r336252: Extend loader(8) geli support to all architectures and all disk-like devices.
This moves the bulk of the geli support from lib386/biosdisk.c into a new geli/gelidev.c which implements a devsw-type device whose dv_strategy() function handles geli decryption. Support for all arches comes from moving the taste-and-attach code to the devopen() function in libsa.
After opening any DEVT_DISK device, devopen() calls the new function geli_probe_and_attach(), which will "attach" the geli code to the open_file struct by creating a geli_devdesc instance to replace the disk_devdesc instance in the open_file. That routes all IO for the device through the geli code.
A new public geli_add_key() function is added, to allow arch/vendor-specific code to add keys obtained from custom hardware or other sources.
With these changes, geli support will be compiled into all variations of loader(8) on all arches because the default is WITH_LOADER_GELI.
r336254: Use if rather than case for a simple boolean. gcc thinks blks is undefined sometimes with the case, but enc is always 0 or 1, so and if / else is better anyway.
r336256: Fix glitched indentation (and rewrap as needed due to deeper indent). No functional changes.
r336354: zfsboot: fix build with WITHOUT_LOADER_GELI
r336532: Collapse zfsloader functionality back down into loader.
We no longer really need a separate zfsloader. It was useful when we were first supporting ZFS and had limited ability to properly boot off of ZFS without the special boot loader. Now that the boot loader has matured, go the way loader.efi pioneered and just build one binary. Change the name of the loader to load in the secondary boot blocks to be just /boot/loader. Provide a symbolic link from zfsloader to loader so people who have not upgraded their boot blocks are not affected. This has the happy benefit of making coexistence easier as well (fewer binaries in the matrix).
r336533: Eliminate zfsloader man page.
Remove all cross references to zfsloader.8 and /boot/zfsloader. Move ZFS specific info into loader.8.
r336534: NM and OBJCOPY are already defined for all builds. There's no need to conditionally define them here.
r336537: Mention zfsloader being folded into loader in UPDATING.
r336626: Older zfs boot blocks don't support symlinks. install the link to zfsloader as a hard link. While newer ones do, the whole point of the link was to transition to the new world order smoothly. A hard link is less flexible, but it works and will result in fewer bumps. Adjust UPDATING entry to match.
r337326: loader: biosdisk.c has leftover geli header.
A small cleanup, remove unneeded #include.
r337349: zfsboot: Fix startup crash
On a FreeNAS mini XL, with geli encrypted drives the loader crashed in geli_read().
When we iterate over the list of disks and allocate the zfsdsk structures we don’t zero out the gdev pointer. In one case that resulted in geli_read() (called on the bogus pointer) dividing by zero.
Use calloc() to ensure the zfsdsk structure is always zeroed, so the pointer is initialised to NULL. As a side benefit it gets rid of one #ifdef LOADER_GELI_SUPPORT.
r341071: Restore the ability to override the disk unit/partition at the boot: prompt in gptboot.
When arch-independent geli support was added, a new static 'gdsk' struct was added, but there was still a static 'dsk' struct, and when you typed in an alternate disk/partition, the string was parsed into that struct, which was then never used for anything. Now the string gets parsed into gdsk.dsk, the struct that's actually used.
r341160: Add comments describing the bootargs handoff between loader(8) and gptboot or zfsboot, when loader(8) is the BTX loader. No functional changes.
r341420: Eliminate duplicated code and struct member definitions in the handoff of args data between gptboot/zfsboot and loader(8).
Despite what seems like a lot of changes here, there are no actual changes in behavior, or in the data layout in the structures involved. This is just eliminating identical code pasted into multiple locations.
In detail, the changes are...
- Move struct zfs_boot_args definition from libsa/zfs/libzfs.h to i386/common/bootargs.h because it is specific to x86 booting and the handoff between zfsboot and loader, and has no relation to the zfs library code in general.
- The geli_boot_args and zfs_boot_args structs both contain an identical set of member variables containing geli information. Extract this out to a new geli_boot_data struct, and embed it in the arg-passing structs.
- Provide new routines geli_import_boot_data() and geli_export_boot_data() that can be shared between gptboot, zfsboot, and loader instead of pasting identical code into several different .c files.
- Remove some checks for a NULL pointer that can never be true because the pointer being tested was set using pointer math (kargs + 1) and that can never result in NULL in this code.
r341473: Fix args cross-threading between gptboot(8) and loader(8) with zfs support.
When loader(8) is built with zfs support enabled, it assumes that any extarg data present is a zfs_boot_args struct, but if the first-stage loader was gptboot(8) the extarg data is actually a geli_boot_args struct. Luckily, zfsboot(8) and gptzfsboot(8) have always passed KARGS_FLAGS_ZFS along with KARGS_FLAGS_EXTARG, so we can use KARGS_FLAGS_ZFS to decide whether the extarg data is a zfs_boot_args struct.
To avoid similar problems in the future, gptboot(8) now passes a new KARGS_FLAGS_GELI to indicate that extarg data is geli_boot_args. In loader(8), if the neither KARGS_FLAGS_ZFS nor KARGS_FLAGS_GELI is set but extarg data is present (which will be the case for gptboot compiled before this change), we now check for the known size of the geli_boot_args struct passed by the older versions of gptboot as a way of confirming what type of extarg data is present.
In a semi-related tidying up, since loader's main() has already decided what type of extarg data is present and set the global 'zargs' var accordingly, don't repeat the check in extract_currdev, just check whether zargs is NULL or not.
r341651: Don't reference zfs-specific variables if LOADER_ZFS_SUPPORT is undefined because the variables will be undefined too.
r342793: MK_ZFS -> {MK_ZFS|MK_LOADER_ZFS}, this is so we can diable userland / kernel ZFS but keep the boot-loaders when using ZoL port.
Relnotes: yes (GELI support extended) Relnotes: yes (zfsloader has been collapsed into loader and may be removed after boot blocks have been updated) |