The amd64 UEFI loader executes in long mode, not protected mode.
Reviewed by: kib
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D57568
When `boot_policy` is `RELAXED`, `find_currdev()` tried ZFS pools on every
disk before searching the boot ESP and sibling partitions. Booting install
media from USB could therefore select an installed ZFS root on internal
storage instead of the intended memstick UFS image.
Extract the boot-device partition walk into `try_boot_device_partitions()`
and run it before relaxed foreign-pool probing. The ZFS search order is
preserved; pools on the boot device are tried first, followed by pools on
other devices when `boot_policy` is `RELAXED` and the boot device yields
no bootable root.
Signed-off-by: Faraz Vahedi <kfv@kfv.io>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2239
Prior to this commit, we'd compute the page tables and have the last
entries point to the staging area. We'd then add some more metadata to
the image and boot. This assumed the staging area didn't need to move
for this last bit of data.
However, if we go over the staging limit, when we copyin new data, we
grow the staging area, usually be moving it to a lower address. This
overage usually happens when we're loading modules and so things work
out nicely. Sometimes we're close to the limit, and we need to do this
growing inside bi_load, after we've computed the page table, making the
page table wrong, and the code we jump to random rather than the btext
routine we normally start at.
To fix this, move computation of the table (but not its allocation) to
after bi_load, but before we call the trampoline.
This problem was most observed when loading microcode for many peole,
but Gleb reproduced the error with a set of modules that didn't include
ucode.
This bug hunt was greatly assisted by Claude who looked at the crash
from the EFI boot loader and surmised that we weren't jumping to the
code we thought we were jumping to. After inspecting the code, I asked
claude how corruption could happen (I thought overwriting the page
table), but claude notice the possibility that staging might change
after we computed the page table, and this fix is the result. Claude
didn't suggest a diff, but did provide many helpful clues that lead me
to this fix.
PR: 294630
Reviewed by: kib (prior version)
Sponsored by: Netflix
MFC After: insta per re@ request
Differential Revision: https://reviews.freebsd.org/D57462
This is useful for driving BE changes from the loader command prompt,
rather than having to use the menu. Note that the active carousel in
the boot environment carousel doesn't currently reflect a switch in
boot environments done this way- I'm considering this only a minor bug,
as you probably can't or won't go back to the menu if you're using these
commands.
Reviewed by: imp (previous version)
The change to relaxed mode has had too many unintended breakages. Revert
back to strict mode until that works for all the cases that are
currently broken.
Fixes: 784150fd25, d69fc3a9dc
PR: 295289
Sponsored by: Netflix
Move liblua32efi and ficl32efi before .WAIT, otherwise there's a race
between the interpreter and the loader being built.
Reported by: kbowling
Discussed with: kevans
Fixes: d15cc7625d
The UEFI spec says:
> Structures are aligned on boundaries equal to the largest internal
> datum of the structure and internal data are implicitly padded to
> achieve natural alignment.
Unlike the old Intel EFI toolkit, the EDK2 headers expect ia32 builds to
use -malign-double to achive this.
Make EFI versions of libsa32, liblua32, and ficl32. With the difference
being that they are compiled with -malign-double.
Differential Revision: https://reviews.freebsd.org/D55385
When pxeboot gets a 0 as a port number from portmapper (indicating an
error), it currently happily sends NFS packets to the server's port 0
in an endless loop. Change this to instead bail out with a useful
message.
This happens, for example, with recent Linux NFS servers as many
distributions switched to TCP only NFS serving by default. FreeBSD's
pxeboot must have UDP. In this situation pxeboot asks the server's
portmapper for the UDP NFS port and since there is none gets 0.
Also add a hint to the manpage explaining this and how to fix it.
Reviewed by: ziaee, kevans, imp
Enabling ZSTD_TRACE leaves behind undefined weak symbols, which causes a
problem for gcc builds. The bfd linker emits an obscure error about
overlapping FDEs. We don't need ZSTD_TRACE for libsa, so just disable
it.
Also disable BMI2 instruction optimizations. The addition of the
optional BMI2 code paths caused the boot loader binaries to grow larger
(28 KiB for clang, 32 KiB for gcc). The boot loader binaries are size
constrained, and this pushed the gcc-generated lua_loader.bin over the
500000 byte limit, and the clang one to within 4k of the limit.
Fixes: 8a62a2a565 ("zfs: merge openzfs/zfs@f8e5af53e")
Reviewed by: delphij, imp, mm
Differential Revision: https://reviews.freebsd.org/D56866
This reverts base 4822a2cf99. The change
in base aa0bc7cca1 already fixed the
original issue, which is that newer versions of lld complain "section
'.text' address (0x38000) is smaller than image base (0x10000000);
specify --image-base".
Reported by: ivy
PR: 292067
MFC after: 1 month
Describe how the LoaderEnv and NextLoaderEnv variables can be used.
PR: 293054
Reviewed by: imp
Sponsored by: Wiesbaden Hackathon 202604
Differential Revision: https://reviews.freebsd.org/D56633
Describe how the LoaderEnv and NextLoaderEnv variables can be used.
PR: 293054
Reviewed by: imp
Sponsored by: Wiesbaden Hackathon 202604
Differential Revision: https://reviews.freebsd.org/D56633
This is required for LLVM 22's ld.lld to avoid a build error:
ld.lld: error: section '.text' address (0x38000) is smaller than image base (0x10000000); specify --image-base
ld.lld: error: section '.rodata' address (0x3b308) is smaller than image base (0x10000000); specify --image-base
ld.lld: error: section '.data' address (0x3b610) is smaller than image base (0x10000000); specify --image-base
ld.lld: error: section '.bss' address (0x3f618) is smaller than image base (0x10000000); specify --image-base
Use 0x38000 for the image base, which is the address of the lowest
(and only) LOAD segment in the file.
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D56459
reloc_ptr() skips relocations for the kernel module, because on most
platforms the kernel is ET_EXEC and this is not required. On PPC,
the kernel is ET_DYN and we need to relocate here, otherwise the
module metadata will not be loaded properly and the kernel module
will have an incorrect version, preventing module dependencies from
resolving.
This fixes loading kernel modules from loader.conf on powerpc.
Diagnosed by: jrtc27
Reviewed by: jrtc27, adrian
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D56457
Add WITH{,OUT}_LOADER_USB to build the kshim usb library. Nothing
in-tree uses it, but this will make it easier to keep building. Updated
src.conf.5 with a few extra changes...
Sponsored by: Netflix
Since this original comment was written, the actual issue in SLOF
was diagnosed and documented in commit 424089a0fc, which fixed it
for loader(8). Update the comment in boot1 to be more informative
to future readers.
MFC after: 3 days
Reviewed by: jhibbits, adrian
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D56470
bi_load itself loads various things into the staging area which can
cause it to grow, which may result in the staging area moving, including
the kernel. Therefore the address we get for the kernel entry point
prior to bi_load may not be correct afterwards when we actually call it,
and so we must defer the translation.
On arm and riscv (but not arm64, which predates both of them in
loader.efi and did not gain a copy of arm's added printf when arm
support was added) we also printf this entry point to the console, which
we can no longer do since bi_load calls ExitBootServices, so remove this
printf that, in practice, seems to not be so useful, given nobody ever
felt the need to add it to arm64. If anyone really feels this is an
important printf to have then bi_load will need to be split so we can
call printf after all the loading and potential reallocation of the
staging area, but before ExitBootServices is called.
We may also want to make this code more uniform and shared between the
three architectures here, since there isn't much architecture-specific
about this (and something like the RISC-V boot hart protocol could
easily be made an MD hook).
Reviewed by: imp
Fixes: 0cafabf97f ("Add support for arm64 to loader.efi and boot1.efi")
Fixes: ea7796a9ae ("EFI: don't call printf after ExitBootServices, since it uses Boot Services")
Fixes: 2192efc03b ("RISC-V boot1.efi and loader.efi support")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56431
Currently it is only needed by powerpc ofwfdt.c, and defined statically
there. Make it available as part of libofw, mirroring what we have in
the kernel.
Two small tweaks are made to the implementation:
1. Return type is changed to bool
2. Return 'true' when OF_getproplen() == 0. This matches the expected
semantics of the kernel version, described in OF_hasprop(9).
Reviewed by: manu, imp, adrian
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56429
Both (U)EFI and BIOS are completely different things, be precise and don't use
them together.
Reviewed by: imp
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D56329
file_loadraw() can have a need to load unverified files
like "dtrace_dof". Allow severity_guess() to look at the filename
but if it returns less than VE_MUST check that the type is not
one we insist on verifying.
In vectx_open if severity < VE_MUST we can allow it to be unverified.
If passed VE_GUESS we call severity_guess().
Regardless, we record severity in ctx so it is available to vectx_close().
Sponsored by: Hewlett Packard Enterprise Development LP
Reviewed by: khng
Differential Revision: https://reviews.freebsd.org/D56297
Because panic() does provide mechanism to have architecture specific
panic call, we can instruct it to print out stack trace too
(in hope we actually can print). While there, also implement simple
check to detect loop in trace.
illumos issue: https://www.illumos.org/issues/17887
This allows something like the following local.lua to install a filter
to implement its own notion of hidden BEs using a naming convention of
a leading dot to hide them:
-- file: /boot/lua/local.lua
local core = require("core")
local function be_hide(be)
if core.isSingleUserBoot() then
-- All BEs are accepted for single-user
return true
end
local name = be:match("/([^/]+)$")
if not name then
-- Accept malformed BEs, for whatever reason
return true
end
return name:match("^%.") == nil
end
if core.bootenvFilter then
-- Just in case we need to be compatible with older versions of
-- core.lua without the filtering functionality.
core.bootenvFilter(be_hide)
end
-- EOF
Requested by: Marek Zarychta
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55359
Move is_restricted_var() to libsa/environment.c so it can be leveraged
by boot_setenv called from subr_boot with not truted input.
Also, allow for local tuning via ENV_IS_RESTRICTED_ALLOWED_LIST and
ENV_IS_RESTRICTED_LIST
Sponsored by: Hewlett Packard Enterprise Development LP.
Reviewed by: kevans, imp
Differential Revision: https://reviews.freebsd.org/D56287
This commit adds a shutdown splash to the existing kernel startup splash(4)
screen feature. It can be customized by providing a PNG image to the
shutdown_splash directive loader.conf(5).
Sponsored by: Defenso
MFC after: 2 weeks
Reviewed by: vexeduxr, ziaee, manu
Differential Revision: https://reviews.freebsd.org/D55140
Boot loaders do not require speculative execution protection, and may be
too large if enabled.
Reported by: Shawn Webb
Reviewed by: dim, imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56068
A loader built with MD_IMAGE_SIZE is almost always meant for use with
its embedded image and should try that as currdev before anything else.
Recent changes (d69fc3a9dc, 784150fd25) seem to have relaxed the ZFS
code's search for a rootfs and exposed this problem.
Reviewed by: imp, tsoome
MFC after: 1 week
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D55979
Notable upstream pull request merges:
#17000 -multiple cmd/zfs: support creating parents with canmount=no
#17926b481a8bbb Make zpool status dedup table support raw bytes -p output
#18238 -multiple Report space metrics per allocation class
#182405dad9459d Add --no-preserve-encryption flag
#182571eace5906 libzfs: use mount_setattr for selective remount including
legacy mounts
#182591e2c94a04 More consistent use of TREE_* macros in AVL comparators
#18262c58b8b7dc Fix check for .cfi_negate_ra_state on aarch64
#18264f109c7bb9 Add the --file-layout (-f) option to zdb(8)
#18268304de7f19 libzfs: handle EDOM error in zpool_create
#18275753f1e1e2 zstream: add a drop_record subcommand
#182760f90a797d Fix vdev_rebuild_range() tx commit
#182771e1d64d66 Fix log vdev removal issues
#1827806b0abfe6 Fix the send --exclude option to work with encryption
#18281e73ada771 libzpool: lift zfs_file ops out to separate source file
#18284d97945776 zstream: consolidate shared code
#18285 -multiple Separate SIMD compile checks for userspace and kernel
#18288c5905b2cb Implement lzc_send_progress
#18289 -multiple L2ARC: Add depth cap and write budget fairness for
persistent markers
#18290d45c8d648 FreeBSD: Improve dmesg kernel message prefix
#18294b403040c4 draid: fix data corruption after disk clear
#18296 -multiple libzfs: mnttab cleanup
#18300d35951b18 zpool clear: remove undocumented rewind flags
#18301ae7fcd5f9 fix libzfs diff mem leak in an error path
#1830365165df12 zilstat: add man page
#183147f65e04ab libzfs: scrub: only include start and end nv pairs if
needed for scrub
#18315 -multiple Sync ZVOLs block cloning conditions with file systems
#18330f80338fac zarcsummary: add man page
#18337f259a47c7 zpool-iostat.8: clarify first report shows per-second
averages
Obtained from: OpenZFS
OpenZFS commit: 3ee08abd2f
Notable upstream pull request merges:
#173584975430cf Add vdev property to disable vdev scheduler
#18031c77f17b75 Add snapshots_changed_nsecs dataset property
#18080dbb3f247e cmd/zfs: clone: accept `-u` to not mount newly created
datasets
#18089 -multiple Zstd: Update bundled library to version 1.5.7
#180912301755df Fix zfs_open() to skip zil_async_to_sync() for the
snapshot
#18093 -multiple L2ARC: Rework write throttling with DWPD rate limiting
and parallel writes
#180952dbd6af5e Rename several printf attributes declarations to
__printf__
#180968605bdfdd FreeBSD: unbreak compilation on i386
#18105794f1587d When receiving a stream with the large block flag,
activate feature
#18115765929cb4 DDT: Add locking for table ZAP destruction
#1811809e4e01e9 Fix history logging for `zpool create -t`
#181192f1f25217 icp: emit .note.GNU-stack section for all ELF targets
#181313fffe4e70 Fix --enable-invariants on FreeBSD
#18133d2f5cb3a5 Move range_tree, btree, highbit64 to common code
#1813654b141fab FreeBSD: Remove references to DEBUG_VFS_LOCKS
#18138cdf89f413 Flush RRD only when TXGs contain data
#18139a157ef62a Make sure we can still write data to txg
#18140cd895f0e5 remove thread unsafe debug code causing FreeBSD double
free panic
#181444f180e095 Fix activating large_microzap on receive
#1814635b2d3970 Lock db_mtx around arc_release() in couple places
#18154b36472052 nvpair: chase FreeBSD xdrproc_t definition
#1816021bbe7cb6 Improve caching for dbuf prefetches
#18177 -multiple Multihost Improvements
#181792646bd558 Allow rewrite skip cloned and snapshotted blocks
#18180aa29455dd Restrict cloning with different properties
#18184040ba7a7c libzfs: improve error message for zpool create with
ENXIO
#181881412bdc6c zfs_vnops_os.c: Move a vput() to after
zfs_setattr_dir()
#18198cc184fe98 Fix `send:raw` permission for send `-w -I`
#18208ba970eb20 Cleanup allocation class selection
#182120f9564e85 Simplify dnode_level_is_l2cacheable()
#18214370570890 Remove parent ZIO from dbuf_prefetch()
#18218bfb276e55 freebsd: Fix TIMESPEC_OVERFLOW for PowerPC
#18222d06a1d9ac Fix available space accounting for special/dedup
#18225d48967728 ICP: AES-GCM VAES-AVX2: fix typos and document
source files
#18226c8a72a27e ICP: AES-GCM assembly: remove unused Gmul functions
#18230 -multiple Fix zdb --key crash for unencrypted datasets, and
teach tests to understand this better
#18233 -multiple icp: add SHA-512 implementation using Intel SHA512
extension
#18245991fc56fa Introduce dedupused/dedupsaved pool properties
#182516a717f31e Improve misleading error messages for
ZPOOL_STATUS_CORRUPT_POOL
#182547744f0496 SIMD: libspl: test the correct CPUID bit for AVX512VL
#182556495dafd5 range_tree: use zfs_panic_recover() for
partial-overlap remov
#182563408332d7 zhack: Fix importing large allocation profiles on
small pools
#18258f8457fbdc Fix deadlock on dmu_tx_assign() from vdev_rebuild()
#18263f8e5af53e Fix redundant declaration of dsl_pool_t
Obtained from: OpenZFS
OpenZFS commit: f8e5af53e9
These features are available in all supported linkers, and we can expect
that they'll be supported by any GNU-compatible linker that we'd use to
link FreeBSD.
Reviewed by: imp, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55676
The RELAXED boot policy will automatically search for any root
filesystem (currently zfs only) on any device. STRICT policy only
searches on the boot device. RELEAXED will still prefer the device we
booted from, which is the smallest behavior change we should do. STRICT
may be needed for releases, though.
Sponsored by: Netflix
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D55107
Remove global uint64_t pool_guid and instead iterate over all pools that
efizfs_get_zfsinfo_list() provides.
The global pool_guid used to mark that we have constructed a ZFS pool and
the pool label that was used for that was stored on a partition that is
the EFI image device handle.
First problem here is that it is too restrictive. If the very first
device to probe is a spare member of a pool, it will be used to
instantiate a pool but (pd->pd_handle == boot_img->DeviceHandle) won't be
true, thus global pool_guid won't be populated and ZFS boot won't be
tried.
Second problem is that potentially we may find several pools, and all
should be tried to boot. Note that the code for that is already here -
efizfs_get_zfsinfo_list() is imported by efizfs.h but was not used until
now.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55094
loader_idt.rd_base is not set when we are attempting to bcopy(),
resulting to data stored to page 0 and therefore corrupting it.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D55180
The UEFI spec says:
> Structures are aligned on boundaries equal to the largest internal
> datum of the structure and internal data are implicitly padded to
> achieve natural alignment.
By default, structs containing members of type "long long" have 4 byte
alignment on i386. This caused some EFI structures to be subtly wrong.
Fix this by compiling the ia32 EFI loader with -malign-double, which
bumps the alignment up to 8 if such members are present.
MFC after: 3 days
re-wrap the function calls in a couple of ifs in get_zfs_root so they
are more readable. They really didn't need to be wrapped like this in
the first place.
Sponsored by: Netflix
+ Mention relevance of this file in the vt manual screen.font entry
+ The vidfont manual is in section one, not eight
+ Remove leftover blank line from freebsd tag removal
MFC after: 3 days