offset is signed. Copy it to the unsigned res before shifting. This
avoids any possible undefined behavior for right shifting signed
numbers. No functional change intended (and the code generated is the
nearly same for aarch64).
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D44285
Linux has the convention of returning -ERRNO to flag errors from its
system calls. Sometimes other negative values are returned that are
success... However, only values -1 to -4096 (inclusive) are really
errors. The rest are either truncated values that only look negative (so
use long instead of int), or are things like addresses or legal unsigned
file offsets or similar that are successful returns. Filter out the
latter.
Sponsored by: Netflix
loader.command_error was available prior to stable/12 branching. No need
to check if it is available or not.
Sponsored by: Netflix
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D44144
loader.lua_path was committed before stable/13 was branched, and merged
in to for 12.2. Remove workaround for it not being present.
Sponsored by: Netflix
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D44143
Just after 12.2 and before the stable/13 branch, kevans added lpager.c
to provide a pager interface for commands written in lua. It was merged
into 12.3. Now that 12.2 is long since EOL, we can remove the pager shim
here. Nobody needs that old loader + new lua scripts. Plus only one
command is affected.
Sponsored by: Netflix
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D44142
Make doing the boot once protocol more similar to copies of this code.
Sponsored by: Netflix
Reviewed by: manu
Differential Revision: https://reviews.freebsd.org/D44007
The last fix, to try to return the last error, really returns the first
return code after the last error, which could be zero. Instead, return
the last error. Also, change rc to err to make it visually distinct from
rv, which is the cause of my error in e54bb0ad80.
Reported by: Bill Sommerfeld <sommerfeld@hamachi.org>
Fixes: e54bb0ad80
Sponsored by: Netflix
Add loader.exit(status). While one can get alomst this behavior with
loader.perform("quit"), quit doesn't allow a value to be returned to the
firmware. The interpretation of 'status' is firmware specific. This can
be used when autobooting doesn't work in scripts, for example, to allow
the firmware to try something else...
Sponsored by: Netflix
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D44094
While dropping nvpair from nvstore, we also remove the corresponding
environment variable. By doing so, we should be careful not to try
to unset non-existing variable.
Reviewed by: imp
MFC after: 2 week
Differential revision: https://reviews.freebsd.org/D44083
For safety, only include the interpreter's linker script. Note that the
simple loader doesn't have one, but it's not an error to copy a ELF
section that does not exist. No functional change, however.
Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D44064
And upcoming change will need this set to be named this. Since it's only
used in the efi Makefile, and inside if ficl itself, the change should
be a nop.
Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D44063
After the linker set cleanup in ldscripts, there's now only one place we
need to know the linkerset name, so go ahead and change the lua
interpreter augmentation linker set to be uniquely named.
Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D44062
We don't need linker sets listed as sections. They are explicitly
included in the objcopy we use to create the .efi file. This practice
was added in 2002 by peter@ in a6d81d83a2 to make ia64 builds
self-hosted. However, it was added back to the objcopy in 2010 by rpaulo
in 8df7a05edd for i386 EFI support, though the ldscript file then
retained them needlessly. The gcc/binutils bug having been fixed in the
interim. We've not needed them since then, but the redundancy didn't
matter.
Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D44061
Linker set sections are included by default. No need to do so
explicitly. These were bogusly copied from the efi ldscripts. They were
there due to a workaround introduced in 2002 by peter@ for a gcc
upgrade, but whatever bugs necessitated it were filed by 2010 when
rpaulo@ imported the i386 support (though they were copied even though
the objcopy retained them correctly, the gcc bug having been
fixed). They've never been needed.
Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D44060
Move to the foo.ldconfig convention to match the rest of the boot
loader. No functional change intended.
Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D44059
Share ldscript between the different ppc versions. There's two different
scripts since we build 32-bit binaries for all types of powerpc, but
have little endian and big endian variations that are different by only
two lines. Set the output format and include the rest.
Move to foo.ldscript as well.
Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D44058
Make the pattern for ldscripts always be
arch/$MACHINE_ARCH/$MACHINE_ARCH.ldscript so we can add it from a
central Makefile. This also moves from ldscript.arch to arch.ldscript to
match the loader's new convention.
Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D44057
In the larger open source community, ld scripts are foo.ldscrpt rather
than ldscript.arch like we use here. This moves the EFI ldscripts.
Sponsored by: Netflix
Reviewed by: tsoome, kevans, emaste
Differential Revision: https://reviews.freebsd.org/D44056
We have the call to gfx_interp_ref to bring in the .o so that we get the
linker set item to add the language bindings at the right time. Where we
call it is not the right time... So the _ref name is better. Change it
before we have too many others like it.
Sponsored by: Netflix
vdev_write_bootenv_impl can only return success. Instead, return the
last error. This will make any write errors more visible. The old code
masked kboot's inability to write bootenv.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D44018
Don't assume that strategy is only called for read. Check the passed
flag for F_READ or F_WRITE and fail if it is neither. Open the disks for
writing and call host_read/host_write depending on that flag.
Sponsored by: Netflix
Reviewed by: kevans, gallatin
Differential Revision: https://reviews.freebsd.org/D44016
Move the extern struct devsw md_dev out of the function. gcc is happier
with this arrangemnt often. However, we really should move it to a
header file, but that requires a bit of a rework of md support and
config.
Sponsored by: Netflix
Reviewed by: manu, tsoome
Differential Revision: https://reviews.freebsd.org/D44008
The project is moving away from CTASSERT in favor of
_Static_assert. Cleanup the few instances in the loader proactively.
Sponsored by: Netflix
Reviewed by: manu, tsoome
Differential Revision: https://reviews.freebsd.org/D44006
This wasn't updated when the other copies were updated. Make it
identical to efi code. We should likely refactor this (with userboot),
but they are all not quite identical.
Sponsored by: Netflix
To make it easier to port lua and some of the lua modules, we have a
series of routines to implement the stdio routines, even though we don't
normally implement them in the boot loader. Add a comment to this effect.
Also, some tools, like sanitizers and static analysis tools, make
unwarranted assumptions about these, so #define them to a different name
so they stop.
Sponsored by: Netflix
At present OF_ioctl first multiplies, then casts to 64-bit, meaning at
the asm level it truncates the result to 32-bit, then zero-extends it to
64-bit to return. Cast `n` to 64-bit before multiplying, so that the
correct result is returned.
Select between text-only and graphical frame buffer consoles for the
BIOS boot loader. Pull one or the other in with #ifdef in conf.c. Add
gfx_bios.c for the few routines that are needed for the BIOS support of
gfx. These are stubbed out for text-only mode. Move bi_load_vbe_data
here since it's only used for the graphical frame buffer.
Note: This setup also allows us to build multiple BIOS loaders if we
have to, some with text-only and some graphical. We don't do this today.
We may be forced to turn this on in the future if ZFS keeps growing.
The size savings is 41k, which helps a lot with some of our users that
want to enable more options in the BIOS boot loader than are normally
safe to do, and they don't need graphics.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D43917
Bring back vidconsole.c as textvidc.c from 2a0e2c88db. This console
does no graphics stuff at all, supports no fancy logos, has known bugs
in the terminal emulation, etc. However, it is small. It will be a
build-time option to select between the two. The BIOS loader is running
out of space when too many options are selected, so this allows people
to select the smaller one to spend the space elsewhere. This is only the
verbatim copy of the old vidconsole.c. It's not yet connected to the
build.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D43911
Further experience suggests we do not need as much margin. This was
mistakenly bumped to 570,000 in a prior commit, so this undoes that.
Sponsored by: Netflix
Confine -DDISK_DEBUG to biosdisc.c, the only file it affects.
Use modern variable arrays instead of alloca and add a sanity
size minimum for biospnp nodes. These nodes are tiny enough that
we needn't do a malloc/free pair: the stack is fine.
Sponsored by: Netflix
Reviewed by: tsoome
Differential Revision: https://reviews.freebsd.org/D43914
Create a small wrapper around the new flua hash module so we can use it
here too. There's no 4th bindings, nor will they be created.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D43874
Drawer.lua is the only bit of lua code in the base that uses any of the
functons moved from the loader table to the gfx table. Move the main
code to using the gfx dispatch. Add compat code for running on old
loaders that creates the newer-style gfx table with the term_* functions
we call in it populated. This will even work on the super old versions
of the loader that don't have them (we'll still skip using them).
Sponsored by: Netflix
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D43908
Now that the fb_* and term_* functions are available in the gfx table,
move the documentation to gfx.lua.8. Add information about backwards
compatibility.
Sponsored by: Netflix
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D43907
The graphics stuff is optional. When it is pulled into the system, we
use a linker set to initialize the lua bindings for it now.
Sponsored by: Netflix
Reviewed by: kevans, jhb
Differential Revision: https://reviews.freebsd.org/D43906
Now that we draw in the gfx bindings for all our interpreters only when
graphics support is compiled in, we can eliminate this from all the
loaders that don't have graphics support.
Sponsored by: Netflix
Reviewed by: kevans, jhb
Differential Revision: https://reviews.freebsd.org/D43905
Only create the gfx bindings for 4th when it's compiled into the
loader. We do this with a linker set that only gets brought in to those
loaders that call gfx_framework_init. This calls gfx_interp_md() will
will drag in gfx_loader.c which will add to the linker set that
registers these bindings.
Sponsored by: Netflix
Reviewed by: kevans, jhb
Differential Revision: https://reviews.freebsd.org/D43904
This function will be used to draw in the graphics bindings when the
loader is compiled with graphics (gfx) support. Provide definitions
for lua and the simple interpreter. 4th support is forthcoming.
Sponsored by: Netflix
Reviewed by: kevans, jhb
Differential Revision: https://reviews.freebsd.org/D43903
Create a new gfx global table. Put into it all the graphics bindings
that we have in loader today. For now, have compatability binding for
loader. Remove them from loader.
Sponsored by: Netflix
Reviewed by: kevans, jhb
Differential Revision: https://reviews.freebsd.org/D43902
Move registration of the gfx stuff to separate function. However, no
change in functionality is intended.
Sponsored by: Netflix
Reviewed by: kevans, jhb
Differential Revision: https://reviews.freebsd.org/D43900
luaL_checkstring already checks for the right number of
arguments. There's no need to do that by hand here. Now an exception
will be thrown like any other function with the wrong args. Also,
push a boolean instead of an int.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D43820
It's currently unused outside of vidconsole.c. Gerald Hicks' fix to the
beep code from de37e4a6d2333/1998 introduced the funciton as
static. Maxim Sobolev (sobomax) made it non-static since his spinconsole
called it in c4c3b35172d67/2009. When sobomax dropped the direct call
after making spinconsole console independent in b35172d67/2017,
vidc_biosputchar remained a harmless unreferenced global. Make it static
once again.
Fixes: c7e10205ae
Sponsored by: Netflix
Export the CMD_OK, etc constants in the loader table. They are the
return values of loader.perform, etc.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D43821
Sometimes it is nice to override the initial script that we run. Make it
possible by fetching loader_lua from the env and using that instead of
the default if prsent.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D43819
By default only report unverified files at severity VE_WANT
and above. This inlcudes *.conf but not *.hints, *.cookie
or *.tgz which get VE_TRY as their severity.
If Verbose is set to 0, then VerifyFlags should default to 0 too.
Thus the combination of
module_verbose=0
VE_VEBOSE=0
is sufficient to make the loader almost totally silent.
When verify_prep has to find_manifest and it is verified ok
return VE_NOT_CHECKED to verify_file so that it can skip
repeating verify_fd
Also add better debugging output for is_verified and add_verify_status.
vectx handle compressed modules
When verifying a compressed module (.ko.gz or .ko.bz2)
stat() reports the size as -1 (unknown).
vectx_lseek needs to spot this during closing - and just read until
EOF is hit.
Note: because of the way libsa's open() works, verify_prep will see
the path to be verified as module.ko not module.ko.bz2 etc. This is
actually ok, because we need a separate module.ko.bz2 entry so that
the package can be verified, and the hash for module.ko is of the
uncompressed file which is what vectx will see.
Re-work local.trust.mk so site.trust.mk need only set
VE_SIGN_URL_LIST (if using the mentioned signing server)
interp.c: restrict interactive input
Apply the same restrictions to interactive input as for
unverified conf and hints files.
Use version.veriexec when LOADER_VERIEXEC is yes
Reviewed by: kevans
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D43810
