From owner-svn-src-all@freebsd.org Sat Sep 1 02:23:49 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D79DFFDA3CA; Sat, 1 Sep 2018 02:23:48 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 90DF9915ED; Sat, 1 Sep 2018 02:23:48 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7205423CCB; Sat, 1 Sep 2018 02:23:48 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w812Nmr5006262; Sat, 1 Sep 2018 02:23:48 GMT (envelope-from kevans@FreeBSD.org) Received: (from kevans@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w812NjIR006250; Sat, 1 Sep 2018 02:23:45 GMT (envelope-from kevans@FreeBSD.org) Message-Id: <201809010223.w812NjIR006250@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kevans set sender to kevans@FreeBSD.org using -f From: Kyle Evans Date: Sat, 1 Sep 2018 02:23:45 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r338418 - in head: stand/common stand/userboot stand/userboot/userboot stand/userboot/userboot_4th stand/userboot/userboot_lua usr.sbin/bhyveload X-SVN-Group: head X-SVN-Commit-Author: kevans X-SVN-Commit-Paths: in head: stand/common stand/userboot stand/userboot/userboot stand/userboot/userboot_4th stand/userboot/userboot_lua usr.sbin/bhyveload X-SVN-Commit-Revision: 338418 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Sep 2018 02:23:49 -0000 Author: kevans Date: Sat Sep 1 02:23:45 2018 New Revision: 338418 URL: https://svnweb.freebsd.org/changeset/base/338418 Log: userboot: handle guest interpreter mismatches more intelligently The switch to lualoader creates a problem with userboot: the host is inclined to build userboot with Lua, but the host userboot's interpreter must match what's available on the guest. For almost all FreeBSD guests in the wild, Lua is not yet available and a Lua-based userboot will fail. This revision updates userboot protocol to version 5, which adds a swap_interpreter callback to request a different interpreter, and tries to determine the proper interpreter to be used based on how the guest /boot/loader is compiled. This is still a bit of a guess, but it's likely the best possible guess we can make in order to get it right. The interpreter is now embedded in the resulting executable, so we can open /boot/loader on the guest and hunt that down to derive the interpreter it was built with. Using -l with bhyveload will not allow an intepreter swap, even if the loader specified happens to be a userboot with the wrong interpreter. We'll simply complain about the mismatch and bail out. For legacy guests without the interpreter marker, we assume they're 4th. For new guests with the interpreter marker, we'll read it and swap over to the proper interpreter if it doesn't match what the userboot we're using was compiled with. Both flavors of userboot are installed by default, userboot_4th.so and userboot_lua.so. This fixes the build WITHOUT_FORTH as a coincidence, which was broken by userboot being forced to 4th. Reviewed by: imp, jhb, araujo (earlier version) Approved by: re (gjb) Differential Revision: https://reviews.freebsd.org/D16945 Added: head/stand/userboot/userboot_4th/ head/stand/userboot/userboot_4th/Makefile (contents, props changed) head/stand/userboot/userboot_lua/ head/stand/userboot/userboot_lua/Makefile (contents, props changed) Modified: head/stand/common/bootstrap.h head/stand/common/interp_forth.c head/stand/common/interp_lua.c head/stand/common/interp_simple.c head/stand/userboot/Makefile head/stand/userboot/userboot.h head/stand/userboot/userboot/Makefile head/stand/userboot/userboot/main.c head/stand/userboot/userboot/version head/usr.sbin/bhyveload/bhyveload.c Modified: head/stand/common/bootstrap.h ============================================================================== --- head/stand/common/bootstrap.h Sat Sep 1 02:22:26 2018 (r338417) +++ head/stand/common/bootstrap.h Sat Sep 1 02:23:45 2018 (r338418) @@ -164,6 +164,14 @@ extern int isapnp_readport; extern char bootprog_info[]; /* + * Interpreter information + */ +extern const char bootprog_interp[]; +#define INTERP_DEFINE(interpstr) \ +const char bootprog_interp[] = "$Interpreter:" interpstr + + +/* * Preloaded file metadata header. * * Metadata are allocated on our heap, and copied into kernel space Modified: head/stand/common/interp_forth.c ============================================================================== --- head/stand/common/interp_forth.c Sat Sep 1 02:22:26 2018 (r338417) +++ head/stand/common/interp_forth.c Sat Sep 1 02:23:45 2018 (r338418) @@ -34,6 +34,7 @@ __FBSDID("$FreeBSD$"); #include "ficl.h" extern unsigned bootprog_rev; +INTERP_DEFINE("4th"); /* #define BFORTH_DEBUG */ Modified: head/stand/common/interp_lua.c ============================================================================== --- head/stand/common/interp_lua.c Sat Sep 1 02:22:26 2018 (r338417) +++ head/stand/common/interp_lua.c Sat Sep 1 02:23:45 2018 (r338418) @@ -60,6 +60,7 @@ static struct interp_lua_softc lua_softc; #define LDBG(...) #endif +INTERP_DEFINE("lua"); static void * interp_lua_realloc(void *ud __unused, void *ptr, size_t osize __unused, size_t nsize) Modified: head/stand/common/interp_simple.c ============================================================================== --- head/stand/common/interp_simple.c Sat Sep 1 02:22:26 2018 (r338417) +++ head/stand/common/interp_simple.c Sat Sep 1 02:23:45 2018 (r338418) @@ -35,6 +35,8 @@ __FBSDID("$FreeBSD$"); #include #include "bootstrap.h" +INTERP_DEFINE("simp"); + void interp_init(void) { Modified: head/stand/userboot/Makefile ============================================================================== --- head/stand/userboot/Makefile Sat Sep 1 02:22:26 2018 (r338417) +++ head/stand/userboot/Makefile Sat Sep 1 02:23:45 2018 (r338418) @@ -1,8 +1,10 @@ # $FreeBSD$ -.include +.include -SUBDIR= test userboot +SUBDIR.yes= test +SUBDIR.${MK_FORTH}+= userboot_4th +SUBDIR.${MK_LOADER_LUA}+= userboot_lua .include Modified: head/stand/userboot/userboot.h ============================================================================== --- head/stand/userboot/userboot.h Sat Sep 1 02:22:26 2018 (r338417) +++ head/stand/userboot/userboot.h Sat Sep 1 02:23:45 2018 (r338418) @@ -42,6 +42,13 @@ #define USERBOOT_VERSION_4 4 /* + * Version 5 added a callback for indicating that the guest + * should be restarted with a different interpreter. The callback + * structure is still backward compatible. + */ +#define USERBOOT_VERSION_5 5 + +/* * Exit codes from the loader */ #define USERBOOT_EXIT_QUIT 1 @@ -210,4 +217,9 @@ struct loader_callbacks { int (*vm_set_register)(void *arg, int vcpu, int reg, uint64_t val); int (*vm_set_desc)(void *arg, int vcpu, int reg, uint64_t base, u_int limit, u_int access); + + /* + * Version 5 addition. + */ + void (*swap_interpreter)(void *arg, const char *interp); }; Modified: head/stand/userboot/userboot/Makefile ============================================================================== --- head/stand/userboot/userboot/Makefile Sat Sep 1 02:22:26 2018 (r338417) +++ head/stand/userboot/userboot/Makefile Sat Sep 1 02:23:45 2018 (r338418) @@ -5,14 +5,14 @@ LOADER_UFS_SUPPORT?= yes LOADER_CD9660_SUPPORT?= no LOADER_EXT2FS_SUPPORT?= no PIC=yes -LOADER_INTERP=4th .include -SHLIB_NAME= userboot.so +SHLIB_NAME= userboot_${LOADER_INTERP}.so STRIP= LIBDIR= /boot +.PATH: ${.CURDIR}/../userboot SRCS= autoload.c SRCS+= bcache.c SRCS+= biossmap.c @@ -38,7 +38,12 @@ CWARNFLAGS.main.c += -Wno-implicit-function-declaratio LDFLAGS+= -nostdlib -Wl,-Bsymbolic -NEWVERSWHAT= "User boot" ${MACHINE_CPUARCH} +NEWVERSWHAT= "User boot ${LOADER_INTERP}" ${MACHINE_CPUARCH} +VERSION_FILE= ${.CURDIR}/../userboot/version + +.if ${LOADER_INTERP} == ${LOADER_DEFAULT_INTERP} +LINKS+= ${BINDIR}/${SHLIB_NAME} ${BINDIR}/userboot.so +.endif .if ${MK_ZFS} != "no" CFLAGS+= -DUSERBOOT_ZFS_SUPPORT Modified: head/stand/userboot/userboot/main.c ============================================================================== --- head/stand/userboot/userboot/main.c Sat Sep 1 02:22:26 2018 (r338417) +++ head/stand/userboot/userboot/main.c Sat Sep 1 02:23:45 2018 (r338418) @@ -47,6 +47,9 @@ static int userboot_zfs_found; /* Minimum version required */ #define USERBOOT_VERSION USERBOOT_VERSION_3 +#define LOADER_PATH "/boot/loader" +#define INTERP_MARKER "$Interpreter:" + #define MALLOCSZ (64*1024*1024) struct loader_callbacks *callbacks; @@ -57,6 +60,7 @@ static jmp_buf jb; struct arch_switch archsw; /* MI/MD interface boundary */ static void extract_currdev(void); +static void check_interpreter(void); void delay(int usec) @@ -73,6 +77,62 @@ exit(int v) longjmp(jb, 1); } +static void +check_interpreter(void) +{ + struct stat st; + size_t marklen, rdsize; + const char *guest_interp, *my_interp; + char *buf; + int fd; + + /* + * If we can't stat(2) or open(2) LOADER_PATH, then we'll fail by + * simply letting us roll on with whatever interpreter we were compiled + * with. This is likely not going to be an issue in reality. + */ + buf = NULL; + if (stat(LOADER_PATH, &st) != 0) + return; + if ((fd = open(LOADER_PATH, O_RDONLY)) < 0) + return; + + rdsize = st.st_size; + buf = malloc(rdsize); + if (buf == NULL) + goto out; + if (read(fd, buf, rdsize) < rdsize) + goto out; + + marklen = strlen(INTERP_MARKER); + my_interp = bootprog_interp + marklen; + + /* + * Here we make the assumption that a loader binary without the + * interpreter marker is a 4th one. All loader binaries going forward + * should have this properly specified, so our assumption should always + * be a good one. + */ + if ((guest_interp = memmem(buf, rdsize, INTERP_MARKER, + marklen)) != NULL) + guest_interp += marklen; + else + guest_interp = "4th"; + + /* + * The guest interpreter may not have a version of loader that + * specifies the interpreter installed. If that's the case, we'll + * assume it's legacy (4th) and request a swap to that if we're + * a Lua-userboot. + */ + if (strcmp(my_interp, guest_interp) != 0) + CALLBACK(swap_interpreter, guest_interp); +out: + free(buf); + close(fd); + return; +} + void loader_main(struct loader_callbacks *cb, void *arg, int version, int ndisks) { @@ -137,6 +197,14 @@ loader_main(struct loader_callbacks *cb, void *arg, in (devsw[i]->dv_init)(); extract_currdev(); + + /* + * Checking the interpreter isn't worth the overhead unless we + * actually have the swap_interpreter callback, so we actually version + * check here rather than later on. + */ + if (version >= USERBOOT_VERSION_5) + check_interpreter(); if (setjmp(jb)) return; Modified: head/stand/userboot/userboot/version ============================================================================== --- head/stand/userboot/userboot/version Sat Sep 1 02:22:26 2018 (r338417) +++ head/stand/userboot/userboot/version Sat Sep 1 02:23:45 2018 (r338418) @@ -1,4 +1,5 @@ $FreeBSD$ +1.2: Userboot with lua or forth 1.1: Initial userland boot Added: head/stand/userboot/userboot_4th/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/stand/userboot/userboot_4th/Makefile Sat Sep 1 02:23:45 2018 (r338418) @@ -0,0 +1,6 @@ +# $FreeBSD$ + +LOADER_INTERP=4th + +.include "../userboot/Makefile" + Added: head/stand/userboot/userboot_lua/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/stand/userboot/userboot_lua/Makefile Sat Sep 1 02:23:45 2018 (r338418) @@ -0,0 +1,6 @@ +# $FreeBSD$ + +LOADER_INTERP=lua + +.include "../userboot/Makefile" + Modified: head/usr.sbin/bhyveload/bhyveload.c ============================================================================== --- head/usr.sbin/bhyveload/bhyveload.c Sat Sep 1 02:22:26 2018 (r338417) +++ head/usr.sbin/bhyveload/bhyveload.c Sat Sep 1 02:23:45 2018 (r338418) @@ -75,6 +75,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -98,6 +99,13 @@ static int disk_fd[NDISKS]; static int ndisks; static int consin_fd, consout_fd; +static int need_reinit; + +static void *loader_hdl; +static char *loader; +static int explicit_loader; +static jmp_buf jb; + static char *vmname, *progname; static struct vmctx *ctx; @@ -560,6 +568,30 @@ cb_vm_set_desc(void *arg, int vcpu, int reg, uint64_t return (vm_set_desc(ctx, vcpu, reg, base, limit, access)); } +static void +cb_swap_interpreter(void *arg, const char *interp_req) +{ + + /* + * If the user specified a loader but we detected a mismatch, we should + * not try to pivot to a different loader on them. + */ + free(loader); + if (explicit_loader == 1) { + perror("requested loader interpreter does not match guest userboot"); + cb_exit(NULL, 1); + } + if (interp_req == NULL || *interp_req == '\0') { + perror("guest failed to request an interpreter"); + cb_exit(NULL, 1); + } + + if (asprintf(&loader, "/boot/userboot_%s.so", interp_req) == -1) + err(EX_OSERR, "malloc"); + need_reinit = 1; + longjmp(jb, 1); +} + static struct loader_callbacks cb = { .getc = cb_getc, .putc = cb_putc, @@ -593,6 +625,9 @@ static struct loader_callbacks cb = { /* Version 4 additions */ .vm_set_register = cb_vm_set_register, .vm_set_desc = cb_vm_set_desc, + + /* Version 5 additions */ + .swap_interpreter = cb_swap_interpreter, }; static int @@ -661,16 +696,12 @@ usage(void) int main(int argc, char** argv) { - char *loader; - void *h; void (*func)(struct loader_callbacks *, void *, int, int); uint64_t mem_size; - int opt, error, need_reinit, memflags; + int opt, error, memflags; progname = basename(argv[0]); - loader = NULL; - memflags = 0; mem_size = 256 * MB; @@ -705,6 +736,7 @@ main(int argc, char** argv) loader = strdup(optarg); if (loader == NULL) err(EX_OSERR, "malloc"); + explicit_loader = 1; break; case 'm': @@ -747,6 +779,13 @@ main(int argc, char** argv) exit(1); } + /* + * setjmp in the case the guest wants to swap out interpreter, + * cb_swap_interpreter will swap out loader as appropriate and set + * need_reinit so that we end up in a clean state once again. + */ + setjmp(jb); + if (need_reinit) { error = vm_reinit(ctx); if (error) { @@ -767,13 +806,15 @@ main(int argc, char** argv) if (loader == NULL) err(EX_OSERR, "malloc"); } - h = dlopen(loader, RTLD_LOCAL); - if (!h) { + if (loader_hdl != NULL) + dlclose(loader_hdl); + loader_hdl = dlopen(loader, RTLD_LOCAL); + if (!loader_hdl) { printf("%s\n", dlerror()); free(loader); return (1); } - func = dlsym(h, "loader_main"); + func = dlsym(loader_hdl, "loader_main"); if (!func) { printf("%s\n", dlerror()); free(loader); @@ -790,7 +831,7 @@ main(int argc, char** argv) addenv("smbios.bios.vendor=BHYVE"); addenv("boot_serial=1"); - func(&cb, NULL, USERBOOT_VERSION_4, ndisks); + func(&cb, NULL, USERBOOT_VERSION_5, ndisks); free(loader); return (0);