Page MenuHomeFreeBSD
Differential D43285

bhyveload: hold /boot and do relative lookups for the loader
ClosedPublic
Actions

Authored by kevans on Jan 2 2024, 11:25 PM.
Tags
None
Referenced Files
Unknown Object (File)
Oct 6 2024, 6:03 PM
Unknown Object (File)
Oct 1 2024, 5:50 AM
Unknown Object (File)
Sep 24 2024, 11:14 AM
Unknown Object (File)
Sep 23 2024, 12:29 AM
Unknown Object (File)
Sep 22 2024, 9:07 AM
Unknown Object (File)
Sep 21 2024, 6:21 PM
Unknown Object (File)
Sep 18 2024, 2:42 PM
Unknown Object (File)
Sep 18 2024, 9:38 AM
View All 48 Files
Subscribers
allanjude
bcran
imp
rgrimes

Details

Reviewers
markj
allanjude
Group Reviewers
bhyve
secteam
Commits
rGbf7c4fcbbb05: bhyveload: hold /boot and do relative lookups for the loader
Summary

The next change will push bhyveload into capability mode right after we
allocate vcpu state, before we've setup or entered the loader, to limit
the surface area that a rogue loader script can touch.

With an explicit -l loader, we don't need to preopen /boot because
changing interpreters isn't allwoed. We'll just dlopen() entirely in
advance in that case to eliminate some complexity.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 55221
Build 52110: arc lint + arc unit

Event Timeline

kevans created this revision.Jan 2 2024, 11:25 PM
Herald added subscribers: bcran, rgrimes, imp. · View Herald TranscriptJan 2 2024, 11:25 PM
kevans requested review of this revision.Jan 2 2024, 11:25 PM
Harbormaster completed remote builds in B55207: Diff 132165.Jan 2 2024, 11:25 PM
kevans added a parent revision: D43284: bhyveload: use a dirfd to support -h.Jan 2 2024, 11:25 PM
kevans added a child revision: D43286: bhyveload: enter capability mode after we setup the vcpu.
allanjude accepted this revision.Jan 2 2024, 11:31 PM
allanjude added a subscriber: allanjude.

reviewed-by: allanjude

This revision is now accepted and ready to land.Jan 2 2024, 11:31 PM
kevans updated this revision to Diff 132177.Jan 3 2024, 3:21 AM

Move need_reinit back into main

It should've likely never moved out in the first place, but now that we're using
the return value of setjmp() for managing the loader handle we'll just
consolidate back there.

This revision now requires review to proceed.Jan 3 2024, 3:21 AM
Harbormaster completed remote builds in B55213: Diff 132177.Jan 3 2024, 3:21 AM
markj added inline comments.Jan 3 2024, 3:03 PM
usr.sbin/bhyveload/bhyveload.c
771

Check for errors?

814

Why do we dlopen() so early here? In general we want to do that after having entered the sandbox, since dlopen() will invoke constructors and initializers in the DSO if they exist.

816

dlopen() doesn't set errno.

markj added inline comments.Jan 3 2024, 3:11 PM
usr.sbin/bhyveload/bhyveload.c
771

Oh, the caller does that. (But it'd make more sense to do it here I think?)

kevans updated this revision to Diff 132213.Jan 3 2024, 6:03 PM
kevans marked 4 inline comments as done.

Address review feedback

Harbormaster completed remote builds in B55221: Diff 132213.Jan 3 2024, 6:03 PM
kevans added inline comments.Jan 3 2024, 6:04 PM
usr.sbin/bhyveload/bhyveload.c
816

Propagated to error handling later that's now moved into loader_open

markj accepted this revision as: markj.Jan 3 2024, 9:37 PM
This revision is now accepted and ready to land.Jan 3 2024, 9:37 PM
Closed by commit rGbf7c4fcbbb05: bhyveload: hold /boot and do relative lookups for the loader (authored by kevans). · Explain WhyJan 3 2024, 10:20 PM
This revision was automatically updated to reflect the committed changes.
kevans added a commit: rGbf7c4fcbbb05: bhyveload: hold /boot and do relative lookups for the loader.

Revision Contents
Changeset List

PathSize
usr.sbin/
bhyveload/
73 lines

Diff 132213

View Options

usr.sbin/bhyveload/bhyveload.c

Loading...