Page MenuHomeFreeBSD

bhyveload: hold /boot and do relative lookups for the loader
ClosedPublic

Authored by kevans on Jan 2 2024, 11:25 PM.
Tags
None
Referenced Files
F107104617: D43285.diff
Fri, Jan 10, 4:35 AM
Unknown Object (File)
Wed, Dec 11, 12:04 PM
Unknown Object (File)
Nov 19 2024, 10:47 AM
Unknown Object (File)
Nov 11 2024, 6:56 PM
Unknown Object (File)
Nov 11 2024, 6:40 PM
Unknown Object (File)
Nov 10 2024, 5:31 AM
Unknown Object (File)
Nov 8 2024, 5:58 AM
Unknown Object (File)
Nov 8 2024, 5:41 AM

Details

Summary

The next change will push bhyveload into capability mode right after we
allocate vcpu state, before we've setup or entered the loader, to limit
the surface area that a rogue loader script can touch.

With an explicit -l loader, we don't need to preopen /boot because
changing interpreters isn't allwoed. We'll just dlopen() entirely in
advance in that case to eliminate some complexity.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 55207
Build 52096: arc lint + arc unit

Event Timeline

allanjude added a subscriber: allanjude.

reviewed-by: allanjude

This revision is now accepted and ready to land.Jan 2 2024, 11:31 PM

Move need_reinit back into main

It should've likely never moved out in the first place, but now that we're using
the return value of setjmp() for managing the loader handle we'll just
consolidate back there.

This revision now requires review to proceed.Jan 3 2024, 3:21 AM
usr.sbin/bhyveload/bhyveload.c
771

Check for errors?

822

Why do we dlopen() so early here? In general we want to do that after having entered the sandbox, since dlopen() will invoke constructors and initializers in the DSO if they exist.

824

dlopen() doesn't set errno.

usr.sbin/bhyveload/bhyveload.c
771

Oh, the caller does that. (But it'd make more sense to do it here I think?)

kevans marked 4 inline comments as done.

Address review feedback

usr.sbin/bhyveload/bhyveload.c
824

Propagated to error handling later that's now moved into loader_open

This revision is now accepted and ready to land.Jan 3 2024, 9:37 PM