Re: git: 46ea2ffc3fbc - main - stand: Reduce limit to 500k for x86 loader

From: Warner Losh <imp_at_bsdimp.com>
Date: Fri, 02 Aug 2024 15:18:54 UTC
On Fri, Aug 2, 2024 at 8:29 AM Mark Johnston <markj@freebsd.org> wrote:

> On Thu, Aug 01, 2024 at 09:31:24PM +0000, Warner Losh wrote:
> > The branch main has been updated by imp:
> >
> > URL:
> https://cgit.FreeBSD.org/src/commit/?id=46ea2ffc3fbc42089d8322a65fdee8476d2b00d6
> >
> > commit 46ea2ffc3fbc42089d8322a65fdee8476d2b00d6
> > Author:     Warner Losh <imp@FreeBSD.org>
> > AuthorDate: 2024-08-01 21:24:51 +0000
> > Commit:     Warner Losh <imp@FreeBSD.org>
> > CommitDate: 2024-08-01 21:30:26 +0000
> >
> >     stand: Reduce limit to 500k for x86 loader
> >
> >     The largest loader that works for PXE boot is about 500k. PXE needs
> low
> >     memory for packets and other driver state, so the largest safe size
> for
> >     the loader is about 500k. Reduce the size from 560k to 500k so we
> don't
> >     accidentally break PXE in the future.
> >
> >     Add a comment for people with special needs. If you control the
> >     hardware, it can be safe to have boot loaders as large as 580k or
> 600k
> >     in some cases. Since the BIOS loader is becoming more and more of a
> >     legacy item, the build variable LOADERSIZE isn't documented. This
> change
> >     doesn't change that: there's been little demand for this
> documentation
> >     and in general, users shouldn't change it lightly.
> >
> >     PR: 257018
> >     Sponsored by: Netflix
> > ---
> >  stand/i386/loader/Makefile | 7 ++++++-
> >  1 file changed, 6 insertions(+), 1 deletion(-)
> >
> > diff --git a/stand/i386/loader/Makefile b/stand/i386/loader/Makefile
> > index a4aa3a3c4d45..efd442977780 100644
> > --- a/stand/i386/loader/Makefile
> > +++ b/stand/i386/loader/Makefile
> > @@ -32,7 +32,12 @@ VERSION_FILE=      ${.CURDIR}/../loader/version
> >  #
> >  # will tell you how many kiB of lomem are available.
> >  #
> > -LOADERSIZE?= 560000          # Largest known safe size for loader.bin
> > +# We further reduce this to 500k, though, to give PXE an additional 64k
> of space
> > +# so pxeloader will fit. If you have special needs that do not include
> pxeboot,
> > +# you can safely set this as high as 560000 generally, or a bit higher
> if you
> > +# have tight control over the machines you are booting on.
> > +#
> > +LOADERSIZE?= 500000          # Largest known safe size for loader.bin
>
> Hi Warner,
>
> This breaks the WITH_BEARSSL (which implies WITH_LOADER_VERIEXEC) build.
> When enabled, the loader ends up being just slightly larger than the
> limit.
>

"Then fix veriexec to fit." is my knee-jerk (emphasis on the jerk)
response. My more
polite response is "Why not bump LOADERSIZE locally when you enable that
option
since it's one of the "special needs" people listed in the comment." IMHO,
this is a
special need given the tight space constraints, and the big impact when the
loader
gets too big for PXEBOOT to work.

I'm very leery of doing too much "magic" with the size when other options
are enabled. The
whole point of the limit is to enforce the limit, and I don't want to go
start playing whack-a-mole
here: do I also disable pxeboot when the limit is > 500k? Do I just do that
for veriexec? etc It
becomes an aweful game. Or do I just fail the PXE build when loader is >
500k and have a knob
to disable that if you want to build both?

There's some other, interesting patches that may help with the size issue
as well. I'm
ill disposed to adding hacks that might wind up being temporary until I can
look at those
more closely. However, as time goes by, these issues will only grow more
acute and we
need to start dealing with them now.

Given I've MFC'd this, though, I'm not entirely sure the best way forward
for that.

Warner