[pxe] Treat PXENV_RESTART_TFTP as unreturnable

Microsoft WDS can end up calling PXENV_RESTART_TFTP to execute a
second-stage NBP which then exits.  Specifically, wdsnbp.com uses
PXENV_RESTART_TFTP to execute pxeboot.com, which will exit if the user
does not press F12.  iPXE currently treats PXENV_RESTART_TFTP as a
normal PXE API call, and so attempts to return to wdsnbp.com, which
has just been vaporised by pxeboot.com.

Use rmsetjmp/rmlongjmp to preserve the stack state as of the initial
NBP execution, and to restore this state immediately prior to
executing the NBP loaded via PXENV_RESTART_TFTP.  This matches the
behaviour in the PXE spec (which says that "if TFTP is restarted,
control is never returned to the caller"), and allows pxeboot.com to
exit relatively cleanly back to iPXE.

As with all usage of setjmp/longjmp, there may be subtle corner case
bugs due to not gracefully unwinding any state accumulated by the time
of the longjmp call, but this seems to be the only viable way to
provide the specified behaviour.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/arch/i386/include/pxe_call.h

 
 #include <pxe_api.h>
 #include <realmode.h>
+#include <setjmp.h>
 
 struct net_device;
 
 extern struct s_PXENV __text16 ( pxenv );
 #define pxenv __use_text16 ( pxenv )
 
+/** PXENV_RESTART_TFTP jump buffer */
+extern rmjmp_buf pxe_restart_nbp;
+
 extern void pxe_activate ( struct net_device *netdev );
 extern int pxe_deactivate ( void );
 extern int pxe_start_nbp ( void );

src/arch/i386/interface/pxe/pxe_call.c

 
 #include <ipxe/uaccess.h>
 #include <ipxe/init.h>
+#include <setjmp.h>
 #include <registers.h>
 #include <biosint.h>
 #include <pxe.h>
 	return 0;
 }
 
+/** Jump buffer for PXENV_RESTART_TFTP */
+rmjmp_buf pxe_restart_nbp;
+
 /**
  * Start PXE NBP at 0000:7c00
  *
  * @ret rc		Return status code
  */
 int pxe_start_nbp ( void ) {
+	int jmp;
 	int discard_b, discard_c, discard_d, discard_D;
 	uint16_t rc;
 
+	/* Allow restarting NBP via PXENV_RESTART_TFTP */
+	jmp = rmsetjmp ( pxe_restart_nbp );
+	if ( jmp )
+		DBG ( "Restarting NBP (%x)\n", jmp );
+
 	/* Far call to PXE NBP */
 	__asm__ __volatile__ ( REAL_CODE ( "movw %%cx, %%es\n\t"
 					   "pushw %%es\n\t"

src/arch/i386/interface/pxe/pxe_preboot.c

 #include <stdint.h>
 #include <string.h>
 #include <stdlib.h>
+#include <setjmp.h>
 #include <ipxe/uaccess.h>
 #include <ipxe/dhcp.h>
 #include <ipxe/fakedhcp.h>
 	if ( tftp_exit != PXENV_EXIT_SUCCESS )
 		return tftp_exit;
 
-	/* Fire up the new NBP */
-	restart_tftp->Status = pxe_start_nbp();
-
-	/* Not sure what "SUCCESS" actually means, since we can only
-	 * return if the new NBP failed to boot...
-	 */
-	return PXENV_EXIT_SUCCESS;
+	/* Restart NBP */
+	rmlongjmp ( pxe_restart_nbp, PXENV_RESTART_TFTP );
 }
 
 /* PXENV_START_UNDI