[fc] Hold reference to peers and ULPs while calling fc_link_examine()
Allow link examination methods to safely assume that their
self-reference remains valid for the duration of the method call.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[retry] Process at most one timer's expiry in each call to retry_step()
Calling a timer's expiry method may cause arbitrary consequences,
including arbitrary modifications of the list of retry timers.
list_for_each_entry_safe() guards against only deletion of the current
list entry; it provides no protection against other list
modifications. In particular, if a timer's expiry method causes the
subsequent timer in the list to be deleted, then the next loop
iteration will access a timer that may no longer exist.
This is a particularly nasty bug, since absolutely none of the
list-manipulation or reference-counting assertion checks will be
triggered. (The first assertion failure happens on the next iteration
through list_for_each_entry(), showing that the list has become
corrupted but providing no clue as to when this happened.)
Fix by stopping traversal of the list of retry timers as soon as we
hit an expired timer.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[malloc] Avoid immediately clobbering reference count when freeing memory
Rearrange the fields in struct memory_block (without altering
MIN_MEMBLOCK_SIZE) so that the "count" field of a reference-counted
object is left intact when the memory containing the object is freed.
This allows for the possibility of detecting reference-counting errors
such as double-freeing.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[refcnt] Check reference validity on each use of ref_get() and ref_put()
Check that the reference count is valid (i.e. non-negative) on each
call to ref_get() and ref_put(), using an assert() at the point of
use.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[malloc] Use list_for_each_entry_safe() when we may delete a list entry
free_memblock() currently uses list_for_each_entry() to iterate over
the free list, and may delete an entry over which it iterates. While
there is no way that the deleted list entry could be overwritten
before we reference it, this does rely upon list_del() leaving the
"next" pointer intact, which is not guaranteed. Discovered while
tracking down a list-corruption bug (as a result of having modified
list_del() to sanitise the deleted list entry).
Fix by using list_for_each_entry_safe().
Signed-off-by: Michael Brown <mcb30@ipxe.org>
There are several points in the iPXE codebase where
list_for_each_entry() is (ab)used to extract only the first entry from
a list. Add a macro list_first_entry() to make this code easier to
read.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Functions that instantiate objects generally own one reference to the
object being created. The error paths must therefore usually call
ref_put() to release this reference.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
For some install-to-SAN scenarios, the OS needs to be able to reboot
to reread the partition table. On this second boot attempt, the SAN
disk will not be empty and so iPXE will attempt to boot from it,
rather than falling back to the OS' installation media.
Work around this problem by introducing the "skip-san-boot" option,
similar in spirit to "keep-san".
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Improve the visibility of error messages by removing the redundant
final printing of the URL being booted.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[scsi] Wait for a successful TEST UNIT READY command
Some SCSI targets (observed with an EMC CLARiiON Fibre Channel target)
will not respond to commands correctly until a TEST UNIT READY has
been issued. In particular, a READ CAPACITY (10) command will return
with a success status, but no capacity data.
Fix by issuing a TEST UNIT READY command automatically, and delaying
further SCSI commands until the TEST UNIT READY has succeeded.
Reported-by: Hadar Hen Zion <hadarh@mellanox.co.il>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[fc] Do not use the command reference number in FCP_CMND IUs
The FCP command reference number is intended to be used for
controlling precise delivery of FCP commands, rather than being an
essentially arbitrary tag field (as with iSCSI and SRP).
Use the Fibre Channel local exchange ID as the tag for FCP commands,
instead of the FCP command reference. The local exchange ID does not
appear within the FCP IU itself, but does appear within the FC frame
header; debug traces can therefore still be correlated with packet
captures.
Reported-by: Hadar Hen Zion <hadarh@mellanox.co.il>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[hci] Use http://ipxe.org/<errno> instead of raw error numbers
Users tend to gloss over cryptic-looking error messages such as
"Boot failed: Exec format error (Error 0x2e852001)"
In particular, users tend not to report the error number, which is the
single most useful piece of diagnostic information in an iPXE error
message. Try replacing the "Error 0x2e852001" portion with a URL,
giving
"Boot failed: Exec format error (http://ipxe.org/2e852001)"
in the hope that users will, upon seeing something that is
recognisably a URL, try viewing it in a web browser. Such users will
be greeted by a web page containing a more detailed description of the
error (automatically generated from the einfo text), including links
to each line of code that might generate the error, and a section for
additional user-contributed notes. At the time of writing, a user who
visits http://ipxe.org/2e852001 would see a note saying
"This error usually indicates that the SAN disk is empty, and does
not yet contain a bootable operating system."
which may be more useful than "Exec format error (Error 0x2e852001)".
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[iscsi] Ensure ISID is consistent within an iSCSI session
Commit 5f4ab0d ("[iscsi] Randomise a portion of the ISID to force new
session instantiation") introduced a regression by randomising the
ISID on each call to iscsi_start_login(), which may be called more
than once per connection, rather than on each call to
iscsi_open_connection(), which is guaranteed to be called only once
per connection. This is incorrect behaviour that causes our
connection to be rejected by some iSCSI targets (observed with a
COMSTAR target under OpenSolaris).
Fix by generating the ISID in iscsi_open_connection(), and storing the
randomised ISID as part of the session state.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[legal] Ignore config/local header files for licensing purposes
The config/local/*.h files are expected to be empty in most cases.
This should not cause a licence determination to fail.
Fix by ignoring config/local/*.h for licensing purposes.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[iscsi] Randomise a portion of the ISID to force new session instantiation
When a connection to an iSCSI target is broken without gracefully
closing the TCP socket, a subsequent connection attempt may fail
because the target believes that we are attempting session
reinstatement (see RFC3720 section 5.3.1). This has been observed
using the Microsoft iSCSI target.
Section 9.1.1 of RFC3720 states that initiators should use a stable
ISID, however section 5.3.1 shows that the only way to explicitly
request that a new session be created is to use a new ISID.
Fix by randomising the "qualifier" portion of the ISID.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[fcoe] Request SPMA iff FIP advertisement indicates support for SPMA
We currently set both the FP and SP bits in our FIP FLOGI, to allow
the FCF the choice of selecting either a fabric-provided or a server-
provided MAC address. This complies with the FCoE specification, but
has been observed to result in an FLOGI rejection from some FCFs.
Fix by recording whether or not the FCF supports SPMA, and requesting
only one of FPMA or SPMA in our FIP FLOGI. We choose to prefer SPMA
where available, because many iPXE drivers will not be able to receive
unicast packets sent to a non-default MAC address.
Reported-by: Hadar Hen Zion <hadarh@mellanox.co.il>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
When using binutils 2.20, it seems to be necessary to add -ldl to link
against -lbfd.
Reported-by: Duane Voth <duanev@gmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[dhcp] Include session state metadata in packet traces
(Ab)use the "secs" field in transmitted DHCP packets to convey
metadata about the DHCP session state. In particular:
bit 0 represents the receipt of a ProxyDHCPOFFER
bit 1 represents the receipt of a DHCPOFFER
bits 2+ represent the transmitted packet sequence number
This allows some relevant information about the internal state of the
DHCP session to be read out from a packet trace from a non-debug build
of iPXE. It also potentially allows replies to be correlated to their
requests (for servers that copy the "secs" field from request to
reply).
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[dhcp] Omit ProxyDHCPREQUEST if PXE options are present in ProxyDHCPOFFER
Some ProxyDHCP implementations seem to violate the PXE specification
by expecting the client to retain options from the ProxyDHCPOFFER
rather than issuing a separate ProxyDHCPREQUEST.
Work around such broken clients by retaining the ProxyDHCPOFFER
packet, and proceeding to a ProxyDHCPREQUEST only if the
ProxyDHCPOFFER does not already contain PXE options.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
A recent patch series breaks compatibility with various common DHCP
implementations.
Revert "[dhcp] Don't consider invalid offers to be duplicates"
This reverts commit 905ea56753.
Revert "[dhcp] Honor PXEBS_SKIP option in discovery control"
This reverts commit 620b98ee4b.
Revert "[dhcp] Keep multiple DHCP offers received, and use them intelligently"
This reverts commit 5efc2fcb60.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
FCoE requires us to be able to receive unicast packets for multiple
addresses. Support this by operating in promiscuous mode.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[fc] Update ELS port IDs when receiving an ELS frame
The port ID assigned by the FLOGI response is implicit in the
destination ID used for the response (which will differ from the
source ID used for the corresponding request).
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[netdevice] Pass both link-layer addresses in net_tx() and net_rx()
FCoE requires the use of fabric-provided MAC addresses, which breaks
the assumption that the net device's MAC address is implicitly the
source address for net_tx() and the (unicast) destination address for
net_rx().
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[int13] Include disk signature in debugging output
The disk signature is used by some OSes (notably Windows) to identify
the boot disk, so it's useful debugging information to have.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[libc] Ensure that error numbers from EUNIQ() have the correct type
Error numbers are signed ints. EUNIQ() should not allow implicit type
promotion based on the supplied error diambiguator, because this
causes problems with statements such as
rc = ( condition ? -EUNIQ ( EBASE, disambiguator ) : -EBASE );
Signed-off-by: Michael Brown <mcb30@ipxe.org>