[malloc] Avoid immediately clobbering reference count when freeing memory
Rearrange the fields in struct memory_block (without altering
MIN_MEMBLOCK_SIZE) so that the "count" field of a reference-counted
object is left intact when the memory containing the object is freed.
This allows for the possibility of detecting reference-counting errors
such as double-freeing.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[refcnt] Check reference validity on each use of ref_get() and ref_put()
Check that the reference count is valid (i.e. non-negative) on each
call to ref_get() and ref_put(), using an assert() at the point of
use.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[malloc] Use list_for_each_entry_safe() when we may delete a list entry
free_memblock() currently uses list_for_each_entry() to iterate over
the free list, and may delete an entry over which it iterates. While
there is no way that the deleted list entry could be overwritten
before we reference it, this does rely upon list_del() leaving the
"next" pointer intact, which is not guaranteed. Discovered while
tracking down a list-corruption bug (as a result of having modified
list_del() to sanitise the deleted list entry).
Fix by using list_for_each_entry_safe().
Signed-off-by: Michael Brown <mcb30@ipxe.org>
There are several points in the iPXE codebase where
list_for_each_entry() is (ab)used to extract only the first entry from
a list. Add a macro list_first_entry() to make this code easier to
read.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[int13] Add infrastructure to support EDD version 4.0
Support the extensions mandated by EDD 4.0, including:
o the ability to specify a flat physical address in a disk address
packet,
o the ability to specify a sector count greater than 127 in a disk
address packet,
o support for all functions within the Fixed Disk Access and EDD
Support subsets,
o the ability to describe a device using EDD Device Path Information.
This implementation is based on draft revision 3 of the EDD 4.0
specification, with reference to the EDD 3.0 specification. It is
possible that this implementation may need to change in order to
conform to the final published EDD 4.0 specification.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[block] Replace gPXE block-device API with an iPXE asynchronous interface
The block device interface used in gPXE predates the invention of even
the old gPXE data-transfer interface, let alone the current iPXE
generic asynchronous interface mechanism. Bring this old code up to
date, with the following benefits:
o Block device commands can be cancelled by the requestor. The INT 13
layer uses this to provide a global timeout on all INT 13 calls,
with the result that an unexpected passive failure mode (such as
an iSCSI target ACKing the request but never sending a response)
will lead to a timeout that gets reported back to the INT 13 user,
rather than simply freezing the system.
o INT 13,00 (reset drive) is now able to reset the underlying block
device. INT 13 users, such as DOS, that use INT 13,00 as a method
for error recovery now have a chance of recovering.
o All block device commands are tagged, with a numerical tag that
will show up in debugging output and in packet captures; this will
allow easier interpretation of bug reports that include both
sources of information.
o The extremely ugly hacks used to generate the boot firmware tables
have been eradicated and replaced with a generic acpi_describe()
method (exploiting the ability of iPXE interfaces to pass through
methods to an underlying interface). The ACPI tables are now
built in a shared data block within .bss16, rather than each
requiring dedicated space in .data16.
o The architecture-independent concept of a SAN device has been
exposed to the iPXE core through the sanboot API, which provides
calls to hook, unhook, boot, and describe SAN devices. This
allows for much more flexible usage patterns (such as hooking an
empty SAN device and then running an OS installer via TFTP).
Signed-off-by: Michael Brown <mcb30@ipxe.org>
xfer_window_changed() can be used to notify peers that an interface is
now ready to accept data. This can potentially be used to eliminate
the need for wasteful processes that simply poll xfer_window() until
the window becomes non-zero.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[xfer] Generalise metadata "whence" field to "flags" field
iPXE has never supported SEEK_END; the usage of "whence" offers only
the options of SEEK_SET and SEEK_CUR and so is effectively a boolean
flag. Further flags will be required to support additional metadata
required by the Fibre Channel network model, so repurpose the "whence"
field as a generic "flags" field.
xfer_seek() has always been used with SEEK_SET, so remove the "whence"
field altogether from its argument list.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Don't implement strtoul() on top of strtoull() as strtoull() is much
bigger and only used on linux currently. Instead refactor most of the
logic out of strtoul() into static inlines and reuse that. Also put it
in a separate object so it won't get linked in.
Signed-off-by: Piotr Jaroszyński <p.jaroszynski@gmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Add a facility allowing cached data to be discarded in order to
satisfy memory allocations that would otherwise fail.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[settings] Unregister the children when unregistering the parent
The DHCP settings registered as a child of the netdevice settings are
not unregistered anywhere. This prevents the netdevice from being
freed on shutdown.
Fix by automatically unregistering any child settings when the parent
settings are unregistered.
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[hci] Continue processing while prompting for shell banner
Continue calling step() while displaying the shell banner. This
potentially allows TCP connections to close gracefully after a failed
boot attempt.
Inspired-by: Guo-Fu Tseng <cooldavid@cooldavid.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[debug] Expose pause() and more() debugging functions
Include the pause() and more() debugging functions within the general
iPXE debugging framework, by introducing DBGxxx_PAUSE() and
DBGxxx_MORE() macros.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
image_set_cmdline() strdup()s cmdline, which free_image() doesn't
clean up.
Signed-off-by: Piotr Jaroszyński <p.jaroszynski@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Since more reference-counted structures than embedded images might
want to mark themselves unfreeable, expose a dummy ref_no_free().
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[interface] Allow for non-pass-through interface methods
xfer_vredirect() should not be allowed to propagate to a pass-through
interface. For example, when an HTTPS connection is opened, the
redirect message should cause the TLS layer to reopen the TCP socket,
rather than causing the HTTP layer to disconnect from the TLS layer.
Fix by allowing for non-pass-through interface methods, and setting
xfer_vredirect() to be one such method.
This is slightly ugly, in that it complicates the notion of an
interface method call by adding a "pass-through" / "non-pass-through"
piece of metadata. However, the only current user of xfer_vredirect()
is iscsi.c, which uses it only because we don't yet have an
ioctl()-style call for retrieving the underlying socket address.
The new interface infrastructure allows for such a call to be created,
at which time this sole user of xfer_vredirect() can be removed,
xfer_vredirect() can cease to be an interface method and become simply
a wrapper around xfer_vreopen(), and the concept of a non-pass-through
interface method can be reverted.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[interface] Convert all data-xfer interfaces to generic interfaces
Remove data-xfer as an interface type, and replace data-xfer
interfaces with generic interfaces supporting the data-xfer methods.
Filter interfaces (as used by the TLS layer) are handled using the
generic pass-through interface capability. A side-effect of this is
that deliver_raw() no longer exists as a data-xfer method. (In
practice this doesn't lose any efficiency, since there are no
instances within the current codebase where xfer_deliver_raw() is used
to pass data to an interface supporting the deliver_raw() method.)
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[interface] Convert all name-resolution interfaces to generic interfaces
Remove name-resolution as an interface type, and replace
name-resolution interfaces with generic interfaces supporting the
resolv_done() method.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[interface] Convert all job-control interfaces to generic interfaces
Remove job-control as an interface type, and replace job-control
interfaces with generic interfaces supporting the close() method.
(Both done() and kill() are absorbed into the function of close();
kill() is merely close(-ECANCELED).)
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[interface] Expand object interface to allow for polymorphic interfaces
We have several types of object interface at present (data-xfer, job
control, name resolution), and there is some duplication of
functionality between them. For example, job_done(), job_kill() and
xfer_close() are almost isomorphic to each other.
This updated version of the object interface mechanism allows for each
interface to export an arbitrary list of supported operations.
Advantages include:
Operations methods now receive a pointer to the object, rather than
a pointer to the interface. This allows an object to, for example,
implement a single close() method that can handle close() operations
from any of its exposed interfaces.
The close() operation is implemented as a generic operation (rather
than having specific variants for data-xfer, job control, etc.).
This will allow functions such as monojob_wait() to be used to wait
for e.g. a name resolution to complete.
The amount of boilerplate code required in objects is reduced, not
least because it is no longer necessary to include per-interface
methods that simply use container_of() to derive a pointer to the
object and then tail-call to a common per-object method.
The cost of adding new operations is reduced; adding a new data-xfer
operation such as stat() no longer incurs the penalty of adding a
.stat member to the operations table of all existing data-xfer
interfaces.
The data-xfer, job control and name resolution interfaces have not yet
been updated to use the new interface mechanism, but the code will
still compile and run.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Standardise on using ref_init() to initialise an embedded reference
count, to match the coding style used by other embedded objects.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[process] Hold reference to process during call to step()
It is conceivable that the process may terminate during the execution
of step(). If nothing else holds a reference to the containing
object, this would cause the object to be freed prior to returning
from step().
Add a ref_get()/ref_put() around the call to ->step() to prevent this
from happening.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Some switch configurations will refuse to enable our port unless we
can speak LACP to inform the switch that we are alive. Add a very
simple passive LACP implementation that is sufficient to convince at
least Linux's bonding driver (when tested using qemu attached to a tap
device enslaved to a bond device configured as "mode=802.3ad").
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[main] Match "starting execution" and "initialising devices" message style
Add a trailing "ok" to the "initialising devices message", to match
the visual style of the "ok" now added to the "starting execution"
message.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Access to the gpxe.org and etherboot.org domains and associated
resources has been revoked by the registrant of the domain. Work
around this problem by renaming project from gPXE to iPXE, and
updating URLs to match.
Also update README, LOG and COPYRIGHTS to remove obsolete information.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
The function recorder is a crash and hang debugging tool. It logs each
function call into a memory buffer while gPXE runs. After the machine
is reset, and if the contents of memory have not been overwritten, gPXE
will detect the memory buffer and print out its contents.
This allows developers to see a trace of the last functions called
before a crash or hang. The util/fnrec.sh script can be used to convert
the function addresses back into symbol names.
To build with fnrec:
make FNREC=1
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
Signed-off-by: Marty Connor <mdc@etherboot.org>
The IGMP code came from legacy Etherboot and was never updated to work
as a gPXE protocol. There has been no demand for this protocol, so this
patch removes it.
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
Signed-off-by: Marty Connor <mdc@etherboot.org>
The NFS protocol code came from legacy Etherboot and was never updated
to work as a gPXE protocol. There has been no demand for this protocol,
so this patch removes it.
I have an unfinished NFSv3 over TCP implementation for gPXE that can be
used as the base for new work, should we want to resurrect this
protocol.
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
Signed-off-by: Marty Connor <mdc@etherboot.org>
[uri] Handle an empty unparse_uri() result properly
Previously, if none of the URI parts requested existed in the passed
URI, unparse_uri() would not touch the destination buffer at all; this
could lead to use of uninitialized data. Fix by setting buf[0] = '\0'
before unparsing whenever we have room to do so.
Signed-off-by: Joshua Oreman <oremanj@rwcr.net>
Signed-off-by: Marty Connor <mdc@etherboot.org>
Currently, handling of URI escapes is ad-hoc; escaped strings are
stored as-is in the URI structure, and it is up to the individual
protocol to unescape as necessary. This is error-prone and expensive
in terms of code size. Modify this behavior by unescaping in
parse_uri() and escaping in unparse_uri() those fields that typically
handle URI escapes (hostname, user, password, path, query, fragment),
and allowing unparse_uri() to accept a subset of fields to print so
it can be easily used to generate e.g. the escaped HTTP path?query
request.
Signed-off-by: Joshua Oreman <oremanj@rwcr.net>
Signed-off-by: Marty Connor <mdc@etherboot.org>
[settings] Add automagic "netX" settings block for last opened netdev
A script loaded via autoboot may want to get some of the settings (MAC
address, IP address, et cetera) for the interface via which it was
loaded, in order to pass them to the operating system. Previously such
a script had no way to determine what to put in the X of ${netX/foo}.
Solve this problem by transparently forwarding accesses to the real
settings associated with the most recently opened network device,
so scripts in this situation can say literally ${netX/foo} and get
the foo setting they want.
Signed-off-by: Marty Connor <mdc@etherboot.org>
[linker] Add mechanism for subsystem-dependent configuration options
It is often the case that some module of gPXE is only relevant if the
subsystem it depends on is already being included. For instance,
commands to manage wireless interfaces are quite useless if no
compiled-in driver has pulled in the wireless networking stack. There
may be a user-modifiable configuration options for these dependent
modules, but even if enabled, they should not be included when they
would be useless.
Solve this by allowing the creation of config_subsystem.c, for
configuration directives like those in the global config.c that should
only be considered when subsystem.c is included in the final gPXE
build.
For consistency, move core/config.c to the config/ directory, where
the other config_subsystem.c files will eventually reside.
Signed-off-by: Marty Connor <mdc@etherboot.org>
SRP is the SCSI RDMA Protocol. It allows for a method of SAN booting
whereby the target is responsible for reading and writing data using
Remote DMA directly to the initiator's memory. The software initiator
merely sends and receives SCSI commands; it never has to touch the
actual data.
[xfer] Always nullify interface while sending close() message
Objects typically call xfer_close() as part of their response to a
close() message. If the initiating object has already nullified the
xfer interface then this isn't a problem, but it can lead to
unexpected behaviour when the initiating object is aiming to reuse the
connection and so does not nullify the interface.
Fix by always temporarily nullifying the interface during xfer_close()
(as was already being done by xfer_vreopen() in order to work around
this specific problem).
Reported-by: infernix <infernix@infernix.net>
Tested-by: infernix <infernix@infernix.net>