Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.

image.c 12KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507
  1. /*
  2. * Copyright (C) 2006 Michael Brown <mbrown@fensystems.co.uk>.
  3. *
  4. * This program is free software; you can redistribute it and/or
  5. * modify it under the terms of the GNU General Public License as
  6. * published by the Free Software Foundation; either version 2 of the
  7. * License, or any later version.
  8. *
  9. * This program is distributed in the hope that it will be useful, but
  10. * WITHOUT ANY WARRANTY; without even the implied warranty of
  11. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  12. * General Public License for more details.
  13. *
  14. * You should have received a copy of the GNU General Public License
  15. * along with this program; if not, write to the Free Software
  16. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  17. * 02110-1301, USA.
  18. *
  19. * You can also choose to distribute this program under the terms of
  20. * the Unmodified Binary Distribution Licence (as given in the file
  21. * COPYING.UBDL), provided that you have satisfied its requirements.
  22. */
  23. FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
  24. #include <stddef.h>
  25. #include <string.h>
  26. #include <stdlib.h>
  27. #include <stdio.h>
  28. #include <errno.h>
  29. #include <assert.h>
  30. #include <libgen.h>
  31. #include <syslog.h>
  32. #include <ipxe/list.h>
  33. #include <ipxe/umalloc.h>
  34. #include <ipxe/uri.h>
  35. #include <ipxe/image.h>
  36. /** @file
  37. *
  38. * Executable images
  39. *
  40. */
  41. /* Disambiguate the various error causes */
  42. #define EACCES_UNTRUSTED \
  43. __einfo_error ( EINFO_EACCES_UNTRUSTED )
  44. #define EINFO_EACCES_UNTRUSTED \
  45. __einfo_uniqify ( EINFO_EACCES, 0x01, "Untrusted image" )
  46. #define EACCES_PERMANENT \
  47. __einfo_error ( EINFO_EACCES_PERMANENT )
  48. #define EINFO_EACCES_PERMANENT \
  49. __einfo_uniqify ( EINFO_EACCES, 0x02, "Trust requirement is permanent" )
  50. /** List of registered images */
  51. struct list_head images = LIST_HEAD_INIT ( images );
  52. /** Currently-executing image */
  53. struct image *current_image;
  54. /** Current image trust requirement */
  55. static int require_trusted_images = 0;
  56. /** Prevent changes to image trust requirement */
  57. static int require_trusted_images_permanent = 0;
  58. /**
  59. * Free executable image
  60. *
  61. * @v refcnt Reference counter
  62. */
  63. static void free_image ( struct refcnt *refcnt ) {
  64. struct image *image = container_of ( refcnt, struct image, refcnt );
  65. DBGC ( image, "IMAGE %s freed\n", image->name );
  66. free ( image->name );
  67. free ( image->cmdline );
  68. uri_put ( image->uri );
  69. ufree ( image->data );
  70. image_put ( image->replacement );
  71. free ( image );
  72. }
  73. /**
  74. * Allocate executable image
  75. *
  76. * @v uri URI, or NULL
  77. * @ret image Executable image
  78. */
  79. struct image * alloc_image ( struct uri *uri ) {
  80. struct image *image;
  81. int rc;
  82. /* Allocate image */
  83. image = zalloc ( sizeof ( *image ) );
  84. if ( ! image )
  85. goto err_alloc;
  86. /* Initialise image */
  87. ref_init ( &image->refcnt, free_image );
  88. if ( uri && ( ( rc = image_set_uri ( image, uri ) ) != 0 ) )
  89. goto err_set_uri;
  90. return image;
  91. err_set_uri:
  92. image_put ( image );
  93. err_alloc:
  94. return NULL;
  95. }
  96. /**
  97. * Set image URI
  98. *
  99. * @v image Image
  100. * @v uri New image URI
  101. * @ret rc Return status code
  102. */
  103. int image_set_uri ( struct image *image, struct uri *uri ) {
  104. const char *name;
  105. int rc;
  106. /* Set name, if image does not already have one */
  107. if ( uri->path && ( ! ( image->name && image->name[0] ) ) ) {
  108. name = basename ( ( char * ) uri->path );
  109. if ( ( rc = image_set_name ( image, name ) ) != 0 )
  110. return rc;
  111. }
  112. /* Update image URI */
  113. uri_put ( image->uri );
  114. image->uri = uri_get ( uri );
  115. return 0;
  116. }
  117. /**
  118. * Set image name
  119. *
  120. * @v image Image
  121. * @v name New image name
  122. * @ret rc Return status code
  123. */
  124. int image_set_name ( struct image *image, const char *name ) {
  125. char *name_copy;
  126. /* Duplicate name */
  127. name_copy = strdup ( name );
  128. if ( ! name_copy )
  129. return -ENOMEM;
  130. /* Replace existing name */
  131. free ( image->name );
  132. image->name = name_copy;
  133. return 0;
  134. }
  135. /**
  136. * Set image command line
  137. *
  138. * @v image Image
  139. * @v cmdline New image command line, or NULL
  140. * @ret rc Return status code
  141. */
  142. int image_set_cmdline ( struct image *image, const char *cmdline ) {
  143. free ( image->cmdline );
  144. image->cmdline = NULL;
  145. if ( cmdline ) {
  146. image->cmdline = strdup ( cmdline );
  147. if ( ! image->cmdline )
  148. return -ENOMEM;
  149. }
  150. return 0;
  151. }
  152. /**
  153. * Determine image type
  154. *
  155. * @v image Executable image
  156. * @ret rc Return status code
  157. */
  158. static int image_probe ( struct image *image ) {
  159. struct image_type *type;
  160. int rc;
  161. /* Try each type in turn */
  162. for_each_table_entry ( type, IMAGE_TYPES ) {
  163. if ( ( rc = type->probe ( image ) ) == 0 ) {
  164. image->type = type;
  165. DBGC ( image, "IMAGE %s is %s\n",
  166. image->name, type->name );
  167. return 0;
  168. }
  169. DBGC ( image, "IMAGE %s is not %s: %s\n", image->name,
  170. type->name, strerror ( rc ) );
  171. }
  172. DBGC ( image, "IMAGE %s format not recognised\n", image->name );
  173. return -ENOTSUP;
  174. }
  175. /**
  176. * Register executable image
  177. *
  178. * @v image Executable image
  179. * @ret rc Return status code
  180. */
  181. int register_image ( struct image *image ) {
  182. static unsigned int imgindex = 0;
  183. char name[8]; /* "imgXXXX" */
  184. int rc;
  185. /* Create image name if it doesn't already have one */
  186. if ( ! image->name ) {
  187. snprintf ( name, sizeof ( name ), "img%d", imgindex++ );
  188. if ( ( rc = image_set_name ( image, name ) ) != 0 )
  189. return rc;
  190. }
  191. /* Avoid ending up with multiple "selected" images on
  192. * re-registration
  193. */
  194. if ( image_find_selected() )
  195. image->flags &= ~IMAGE_SELECTED;
  196. /* Add to image list */
  197. image_get ( image );
  198. image->flags |= IMAGE_REGISTERED;
  199. list_add_tail ( &image->list, &images );
  200. DBGC ( image, "IMAGE %s at [%lx,%lx) registered\n",
  201. image->name, user_to_phys ( image->data, 0 ),
  202. user_to_phys ( image->data, image->len ) );
  203. /* Try to detect image type, if applicable. Ignore failures,
  204. * since we expect to handle some unrecognised images
  205. * (e.g. kernel initrds, multiboot modules, random files
  206. * provided via our EFI virtual filesystem, etc).
  207. */
  208. if ( ! image->type )
  209. image_probe ( image );
  210. return 0;
  211. }
  212. /**
  213. * Unregister executable image
  214. *
  215. * @v image Executable image
  216. */
  217. void unregister_image ( struct image *image ) {
  218. /* Do nothing unless image is registered */
  219. if ( ! ( image->flags & IMAGE_REGISTERED ) )
  220. return;
  221. DBGC ( image, "IMAGE %s unregistered\n", image->name );
  222. list_del ( &image->list );
  223. image->flags &= ~IMAGE_REGISTERED;
  224. image_put ( image );
  225. }
  226. /**
  227. * Find image by name
  228. *
  229. * @v name Image name
  230. * @ret image Executable image, or NULL
  231. */
  232. struct image * find_image ( const char *name ) {
  233. struct image *image;
  234. list_for_each_entry ( image, &images, list ) {
  235. if ( strcmp ( image->name, name ) == 0 )
  236. return image;
  237. }
  238. return NULL;
  239. }
  240. /**
  241. * Execute image
  242. *
  243. * @v image Executable image
  244. * @ret rc Return status code
  245. *
  246. * The image must already be registered. Note that executing an image
  247. * may cause it to unregister itself. The caller must therefore
  248. * assume that the image pointer becomes invalid.
  249. */
  250. int image_exec ( struct image *image ) {
  251. struct image *saved_current_image;
  252. struct image *replacement = NULL;
  253. struct uri *old_cwuri;
  254. int rc;
  255. /* Sanity check */
  256. assert ( image->flags & IMAGE_REGISTERED );
  257. /* Switch current working directory to be that of the image itself */
  258. old_cwuri = uri_get ( cwuri );
  259. churi ( image->uri );
  260. /* Preserve record of any currently-running image */
  261. saved_current_image = current_image;
  262. /* Take out a temporary reference to the image. This allows
  263. * the image to unregister itself if necessary, without
  264. * automatically freeing itself.
  265. */
  266. current_image = image_get ( image );
  267. /* Check that this image can be executed */
  268. if ( ! ( image->type && image->type->exec ) ) {
  269. rc = -ENOEXEC;
  270. goto err;
  271. }
  272. /* Check that image is trusted (if applicable) */
  273. if ( require_trusted_images && ! ( image->flags & IMAGE_TRUSTED ) ) {
  274. DBGC ( image, "IMAGE %s is not trusted\n", image->name );
  275. rc = -EACCES_UNTRUSTED;
  276. goto err;
  277. }
  278. /* Record boot attempt */
  279. syslog ( LOG_NOTICE, "Executing \"%s\"\n", image->name );
  280. /* Try executing the image */
  281. if ( ( rc = image->type->exec ( image ) ) != 0 ) {
  282. DBGC ( image, "IMAGE %s could not execute: %s\n",
  283. image->name, strerror ( rc ) );
  284. /* Do not return yet; we still have clean-up to do */
  285. }
  286. /* Record result of boot attempt */
  287. if ( rc == 0 ) {
  288. syslog ( LOG_NOTICE, "Execution of \"%s\" completed\n",
  289. image->name );
  290. } else {
  291. syslog ( LOG_ERR, "Execution of \"%s\" failed: %s\n",
  292. image->name, strerror ( rc ) );
  293. }
  294. /* Pick up replacement image before we drop the original
  295. * image's temporary reference. The replacement image must
  296. * already be registered, so we don't need to hold a temporary
  297. * reference (which would complicate the tail-recursion).
  298. */
  299. replacement = image->replacement;
  300. if ( replacement )
  301. assert ( replacement->flags & IMAGE_REGISTERED );
  302. err:
  303. /* Unregister image if applicable */
  304. if ( image->flags & IMAGE_AUTO_UNREGISTER )
  305. unregister_image ( image );
  306. /* Debug message for tail-recursion. Placed here because the
  307. * image_put() may end up freeing the image.
  308. */
  309. if ( replacement ) {
  310. DBGC ( image, "IMAGE %s replacing self with IMAGE %s\n",
  311. image->name, replacement->name );
  312. }
  313. /* Drop temporary reference to the original image */
  314. image_put ( image );
  315. /* Restore previous currently-running image */
  316. current_image = saved_current_image;
  317. /* Reset current working directory */
  318. churi ( old_cwuri );
  319. uri_put ( old_cwuri );
  320. /* Tail-recurse into replacement image, if one exists */
  321. if ( replacement )
  322. return image_exec ( replacement );
  323. return rc;
  324. }
  325. /**
  326. * Set replacement image
  327. *
  328. * @v replacement Replacement image
  329. * @ret rc Return status code
  330. *
  331. * The replacement image must already be registered, and must remain
  332. * registered until the currently-executing image returns.
  333. */
  334. int image_replace ( struct image *replacement ) {
  335. struct image *image = current_image;
  336. int rc;
  337. /* Sanity check */
  338. assert ( replacement->flags & IMAGE_REGISTERED );
  339. /* Fail unless there is a currently-executing image */
  340. if ( ! image ) {
  341. rc = -ENOTTY;
  342. DBGC ( replacement, "IMAGE %s cannot replace non-existent "
  343. "image: %s\n", replacement->name, strerror ( rc ) );
  344. return rc;
  345. }
  346. /* Check that the replacement image can be executed */
  347. if ( ! ( replacement->type && replacement->type->exec ) )
  348. return -ENOEXEC;
  349. /* Clear any existing replacement */
  350. image_put ( image->replacement );
  351. /* Set replacement */
  352. image->replacement = image_get ( replacement );
  353. DBGC ( image, "IMAGE %s will replace self with IMAGE %s\n",
  354. image->name, replacement->name );
  355. return 0;
  356. }
  357. /**
  358. * Select image for execution
  359. *
  360. * @v image Executable image
  361. * @ret rc Return status code
  362. */
  363. int image_select ( struct image *image ) {
  364. struct image *tmp;
  365. /* Unselect all other images */
  366. for_each_image ( tmp )
  367. tmp->flags &= ~IMAGE_SELECTED;
  368. /* Check that this image can be executed */
  369. if ( ! ( image->type && image->type->exec ) )
  370. return -ENOEXEC;
  371. /* Mark image as selected */
  372. image->flags |= IMAGE_SELECTED;
  373. return 0;
  374. }
  375. /**
  376. * Find selected image
  377. *
  378. * @ret image Executable image, or NULL
  379. */
  380. struct image * image_find_selected ( void ) {
  381. struct image *image;
  382. for_each_image ( image ) {
  383. if ( image->flags & IMAGE_SELECTED )
  384. return image;
  385. }
  386. return NULL;
  387. }
  388. /**
  389. * Change image trust requirement
  390. *
  391. * @v require_trusted Require trusted images
  392. * @v permanent Make trust requirement permanent
  393. * @ret rc Return status code
  394. */
  395. int image_set_trust ( int require_trusted, int permanent ) {
  396. /* Update trust requirement, if permitted to do so */
  397. if ( ! require_trusted_images_permanent ) {
  398. require_trusted_images = require_trusted;
  399. require_trusted_images_permanent = permanent;
  400. }
  401. /* Fail if we attempted to change the trust requirement but
  402. * were not permitted to do so.
  403. */
  404. if ( require_trusted_images != require_trusted )
  405. return -EACCES_PERMANENT;
  406. return 0;
  407. }
  408. /**
  409. * Create pixel buffer from image
  410. *
  411. * @v image Image
  412. * @v pixbuf Pixel buffer to fill in
  413. * @ret rc Return status code
  414. */
  415. int image_pixbuf ( struct image *image, struct pixel_buffer **pixbuf ) {
  416. int rc;
  417. /* Check that this image can be used to create a pixel buffer */
  418. if ( ! ( image->type && image->type->pixbuf ) )
  419. return -ENOTSUP;
  420. /* Try creating pixel buffer */
  421. if ( ( rc = image->type->pixbuf ( image, pixbuf ) ) != 0 ) {
  422. DBGC ( image, "IMAGE %s could not create pixel buffer: %s\n",
  423. image->name, strerror ( rc ) );
  424. return rc;
  425. }
  426. return 0;
  427. }