robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4240 Commits
2 Branches
Tree: c3b4860ce3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c3b4860ce3'
${ noResults }
ipxe/src/core/image.c

image.c 11KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456 
  1. /*

  2.  * Copyright (C) 2006 Michael Brown <mbrown@fensystems.co.uk>.

  3.  *

  4.  * This program is free software; you can redistribute it and/or

  5.  * modify it under the terms of the GNU General Public License as

  6.  * published by the Free Software Foundation; either version 2 of the

  7.  * License, or any later version.

  8.  *

  9.  * This program is distributed in the hope that it will be useful, but

  10.  * WITHOUT ANY WARRANTY; without even the implied warranty of

  11.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  12.  * General Public License for more details.

  13.  *

  14.  * You should have received a copy of the GNU General Public License

  15.  * along with this program; if not, write to the Free Software

  16.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

  17.  * 02110-1301, USA.

  18.  */

  19. 

  20. FILE_LICENCE ( GPL2_OR_LATER );

  21. 

  22. #include <stddef.h>

  23. #include <string.h>

  24. #include <stdlib.h>

  25. #include <stdio.h>

  26. #include <errno.h>

  27. #include <assert.h>

  28. #include <libgen.h>

  29. #include <syslog.h>

  30. #include <ipxe/list.h>

  31. #include <ipxe/umalloc.h>

  32. #include <ipxe/uri.h>

  33. #include <ipxe/image.h>

  34. 

  35. /** @file

  36.  *

  37.  * Executable images

  38.  *

  39.  */

  40. 

  41. /* Disambiguate the various error causes */

  42. #define EACCES_UNTRUSTED \

  43. 	__einfo_error ( EINFO_EACCES_UNTRUSTED )

  44. #define EINFO_EACCES_UNTRUSTED \

  45. 	__einfo_uniqify ( EINFO_EACCES, 0x01, "Untrusted image" )

  46. #define EACCES_PERMANENT \

  47. 	__einfo_error ( EINFO_EACCES_PERMANENT )

  48. #define EINFO_EACCES_PERMANENT \

  49. 	__einfo_uniqify ( EINFO_EACCES, 0x02, "Trust requirement is permanent" )

  50. 

  51. /** List of registered images */

  52. struct list_head images = LIST_HEAD_INIT ( images );

  53. 

  54. /** Currently-executing image */

  55. struct image *current_image;

  56. 

  57. /** Current image trust requirement */

  58. static int require_trusted_images = 0;

  59. 

  60. /** Prevent changes to image trust requirement */

  61. static int require_trusted_images_permanent = 0;

  62. 

  63. /**

  64.  * Free executable image

  65.  *

  66.  * @v refcnt		Reference counter

  67.  */

  68. static void free_image ( struct refcnt *refcnt ) {

  69. 	struct image *image = container_of ( refcnt, struct image, refcnt );

  70. 

  71. 	DBGC ( image, "IMAGE %s freed\n", image->name );

  72. 	free ( image->name );

  73. 	free ( image->cmdline );

  74. 	uri_put ( image->uri );

  75. 	ufree ( image->data );

  76. 	image_put ( image->replacement );

  77. 	free ( image );

  78. }

  79. 

  80. /**

  81.  * Allocate executable image

  82.  *

  83.  * @v uri		URI, or NULL

  84.  * @ret image		Executable image

  85.  */

  86. struct image * alloc_image ( struct uri *uri ) {

  87. 	const char *name;

  88. 	struct image *image;

  89. 	int rc;

  90. 

  91. 	/* Allocate image */

  92. 	image = zalloc ( sizeof ( *image ) );

  93. 	if ( ! image )

  94. 		goto err_alloc;

  95. 

  96. 	/* Initialise image */

  97. 	ref_init ( &image->refcnt, free_image );

  98. 	if ( uri ) {

  99. 		image->uri = uri_get ( uri );

  100. 		if ( uri->path ) {

  101. 			name = basename ( ( char * ) uri->path );

  102. 			if ( ( rc = image_set_name ( image, name ) ) != 0 )

  103. 				goto err_set_name;

  104. 		}

  105. 	}

  106. 

  107. 	return image;

  108. 

  109.  err_set_name:

  110. 	image_put ( image );

  111.  err_alloc:

  112. 	return NULL;

  113. }

  114. 

  115. /**

  116.  * Set image name

  117.  *

  118.  * @v image		Image

  119.  * @v name		New image name

  120.  * @ret rc		Return status code

  121.  */

  122. int image_set_name ( struct image *image, const char *name ) {

  123. 	char *name_copy;

  124. 

  125. 	/* Duplicate name */

  126. 	name_copy = strdup ( name );

  127. 	if ( ! name_copy )

  128. 		return -ENOMEM;

  129. 

  130. 	/* Replace existing name */

  131. 	free ( image->name );

  132. 	image->name = name_copy;

  133. 

  134. 	return 0;

  135. }

  136. 

  137. /**

  138.  * Set image command line

  139.  *

  140.  * @v image		Image

  141.  * @v cmdline		New image command line, or NULL

  142.  * @ret rc		Return status code

  143.  */

  144. int image_set_cmdline ( struct image *image, const char *cmdline ) {

  145. 

  146. 	free ( image->cmdline );

  147. 	image->cmdline = NULL;

  148. 	if ( cmdline ) {

  149. 		image->cmdline = strdup ( cmdline );

  150. 		if ( ! image->cmdline )

  151. 			return -ENOMEM;

  152. 	}

  153. 	return 0;

  154. }

  155. 

  156. /**

  157.  * Register executable image

  158.  *

  159.  * @v image		Executable image

  160.  * @ret rc		Return status code

  161.  */

  162. int register_image ( struct image *image ) {

  163. 	static unsigned int imgindex = 0;

  164. 	char name[8]; /* "imgXXXX" */

  165. 	int rc;

  166. 

  167. 	/* Create image name if it doesn't already have one */

  168. 	if ( ! image->name ) {

  169. 		snprintf ( name, sizeof ( name ), "img%d", imgindex++ );

  170. 		if ( ( rc = image_set_name ( image, name ) ) != 0 )

  171. 			return rc;

  172. 	}

  173. 

  174. 	/* Avoid ending up with multiple "selected" images on

  175. 	 * re-registration

  176. 	 */

  177. 	if ( image_find_selected() )

  178. 		image->flags &= ~IMAGE_SELECTED;

  179. 

  180. 	/* Add to image list */

  181. 	image_get ( image );

  182. 	image->flags |= IMAGE_REGISTERED;

  183. 	list_add_tail ( &image->list, &images );

  184. 	DBGC ( image, "IMAGE %s at [%lx,%lx) registered\n",

  185. 	       image->name, user_to_phys ( image->data, 0 ),

  186. 	       user_to_phys ( image->data, image->len ) );

  187. 

  188. 	return 0;

  189. }

  190. 

  191. /**

  192.  * Unregister executable image

  193.  *

  194.  * @v image		Executable image

  195.  */

  196. void unregister_image ( struct image *image ) {

  197. 

  198. 	/* Do nothing unless image is registered */

  199. 	if ( ! ( image->flags & IMAGE_REGISTERED ) )

  200. 		return;

  201. 

  202. 	DBGC ( image, "IMAGE %s unregistered\n", image->name );

  203. 	list_del ( &image->list );

  204. 	image->flags &= ~IMAGE_REGISTERED;

  205. 	image_put ( image );

  206. }

  207. 

  208. /**

  209.  * Find image by name

  210.  *

  211.  * @v name		Image name

  212.  * @ret image		Executable image, or NULL

  213.  */

  214. struct image * find_image ( const char *name ) {

  215. 	struct image *image;

  216. 

  217. 	list_for_each_entry ( image, &images, list ) {

  218. 		if ( strcmp ( image->name, name ) == 0 )

  219. 			return image;

  220. 	}

  221. 

  222. 	return NULL;

  223. }

  224. 

  225. /**

  226.  * Determine image type

  227.  *

  228.  * @v image		Executable image

  229.  * @ret rc		Return status code

  230.  */

  231. int image_probe ( struct image *image ) {

  232. 	struct image_type *type;

  233. 	int rc;

  234. 

  235. 	/* Succeed if we already have a type */

  236. 	if ( image->type )

  237. 		return 0;

  238. 

  239. 	/* Try each type in turn */

  240. 	for_each_table_entry ( type, IMAGE_TYPES ) {

  241. 		if ( ( rc = type->probe ( image ) ) == 0 ) {

  242. 			image->type = type;

  243. 			DBGC ( image, "IMAGE %s is %s\n",

  244. 			       image->name, type->name );

  245. 			return 0;

  246. 		}

  247. 		DBGC ( image, "IMAGE %s is not %s: %s\n", image->name,

  248. 		       type->name, strerror ( rc ) );

  249. 	}

  250. 

  251. 	DBGC ( image, "IMAGE %s format not recognised\n", image->name );

  252. 	return -ENOEXEC;

  253. }

  254. 

  255. /**

  256.  * Execute image

  257.  *

  258.  * @v image		Executable image

  259.  * @ret rc		Return status code

  260.  *

  261.  * The image must already be registered.  Note that executing an image

  262.  * may cause it to unregister itself.  The caller must therefore

  263.  * assume that the image pointer becomes invalid.

  264.  */

  265. int image_exec ( struct image *image ) {

  266. 	struct image *saved_current_image;

  267. 	struct image *replacement = NULL;

  268. 	struct uri *old_cwuri;

  269. 	int rc;

  270. 

  271. 	/* Sanity check */

  272. 	assert ( image->flags & IMAGE_REGISTERED );

  273. 

  274. 	/* Switch current working directory to be that of the image itself */

  275. 	old_cwuri = uri_get ( cwuri );

  276. 	churi ( image->uri );

  277. 

  278. 	/* Preserve record of any currently-running image */

  279. 	saved_current_image = current_image;

  280. 

  281. 	/* Take out a temporary reference to the image.  This allows

  282. 	 * the image to unregister itself if necessary, without

  283. 	 * automatically freeing itself.

  284. 	 */

  285. 	current_image = image_get ( image );

  286. 

  287. 	/* Check that this image can be selected for execution */

  288. 	if ( ( rc = image_select ( image ) ) != 0 )

  289. 		goto err;

  290. 

  291. 	/* Check that image is trusted (if applicable) */

  292. 	if ( require_trusted_images && ! ( image->flags & IMAGE_TRUSTED ) ) {

  293. 		DBGC ( image, "IMAGE %s is not trusted\n", image->name );

  294. 		rc = -EACCES_UNTRUSTED;

  295. 		goto err;

  296. 	}

  297. 

  298. 	/* Record boot attempt */

  299. 	syslog ( LOG_NOTICE, "Executing \"%s\"\n", image->name );

  300. 

  301. 	/* Try executing the image */

  302. 	if ( ( rc = image->type->exec ( image ) ) != 0 ) {

  303. 		DBGC ( image, "IMAGE %s could not execute: %s\n",

  304. 		       image->name, strerror ( rc ) );

  305. 		/* Do not return yet; we still have clean-up to do */

  306. 	}

  307. 

  308. 	/* Record result of boot attempt */

  309. 	if ( rc == 0 ) {

  310. 		syslog ( LOG_NOTICE, "Execution of \"%s\" completed\n",

  311. 			 image->name );

  312. 	} else {

  313. 		syslog ( LOG_ERR, "Execution of \"%s\" failed: %s\n",

  314. 			 image->name, strerror ( rc ) );

  315. 	}

  316. 

  317. 	/* Pick up replacement image before we drop the original

  318. 	 * image's temporary reference.  The replacement image must

  319. 	 * already be registered, so we don't need to hold a temporary

  320. 	 * reference (which would complicate the tail-recursion).

  321. 	 */

  322. 	replacement = image->replacement;

  323. 	if ( replacement )

  324. 		assert ( replacement->flags & IMAGE_REGISTERED );

  325. 

  326.  err:

  327. 	/* Unregister image if applicable */

  328. 	if ( image->flags & IMAGE_AUTO_UNREGISTER )

  329. 		unregister_image ( image );

  330. 

  331. 	/* Debug message for tail-recursion.  Placed here because the

  332. 	 * image_put() may end up freeing the image.

  333. 	 */

  334. 	if ( replacement ) {

  335. 		DBGC ( image, "IMAGE %s replacing self with IMAGE %s\n",

  336. 		       image->name, replacement->name );

  337. 	}

  338. 

  339. 	/* Drop temporary reference to the original image */

  340. 	image_put ( image );

  341. 

  342. 	/* Restore previous currently-running image */

  343. 	current_image = saved_current_image;

  344. 

  345. 	/* Reset current working directory */

  346. 	churi ( old_cwuri );

  347. 	uri_put ( old_cwuri );

  348. 

  349. 	/* Tail-recurse into replacement image, if one exists */

  350. 	if ( replacement )

  351. 		return image_exec ( replacement );

  352. 

  353. 	return rc;

  354. }

  355. 

  356. /**

  357.  * Set replacement image

  358.  *

  359.  * @v replacement	Replacement image

  360.  * @ret rc		Return status code

  361.  *

  362.  * The replacement image must already be registered, and must remain

  363.  * registered until the currently-executing image returns.

  364.  */

  365. int image_replace ( struct image *replacement ) {

  366. 	struct image *image = current_image;

  367. 	int rc;

  368. 

  369. 	/* Sanity check */

  370. 	assert ( replacement->flags & IMAGE_REGISTERED );

  371. 

  372. 	/* Fail unless there is a currently-executing image */

  373. 	if ( ! image ) {

  374. 		rc = -ENOTTY;

  375. 		DBGC ( replacement, "IMAGE %s cannot replace non-existent "

  376. 		       "image: %s\n", replacement->name, strerror ( rc ) );

  377. 		return rc;

  378. 	}

  379. 

  380. 	/* Check that the replacement image can be executed */

  381. 	if ( ( rc = image_probe ( replacement ) ) != 0 )

  382. 		return rc;

  383. 

  384. 	/* Clear any existing replacement */

  385. 	image_put ( image->replacement );

  386. 

  387. 	/* Set replacement */

  388. 	image->replacement = image_get ( replacement );

  389. 	DBGC ( image, "IMAGE %s will replace self with IMAGE %s\n",

  390. 	       image->name, replacement->name );

  391. 

  392. 	return 0;

  393. }

  394. 

  395. /**

  396.  * Select image for execution

  397.  *

  398.  * @v image		Executable image

  399.  * @ret rc		Return status code

  400.  */

  401. int image_select ( struct image *image ) {

  402. 	struct image *tmp;

  403. 	int rc;

  404. 

  405. 	/* Unselect all other images */

  406. 	for_each_image ( tmp )

  407. 		tmp->flags &= ~IMAGE_SELECTED;

  408. 

  409. 	/* Check that this image can be executed */

  410. 	if ( ( rc = image_probe ( image ) ) != 0 )

  411. 		return rc;

  412. 

  413. 	/* Mark image as selected */

  414. 	image->flags |= IMAGE_SELECTED;

  415. 

  416. 	return 0;

  417. }

  418. 

  419. /**

  420.  * Find selected image

  421.  *

  422.  * @ret image		Executable image, or NULL

  423.  */

  424. struct image * image_find_selected ( void ) {

  425. 	struct image *image;

  426. 

  427. 	for_each_image ( image ) {

  428. 		if ( image->flags & IMAGE_SELECTED )

  429. 			return image;

  430. 	}

  431. 	return NULL;

  432. }

  433. 

  434. /**

  435.  * Change image trust requirement

  436.  *

  437.  * @v require_trusted	Require trusted images

  438.  * @v permanent		Make trust requirement permanent

  439.  * @ret rc		Return status code

  440.  */

  441. int image_set_trust ( int require_trusted, int permanent ) {

  442. 

  443. 	/* Update trust requirement, if permitted to do so */

  444. 	if ( ! require_trusted_images_permanent ) {

  445. 		require_trusted_images = require_trusted;

  446. 		require_trusted_images_permanent = permanent;

  447. 	}

  448. 

  449. 	/* Fail if we attempted to change the trust requirement but

  450. 	 * were not permitted to do so.

  451. 	 */

  452. 	if ( require_trusted_images != require_trusted )

  453. 		return -EACCES_PERMANENT;

  454. 

  455. 	return 0;

  456. }