ipxe.git
5 years ago[efi] Provide access to files stored on EFI filesystems
Michael Brown [Mon, 14 Mar 2016 15:23:42 +0000 (15:23 +0000)] 
[efi] Provide access to files stored on EFI filesystems

Provide access to local files via the "file://" URI scheme.  There are
three syntaxes:

  - An opaque URI with a relative path (e.g. "file:script.ipxe").
    This will be interpreted as a path relative to the iPXE binary.

  - A hierarchical URI with a non-network absolute path
    (e.g. "file:/boot/script.ipxe").  This will be interpreted as a
    path relative to the root of the filesystem from which the iPXE
    binary was loaded.

  - A hierarchical URI with a network path in which the authority is a
    volume label (e.g. "file://bootdisk/script.ipxe").  This will be
    interpreted as a path relative to the root of the filesystem with
    the specified volume label.

Note that the potentially desirable shell mappings (e.g. "fs0:" and
"blk0:") are concepts internal to the UEFI shell binary, and do not
seem to be exposed in any way to external executables.  The old
EFI_SHELL_PROTOCOL (which did provide access to these mappings) is no
longer installed by current versions of the UEFI shell.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[uri] Support "file:" URIs describing relative paths
Michael Brown [Mon, 14 Mar 2016 17:39:17 +0000 (17:39 +0000)] 
[uri] Support "file:" URIs describing relative paths

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[uri] Support URIs containing only scheme and path components
Michael Brown [Sun, 13 Mar 2016 14:51:15 +0000 (14:51 +0000)] 
[uri] Support URIs containing only scheme and path components

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[efi] Add processor binding headers for ARM and AArch64
Michael Brown [Sun, 13 Mar 2016 11:54:33 +0000 (11:54 +0000)] 
[efi] Add processor binding headers for ARM and AArch64

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[efi] Update to current EDK2 headers
Michael Brown [Sun, 13 Mar 2016 11:47:30 +0000 (11:47 +0000)] 
[efi] Update to current EDK2 headers

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[build] Accept CROSS= as a synonym for CROSS_COMPILE=
Michael Brown [Sun, 13 Mar 2016 11:32:54 +0000 (11:32 +0000)] 
[build] Accept CROSS= as a synonym for CROSS_COMPILE=

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[build] Allow assembler section type character to vary by architecture
Michael Brown [Sun, 13 Mar 2016 11:09:01 +0000 (11:09 +0000)] 
[build] Allow assembler section type character to vary by architecture

On some architectures (such as ARM) the "@" character is used as a
comment delimiter.  A section type argument such as "@progbits"
therefore becomes "%progbits".

This is further complicated by the fact that the "%" character has
special meaning for inline assembly when input or output operands are
used, in which cases "@progbits" becomes "%%progbits".

Allow the section type character(s) to be defined via Makefile
variables.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[efi] Centralise architecture-independent EFI Makefile and linker script
Michael Brown [Sat, 12 Mar 2016 21:47:13 +0000 (21:47 +0000)] 
[efi] Centralise architecture-independent EFI Makefile and linker script

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[tg3] Remove x86-specific inline assembly
Michael Brown [Sat, 12 Mar 2016 21:15:43 +0000 (21:15 +0000)] 
[tg3] Remove x86-specific inline assembly

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[3c595] Fix compilation when "char" is unsigned by default
Michael Brown [Sat, 12 Mar 2016 18:06:47 +0000 (18:06 +0000)] 
[3c595] Fix compilation when "char" is unsigned by default

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[serial] Add missing #include <string.h>
Michael Brown [Sat, 12 Mar 2016 18:02:20 +0000 (18:02 +0000)] 
[serial] Add missing #include <string.h>

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[test] Add missing #include <string.h>
Michael Brown [Sat, 12 Mar 2016 17:55:38 +0000 (17:55 +0000)] 
[test] Add missing #include <string.h>

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[qib7322] Use standard readq() and writeq() implementations
Michael Brown [Sat, 12 Mar 2016 17:51:59 +0000 (17:51 +0000)] 
[qib7322] Use standard readq() and writeq() implementations

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[linda] Use standard readq() and writeq() implementations
Michael Brown [Sat, 12 Mar 2016 17:42:30 +0000 (17:42 +0000)] 
[linda] Use standard readq() and writeq() implementations

This driver is the original source of the current readq() and writeq()
implementations for 32-bit iPXE.  Switch to using the now-centralised
definitions, to avoid including architecture-specific code in an
otherwise architecture-independent driver.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[librm] Do not unconditionally preserve flags across virt_call()
Michael Brown [Sat, 12 Mar 2016 12:39:17 +0000 (12:39 +0000)] 
[librm] Do not unconditionally preserve flags across virt_call()

Commit 196f0f2 ("[librm] Convert prot_call() to a real-mode near
call") introduced a regression in which any deliberate modification to
the low 16 bits of the CPU flags (in struct i386_all_regs) would be
overwritten with the original flags value at the time of entry to
prot_call().

The regression arose because the alignment requirements of the
protected-mode stack necessitated the insertion of two bytes of
padding immediately below the prot_call() return address.  The
solution chosen was to extend the existing "pushfl / popfl" pair to
"pushfw;pushfl / popfl;popfw".  The extra "pushfw / popfw" appears at
first glance to be a no-op, but fails to take into account the fact
that the flags restored by popfl may have been deliberately modified
by the protected-mode function.

Fix by replacing "pushfw / popfw" with "pushw %ss / popw %ss".  While
%ss does appear within struct i386_all_regs, any modification to the
stored value has always been ignored by prot_call() anyway.

The most visible symptom of this regression was that SAN booting would
fail since every INT 13 call would be chained to the original INT 13
vector.

Reported-by: Vishvananda Ishaya <vishvananda@gmail.com>
Reported-by: Jamie Thompson <forum.ipxe@jamie-thompson.co.uk>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[arp] Validate length of ARP packet
Michael Brown [Sat, 12 Mar 2016 01:21:18 +0000 (01:21 +0000)] 
[arp] Validate length of ARP packet

There is no practical way to generate an underlength ARP packet since
an ARP packet is always padded up to the minimum Ethernet frame length
(or dropped by the receiving Ethernet hardware if incorrectly padded),
but the absence of an explicit check causes warnings from some
analysis tools.

Fix by adding an explicit check on the I/O buffer length.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[pixbuf] Check for unsigned integer overflow on multiplication
Michael Brown [Sat, 12 Mar 2016 00:09:23 +0000 (00:09 +0000)] 
[pixbuf] Check for unsigned integer overflow on multiplication

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[crypto] Allow for zero-length ASN.1 cursors
Michael Brown [Fri, 11 Mar 2016 16:51:13 +0000 (16:51 +0000)] 
[crypto] Allow for zero-length ASN.1 cursors

The assumption in asn1_type() that an ASN.1 cursor will always contain
a type byte is incorrect.  A cursor that has been cleanly invalidated
via asn1_invalidate_cursor() will contain a type byte, but there are
other ways in which to arrive at a zero-length cursor.

Fix by explicitly checking the cursor length in asn1_type().  This
allows asn1_invalidate_cursor() to be reduced to simply zeroing the
length field.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[tls] Avoid potential out-of-bound reads in length fields
Michael Brown [Fri, 11 Mar 2016 16:09:40 +0000 (16:09 +0000)] 
[tls] Avoid potential out-of-bound reads in length fields

Many TLS records contain variable-length fields.  We currently
validate the overall record length, but do so only after reading the
length of the variable-length field.  If the record is too short to
even contain the length field, then we may read uninitialised data
from beyond the end of the record.

This is harmless in practice (since the subsequent overall record
length check would fail regardless of the value read from the
uninitialised length field), but causes warnings from some analysis
tools.

Fix by validating that the overall record length is sufficient to
contain the length field before reading from the length field.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[efi] Work around broken GetFontInfo() implementations
Michael Brown [Thu, 10 Mar 2016 18:06:26 +0000 (18:06 +0000)] 
[efi] Work around broken GetFontInfo() implementations

Several UEFI platforms are known to return EFI_NOT_FOUND when asked to
retrieve the system default font information via GetFontInfo().  Work
around these broken platforms by iterating over the glyphs to find the
maximum height used by a printable character.

Originally-fixed-by: Jonathan Dieter <jdieter@lesbg.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[xsigo] Add support for Xsigo virtual Ethernet (XVE) EoIB devices
Michael Brown [Wed, 9 Mar 2016 00:27:15 +0000 (00:27 +0000)] 
[xsigo] Add support for Xsigo virtual Ethernet (XVE) EoIB devices

Add support for EoIB devices as implemented by Xsigo.  Based on the
public (but out-of-tree) Linux kernel drivers at

  https://oss.oracle.com/git/?p=linux-uek.git;a=log;h=v4.1.12-32.2.1

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[eoib] Support non-FullMember gateway devices
Michael Brown [Wed, 9 Mar 2016 00:51:08 +0000 (00:51 +0000)] 
[eoib] Support non-FullMember gateway devices

Some EoIB implementations utilise an EoIB-to-Ethernet gateway device
that does not perform a FullMember join to the multicast group for the
EoIB broadcast domain.  This has various exciting side-effects, such
as requiring every EoIB node to send every broadcast packet twice.

As an added bonus, the gateway may also break the EoIB MAC address to
GID mapping protocol by sending Ethernet-sourced packets from the
wrong QPN.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[eoib] Allow the multicast group to be forcefully created
Michael Brown [Wed, 9 Mar 2016 00:45:09 +0000 (00:45 +0000)] 
[eoib] Allow the multicast group to be forcefully created

Some EoIB implementations require each individual EoIB node to create
the multicast group for the EoIB broadcast domain.

It is left as an exercise for the interested reader to determine how
such an implementation might ever allow the parameters of such a
multicast group to be changed without requiring a simultaneous upgrade
of every driver on every operating system on every machine currently
attached to the fabric.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[eoib] Silently ignore EoIB heartbeat packets
Michael Brown [Wed, 9 Mar 2016 00:40:38 +0000 (00:40 +0000)] 
[eoib] Silently ignore EoIB heartbeat packets

Some EoIB implementations transmit a vendor-proprietary heartbeat
packet on the same multicast group used to provide the EoIB broadcast
domain.

Silently ignore these heartbeat packets, to avoid cluttering up the
network interface error statistics.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[eoib] Add Ethernet over Infiniband (EoIB) driver
Michael Brown [Wed, 9 Mar 2016 00:26:56 +0000 (00:26 +0000)] 
[eoib] Add Ethernet over Infiniband (EoIB) driver

EoIB is a fairly simple protocol in which raw Ethernet frames
(excluding the CRC) are encapsulated within Infiniband Unreliable
Datagrams, with a four-byte fixed EoIB header (which conveys no actual
information).  The Ethernet broadcast domain is provided by a
multicast group, similar to the IPoIB IPv4 multicast group.

The mapping from Ethernet MAC addresses to Infiniband address vectors
is achieved by snooping incoming traffic and building a peer cache
which can then be used to map a MAC address into a port GID.  The
address vector is completed using a path record lookup, as for IPoIB.
Note that this requires every packet to include a GRH.

Add basic support for EoIB devices.  This driver is substantially
derived from the IPoIB driver.  There is currently no mechanism for
automatically creating EoIB devices.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[infiniband] Make IPoIB support configurable at build time
Michael Brown [Wed, 9 Mar 2016 08:41:53 +0000 (08:41 +0000)] 
[infiniband] Make IPoIB support configurable at build time

Add a build configuration option VNIC_IPOIB to control whether or not
IPoIB support is included for Infiniband devices.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[ifmgmt] Include human-readable error message for configuration failure
Michael Brown [Tue, 8 Mar 2016 14:36:31 +0000 (14:36 +0000)] 
[ifmgmt] Include human-readable error message for configuration failure

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[ipoib] Increase number of transmit work queue entries
Michael Brown [Tue, 8 Mar 2016 17:24:17 +0000 (17:24 +0000)] 
[ipoib] Increase number of transmit work queue entries

Avoid running out of transmit work queue entries under heavy load.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[ipoib] Resimplify test for received broadcast packets
Michael Brown [Tue, 8 Mar 2016 17:02:24 +0000 (17:02 +0000)] 
[ipoib] Resimplify test for received broadcast packets

Commit e62e52b ("[ipoib] Simplify test for received broadcast
packets") relies upon the multicast LID being present in the
destination address vector as passed to ipoib_complete_recv().
Unfortunately, this information is not present in many Infiniband
devices' completion queue entries.

Fix by testing instead for the presence of a multicast GID.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[infiniband] Retrieve GID flag from cached path entries
Michael Brown [Tue, 8 Mar 2016 17:20:28 +0000 (17:20 +0000)] 
[infiniband] Retrieve GID flag from cached path entries

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[infiniband] Add "ibstat" command
Michael Brown [Tue, 8 Mar 2016 15:49:52 +0000 (15:49 +0000)] 
[infiniband] Add "ibstat" command

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[infiniband] Assign names to queue pairs
Michael Brown [Tue, 8 Mar 2016 15:48:53 +0000 (15:48 +0000)] 
[infiniband] Assign names to queue pairs

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[infiniband] Assign names to CMRC connections
Michael Brown [Tue, 8 Mar 2016 15:34:25 +0000 (15:34 +0000)] 
[infiniband] Assign names to CMRC connections

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[pcbios] Restrict external memory allocations to the low 4GB
Michael Brown [Tue, 8 Mar 2016 13:06:06 +0000 (13:06 +0000)] 
[pcbios] Restrict external memory allocations to the low 4GB

When running the 64-bit BIOS version of iPXE, restrict external memory
allocations to the low 4GB to ensure that allocations (such as for
initrds) fall within our identity-mapped memory region, and will be
accessible to the potentially 32-bit operating system.

Move largest_memblock() back to memtop_umalloc.c, since this change
imposes a restriction that applies only to BIOS builds.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[infiniband] Allow for the creation of multicast groups
Michael Brown [Tue, 8 Mar 2016 10:34:27 +0000 (10:34 +0000)] 
[infiniband] Allow for the creation of multicast groups

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[ipoib] Simplify test for received broadcast packets
Michael Brown [Tue, 8 Mar 2016 10:11:19 +0000 (10:11 +0000)] 
[ipoib] Simplify test for received broadcast packets

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[ipoib] Avoid unnecessary path record lookup for broadcast address
Michael Brown [Tue, 8 Mar 2016 10:06:24 +0000 (10:06 +0000)] 
[ipoib] Avoid unnecessary path record lookup for broadcast address

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[infiniband] Parse MLID, rate, and SL from multicast membership record
Michael Brown [Tue, 8 Mar 2016 09:54:42 +0000 (09:54 +0000)] 
[infiniband] Parse MLID, rate, and SL from multicast membership record

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[infiniband] Record multicast GID attachment as part of group membership
Michael Brown [Sat, 5 Mar 2016 15:33:28 +0000 (15:33 +0000)] 
[infiniband] Record multicast GID attachment as part of group membership

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[infiniband] Do not use GRH for local paths
Michael Brown [Fri, 4 Mar 2016 13:55:50 +0000 (13:55 +0000)] 
[infiniband] Do not use GRH for local paths

Avoid including an unnecessary GRH in packets sent to unicast
destinations within the local subnet.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[infiniband] Use correct transaction identifier in CM responses
Michael Brown [Fri, 4 Mar 2016 12:24:22 +0000 (12:24 +0000)] 
[infiniband] Use correct transaction identifier in CM responses

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[infiniband] Use connection's local ID as debug message identifier
Michael Brown [Thu, 3 Mar 2016 18:09:03 +0000 (18:09 +0000)] 
[infiniband] Use connection's local ID as debug message identifier

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[infiniband] Use "%d" as format specifier for LIDs
Michael Brown [Tue, 8 Mar 2016 09:11:15 +0000 (09:11 +0000)] 
[infiniband] Use "%d" as format specifier for LIDs

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[infiniband] Use "%#lx" as format specifier for queue pair numbers
Michael Brown [Tue, 8 Mar 2016 09:06:37 +0000 (09:06 +0000)] 
[infiniband] Use "%#lx" as format specifier for queue pair numbers

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[infiniband] Assign names to Infiniband devices for debug messages
Michael Brown [Fri, 4 Mar 2016 09:17:08 +0000 (09:17 +0000)] 
[infiniband] Assign names to Infiniband devices for debug messages

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[infiniband] Add support for performing service record lookups
Michael Brown [Tue, 1 Mar 2016 09:41:11 +0000 (09:41 +0000)] 
[infiniband] Add support for performing service record lookups

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[infiniband] Avoid multiple calls to ib_cmrc_shutdown()
Michael Brown [Wed, 2 Mar 2016 09:29:33 +0000 (09:29 +0000)] 
[infiniband] Avoid multiple calls to ib_cmrc_shutdown()

When a CMRC connection is closed, the deferred shutdown process calls
ib_destroy_qp().  This will cause the receive work queue entries to
complete in error (since they are being cancelled), which will in turn
reschedule the deferred shutdown process.  This eventually leads to
ib_destroy_conn() being called on a connection that has already been
freed.

Fix by explicitly cancelling any pending shutdown process after the
shutdown process has completed.

Ironically, this almost exactly reverts commit 019d4c1 ("[infiniband]
Use a one-shot process for CMRC shutdown"); prior to the introduction
of one-shot processes the only way to achieve a one-shot process was
for the process to cancel itself.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[infiniband] Remove concept of whole-device owner data
Michael Brown [Tue, 1 Mar 2016 15:26:32 +0000 (15:26 +0000)] 
[infiniband] Remove concept of whole-device owner data

Remove the implicit assumption that the IPoIB protocol owns the whole
Infiniband device.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[netdevice] Refuse to create duplicate network device names
Michael Brown [Mon, 7 Mar 2016 21:03:25 +0000 (21:03 +0000)] 
[netdevice] Refuse to create duplicate network device names

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[librm] Support ioremap() for addresses above 4GB in a 64-bit build
Michael Brown [Fri, 26 Feb 2016 15:34:28 +0000 (15:34 +0000)] 
[librm] Support ioremap() for addresses above 4GB in a 64-bit build

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[ioapi] Split ioremap() out to a separate IOMAP API
Michael Brown [Fri, 26 Feb 2016 15:33:40 +0000 (15:33 +0000)] 
[ioapi] Split ioremap() out to a separate IOMAP API

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[librm] Add support for running in 64-bit long mode
Michael Brown [Thu, 18 Feb 2016 02:44:19 +0000 (02:44 +0000)] 
[librm] Add support for running in 64-bit long mode

Add support for running the BIOS version of iPXE in 64-bit long mode.
A 64-bit BIOS version of iPXE can be built using e.g.

  make bin-x86_64-pcbios/ipxe.usb
  make bin-x86_64-pcbios/8086100e.mrom

The 64-bit BIOS version should appear to function identically to the
normal 32-bit BIOS version.  The physical memory layout is unaltered:
iPXE is still relocated to the top of the available 32-bit address
space.  The code is linked to a virtual address of 0xffffffffeb000000
(in the negative 2GB as required by -mcmodel=kernel), with 4kB pages
created to cover the whole of .textdata.  2MB pages are created to
cover the whole of the 32-bit address space.

The 32-bit portions of the code run with VIRTUAL_CS and VIRTUAL_DS
configured such that truncating a 64-bit virtual address gives a
32-bit virtual address pointing to the same physical location.

The stack pointer remains as a physical address when running in long
mode (although the .stack section is accessible via the negative 2GB
virtual address); this is done in order to simplify the handling of
interrupts occurring while executing a portion of 32-bit code with
flat physical addressing via PHYS_CODE().

Interrupts may be enabled in either 64-bit long mode, 32-bit protected
mode with virtual addresses, 32-bit protected mode with physical
addresses, or 16-bit real mode.  Interrupts occurring in any mode
other than real mode will be reflected down to real mode and handled
by whichever ISR is hooked into the BIOS interrupt vector table.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[librm] Rename prot_call() to virt_call()
Michael Brown [Mon, 22 Feb 2016 00:49:08 +0000 (00:49 +0000)] 
[librm] Rename prot_call() to virt_call()

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[librm] Support userptr_t in 64-bit builds
Michael Brown [Sun, 21 Feb 2016 11:37:37 +0000 (11:37 +0000)] 
[librm] Support userptr_t in 64-bit builds

In a 64-bit build, the entirety of the 32-bit address space is
identity-mapped and so any valid physical address may immediately be
used as a virtual address.  Conversely, a virtual address that is
already within the 32-bit address space may immediately be used as a
physical address.

A valid virtual address that lies outside the 32-bit address space
must be an address within .textdata, and so can be converted to a
physical address by adding virt_offset.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[librm] Mark virt_offset, text16, data16, rm_cs, and rm_ds as constant
Michael Brown [Sun, 21 Feb 2016 11:13:04 +0000 (11:13 +0000)] 
[librm] Mark virt_offset, text16, data16, rm_cs, and rm_ds as constant

The physical locations of .textdata, .text16 and .data16 are constant
from the point of view of C code.  Mark the relevant variables as
constant to allow gcc to optimise out redundant reads.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[librm] Do not preserve flags unnecessarily
Michael Brown [Sun, 21 Feb 2016 01:01:28 +0000 (01:01 +0000)] 
[librm] Do not preserve flags unnecessarily

No callers of prot_to_phys, phys_to_prot, or intr_to_prot require the
flags to be preserved.  Remove the unnecessary pushfl/popfl pairs.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[librm] Add phys_call() wrapper for calling code with physical addressing
Michael Brown [Fri, 19 Feb 2016 19:43:04 +0000 (19:43 +0000)] 
[librm] Add phys_call() wrapper for calling code with physical addressing

Add a phys_call() wrapper function (analogous to the existing
real_call() wrapper function) for calling code with flat physical
addressing, and use this wrapper within the PHYS_CODE() macro.

Move the relevant functionality inside librm.S, where it more
naturally belongs.

The COMBOOT code currently uses explicit calls to _virt_to_phys and
_phys_to_virt.  These will need to be rewritten if our COMBOOT support
is ever generalised to be able to run in a 64-bit build.
Specifically:

  - com32_exec_loop() should be restructured to use PHYS_CODE()

  - com32_wrapper.S should be restructured to use an equivalent of
    prot_call(), passing parameters via a struct i386_all_regs

  - there appears to be no need for com32_wrapper.S to switch between
    external and internal stacks; this could be omitted to simplify
    the design.

For now, librm.S continues to expose _virt_to_phys and _phys_to_virt
for use by com32.c and com32_wrapper.S.  Similarly, librm.S continues
to expose _intr_to_virt for use by gdbidt.S.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[build] Fix building on older versions of binutils
Michael Brown [Fri, 19 Feb 2016 19:45:23 +0000 (19:45 +0000)] 
[build] Fix building on older versions of binutils

Some older versions of binutils have issues with both the use of
PROVIDE() and the interpretation of numeric literals within a section
description.

Work around these older versions by defining the required numeric
literals outside of any section description, and by automatically
determining whether or not to generate extra space for page tables
rather than relying on LDFLAGS.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[librm] Generate page tables for 64-bit builds
Michael Brown [Fri, 19 Feb 2016 03:18:11 +0000 (03:18 +0000)] 
[librm] Generate page tables for 64-bit builds

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[librm] Prepare for long-mode memory map
Michael Brown [Fri, 19 Feb 2016 01:50:13 +0000 (01:50 +0000)] 
[librm] Prepare for long-mode memory map

The bulk of the iPXE binary (the .textdata section) is physically
relocated at runtime to the top of the 32-bit address space in order
to allow space for an OS to be loaded.  The relocation is achieved
with the assistance of segmentation: we adjust the code and data
segment bases so that the link-time addresses remain valid.

Segmentation is not available (for normal code and data segments) in
long mode.  We choose to compile the C code with -mcmodel=kernel and
use a link-time address of 0xffffffffeb000000.  This choice allows us
to identity-map the entirety of the 32-bit address space, and to alias
our chosen link-time address to the physical location of our .textdata
section.  (This requires the .textdata section to always be aligned to
a page boundary.)

We simultaneously choose to set the 32-bit virtual address segment
bases such that the link-time addresses may simply be truncated to 32
bits in order to generate a valid 32-bit virtual address.  This allows
symbols in .textdata to be trivially accessed by both 32-bit and
64-bit code.

There is no (sensible) way in 32-bit assembly code to generate the
required R_X86_64_32S relocation records for these truncated symbols.
However, subtracting the fixed constant 0xffffffff00000000 has the
same effect as truncation, and can be represented in a standard
R_X86_64_32 relocation record.  We define the VIRTUAL() macro to
abstract away this truncation operation, and apply it to all
references by 32-bit (or 16-bit) assembly code to any symbols within
the .textdata section.

We define "virt_offset" for a 64-bit build as "the value to be added
to an address within .textdata in order to obtain its physical
address".  With this definition, the low 32 bits of "virt_offset" can
be treated by 32-bit code as functionally equivalent to "virt_offset"
in a 32-bit build.

We define "text16" and "data16" for a 64-bit build as the physical
addresses of the .text16 and .data16 sections.  Since a physical
address within the 32-bit address space may be used directly as a
64-bit virtual address (thanks to the identity map), this definition
provides the most natural access to variables in .text16 and .data16.
Note that this requires a minor adjustment in prot_to_real(), which
accesses .text16 using 32-bit virtual addresses.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[relocate] Preserve page alignment during relocation
Michael Brown [Fri, 19 Feb 2016 02:38:48 +0000 (02:38 +0000)] 
[relocate] Preserve page alignment during relocation

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[librm] Transition to protected mode within init_librm()
Michael Brown [Fri, 19 Feb 2016 00:56:20 +0000 (00:56 +0000)] 
[librm] Transition to protected mode within init_librm()

Long-mode operation will require page tables, which are too large to
sensibly fit in our .data16 segment in base memory.

Add a portion of init_librm() running in 32-bit protected mode to
provide access to high memory.  Use this portion of init_librm() to
initialise the .textdata variables "virt_offset", "text16", and
"data16", eliminating the redundant (re)initialisation currently
performed on every mode transition as part of real_to_prot().

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[librm] Provide an abstraction wrapper for prot_call
Michael Brown [Thu, 18 Feb 2016 23:23:38 +0000 (23:23 +0000)] 
[librm] Provide an abstraction wrapper for prot_call

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[librm] Convert prot_call() to a real-mode near call
Michael Brown [Thu, 18 Feb 2016 16:36:04 +0000 (16:36 +0000)] 
[librm] Convert prot_call() to a real-mode near call

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[prefix] Standardise calls to prot_call()
Michael Brown [Thu, 18 Feb 2016 16:32:37 +0000 (16:32 +0000)] 
[prefix] Standardise calls to prot_call()

Use the standard "pushl $function ; pushw %cs ; call prot_call"
sequence everywhere that prot_call() is used.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[librm] Simplify definitions for prot_call() and real_call() stack frames
Michael Brown [Thu, 18 Feb 2016 16:41:48 +0000 (16:41 +0000)] 
[librm] Simplify definitions for prot_call() and real_call() stack frames

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[prefix] Use garbage-collectable section names
Michael Brown [Thu, 18 Feb 2016 16:02:55 +0000 (16:02 +0000)] 
[prefix] Use garbage-collectable section names

Allow unused sections of libprefix.o to be removed via --gc-sections.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[bios] Use an 8kB stack for x86_64
Michael Brown [Thu, 18 Feb 2016 15:56:41 +0000 (15:56 +0000)] 
[bios] Use an 8kB stack for x86_64

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[librm] Use garbage-collectable section names
Michael Brown [Thu, 18 Feb 2016 15:40:33 +0000 (15:40 +0000)] 
[librm] Use garbage-collectable section names

Allow unused sections of librm.o to be removed via --gc-sections.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[bios] Make uses of REAL_CODE() and PHYS_CODE() 64-bit clean
Michael Brown [Thu, 18 Feb 2016 14:38:41 +0000 (14:38 +0000)] 
[bios] Make uses of REAL_CODE() and PHYS_CODE() 64-bit clean

On a 64-bit CPU, any modification of a register by 32-bit or 16-bit
code will destroy the invisible upper 32 bits of the corresponding
64-bit register.  For example: a 32-bit "pushl %eax" followed by a
"popl %eax" will zero the upper half of %rax.  This differs from the
treatment of upper halves of 32-bit registers by 16-bit code: a
"pushw %ax" followed by a "popw %ax" will leave the upper 16 bits of
%eax unmodified.

Inline assembly generated using REAL_CODE() or PHYS_CODE() will
therefore have to preserve the upper halves of all registers, to avoid
clobbering registers that gcc expects to be preserved.

Output operands from REAL_CODE() and PHYS_CODE() assembly may
therefore contain undefined values in the upper 32 bits.

Fix by using explicit variable widths (e.g. uint32_t) for
non-discarded output operands, to ensure that undefined values in the
upper 32 bits of 64-bit registers are ignored.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[romprefix] Align PMM temporary decompression area to a page boundary
Michael Brown [Thu, 18 Feb 2016 02:58:03 +0000 (02:58 +0000)] 
[romprefix] Align PMM temporary decompression area to a page boundary

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[prefix] Align INT 15,88 temporary decompression area to a page boundary
Michael Brown [Wed, 17 Feb 2016 15:26:31 +0000 (15:26 +0000)] 
[prefix] Align INT 15,88 temporary decompression area to a page boundary

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[librm] Discard argument as part of return from real_call()
Michael Brown [Tue, 16 Feb 2016 23:37:46 +0000 (23:37 +0000)] 
[librm] Discard argument as part of return from real_call()

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[librm] Discard argument as part of return from prot_call()
Michael Brown [Tue, 16 Feb 2016 23:16:49 +0000 (23:16 +0000)] 
[librm] Discard argument as part of return from prot_call()

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[bios] Add bin-x86_64-pcbios build platform
Michael Brown [Tue, 16 Feb 2016 15:19:01 +0000 (15:19 +0000)] 
[bios] Add bin-x86_64-pcbios build platform

Move most arch/i386 files to arch/x86, and adjust the contents of the
Makefiles and the include/bits/*.h headers to reflect the new
locations.

This patch makes no substantive code changes, as can be seen using a
rename-aware diff (e.g. "git show -M5").

This patch does not make the pcbios platform functional for x86_64; it
merely allows it to compile without errors.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[bios] Move isolinux definitions to Makefile.pcbios
Michael Brown [Tue, 16 Feb 2016 17:42:36 +0000 (17:42 +0000)] 
[bios] Move isolinux definitions to Makefile.pcbios

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[bios] Allow librm to be compiled for x86_64
Michael Brown [Tue, 16 Feb 2016 16:45:12 +0000 (16:45 +0000)] 
[bios] Allow librm to be compiled for x86_64

This commit does not make librm functional for x86_64; it merely
allows it to compile without errors.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[bios] Allow memmap.c to be compiled for x86_64
Michael Brown [Tue, 16 Feb 2016 18:49:38 +0000 (18:49 +0000)] 
[bios] Allow memmap.c to be compiled for x86_64

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[bios] Allow bios_console.c to be compiled for x86_64
Michael Brown [Tue, 16 Feb 2016 18:48:37 +0000 (18:48 +0000)] 
[bios] Allow bios_console.c to be compiled for x86_64

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[bios] Allow bzimage.c to be compiled for x86_64
Michael Brown [Tue, 16 Feb 2016 18:41:58 +0000 (18:41 +0000)] 
[bios] Allow bzimage.c to be compiled for x86_64

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[bios] Allow rtc_entropy.c to be compiled for x86_64
Michael Brown [Tue, 16 Feb 2016 16:57:46 +0000 (16:57 +0000)] 
[bios] Allow rtc_entropy.c to be compiled for x86_64

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[bios] Allow relocate.c to be compiled for x86_64
Michael Brown [Tue, 16 Feb 2016 16:13:30 +0000 (16:13 +0000)] 
[bios] Allow relocate.c to be compiled for x86_64

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[bios] Use size_t when casting _text16_memsz and _data16_memsz
Michael Brown [Tue, 16 Feb 2016 16:28:12 +0000 (16:28 +0000)] 
[bios] Use size_t when casting _text16_memsz and _data16_memsz

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[bios] Use intptr_t when casting .text16 function pointers
Michael Brown [Tue, 16 Feb 2016 16:24:30 +0000 (16:24 +0000)] 
[bios] Use intptr_t when casting .text16 function pointers

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[libc] Split rmsetjmp() and rmlongjmp() into a separate rmsetjmp.h
Michael Brown [Tue, 16 Feb 2016 15:48:03 +0000 (15:48 +0000)] 
[libc] Split rmsetjmp() and rmlongjmp() into a separate rmsetjmp.h

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[prefix] Pad .text16 and .data16 segment sizes at build time
Michael Brown [Fri, 12 Feb 2016 13:59:06 +0000 (13:59 +0000)] 
[prefix] Pad .text16 and .data16 segment sizes at build time

Commit c64747d ("[librm] Speed up real-to-protected mode transition
under KVM") rounded down the .text16 segment address calculated in
alloc_basemem() to a multiple of 64 bytes in order to speed up mode
transitions under KVM.

This creates a potential discrepancy between alloc_basemem() and
free_basemem(), meaning that free_basemem() may free less memory than
was allocated by alloc_basemem().

Fix by padding the calculated sizes of both .text16 and .data16 to a
multiple of 64 bytes at build time.

Debugged-by: Yossef Efraim <yossefe@mellanox.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[intel] Add INTEL_NO_PHY_RST for another I218-LM variant
Mika Tiainen [Tue, 9 Feb 2016 20:38:29 +0000 (22:38 +0200)] 
[intel] Add INTEL_NO_PHY_RST for another I218-LM variant

Fixed booting on HP EliteBook 820 G2 laptop.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[efi] Add missing definitions for function key scancodes
Michael Brown [Fri, 12 Feb 2016 13:08:52 +0000 (13:08 +0000)] 
[efi] Add missing definitions for function key scancodes

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[pxe] Clarify comments regarding shrinking of cached DHCP packet
Michael Brown [Thu, 11 Feb 2016 19:14:00 +0000 (19:14 +0000)] 
[pxe] Clarify comments regarding shrinking of cached DHCP packet

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[iobuf] Improve robustness of I/O buffer allocation
Michael Brown [Thu, 11 Feb 2016 18:44:24 +0000 (18:44 +0000)] 
[iobuf] Improve robustness of I/O buffer allocation

Guard against various corner cases (such as zero-length buffers, zero
alignments, and integer overflow when rounding up allocation lengths
and alignments) and ensure that the struct io_buffer is correctly
aligned even when the caller requests a non-zero alignment for the I/O
buffer itself.

Add self-tests to verify that the resulting alignments and lengths are
correct for a range of allocations.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[malloc] Guard against unsigned integer overflow
Michael Brown [Sat, 6 Feb 2016 10:20:57 +0000 (10:20 +0000)] 
[malloc] Guard against unsigned integer overflow

Commit f3fbb5f ("[malloc] Avoid integer overflow for excessively large
memory allocations") fixed signed integer overflow issues caused by
the use of ssize_t, but did not guard against unsigned integer
overflow.

Add explicit checks for unsigned integer overflow where needed.  As a
side bonus, erroneous calls to malloc_dma() with an (illegal) size of
zero will now fail cleanly.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[ehci] Add extra debugging information
Michael Brown [Fri, 5 Feb 2016 21:03:17 +0000 (21:03 +0000)] 
[ehci] Add extra debugging information

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[ath9k] Remove broken ath_rxbuf_alloc()
Michael Brown [Thu, 28 Jan 2016 14:15:36 +0000 (14:15 +0000)] 
[ath9k] Remove broken ath_rxbuf_alloc()

ath_rx_init() demonstrates some serious confusion over how to use
pointers, resulting in (uint32_t*)NULL being used as a temporary
variable.  This does not end well.

The broken code in question is performing manual alignment of I/O
buffers, which can now be achieved more simply using alloc_iob_raw().
Fix by removing ath_rxbuf_alloc() entirely.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[slam] Avoid potential division by zero
Michael Brown [Wed, 27 Jan 2016 23:27:47 +0000 (23:27 +0000)] 
[slam] Avoid potential division by zero

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[tcp] Guard against malformed TCP options
Michael Brown [Wed, 27 Jan 2016 23:06:50 +0000 (23:06 +0000)] 
[tcp] Guard against malformed TCP options

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[intel] Add INTEL_NO_PHY_RST for I218-LM
Hummel Frank [Wed, 27 Jan 2016 13:07:42 +0000 (13:07 +0000)] 
[intel] Add INTEL_NO_PHY_RST for I218-LM

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[uri] Apply URI decoding for all parsed URIs
Michael Brown [Tue, 26 Jan 2016 16:16:13 +0000 (16:16 +0000)] 
[uri] Apply URI decoding for all parsed URIs

The various early-exit paths in parse_uri() accidentally bypass the
URI field decoding.  The result is that opaque or relative URIs do not
undergo URI field decoding, resulting in double-encoding when the URIs
are subsequently used.  For example:

  #!ipxe
  set mac ${macstring}
  imgfetch /boot/by-mac/${mac:uristring}

would result in an HTTP GET such as

  GET /boot/by-mac/00%253A0c%253A29%253Ac5%253A39%253Aa1 HTTP/1.1

rather than the expected

  GET /boot/by-mac/00%3A0c%3A29%3Ac5%3A39%3Aa1 HTTP/1.1

Fix by ensuring that URI decoding is always applied regardless of the
URI format.

Reported-by: Andrew Widdersheim <awiddersheim@inetu.net>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[tftp] Mangle initial slash on TFTP URIs
Michael Brown [Thu, 21 Jan 2016 16:24:16 +0000 (16:24 +0000)] 
[tftp] Mangle initial slash on TFTP URIs

TFTP URIs are intrinsically problematic, since:

- TFTP servers may use either normal slashes or backslashes as a
  directory separator,

- TFTP servers allow filenames to be specified using relative paths
  (with no initial directory separator),

- TFTP filenames present in a DHCP filename field may use special
  characters such as "?" or "#" that prevent parsing as a generic URI.

As of commit 7667536 ("[uri] Refactor URI parsing and formatting"), we
have directly constructed TFTP URIs from DHCP next-server and filename
pairs, avoiding the generic URI parser.  This eliminated the problems
related to special characters, but indirectly made it impossible to
parse a "tftp://..." URI string into a TFTP URI with a non-absolute
path.

Re-introduce the convention of requiring an extra slash in a
"tftp://..." URI string in order to specify a TFTP URI with an initial
slash in the filename.  For example:

  tftp://192.168.0.1/boot/pxelinux.0  => RRQ "boot/pxelinux.0"
  tftp://192.168.0.1//boot/pxelinux.0 => RRQ "/boot/pxelinux.0"

This is ugly, but there seems to be no other sensible way to provide
the ability to specify all possible TFTP filenames.

A side-effect of this change is that format_uri() will no longer add a
spurious initial "/" when formatting a relative URI string.  This
improves the console output when fetching an image specified via a
relative URI.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[ocsp] Avoid including a double path separator in request URI
Michael Brown [Thu, 21 Jan 2016 17:50:34 +0000 (17:50 +0000)] 
[ocsp] Avoid including a double path separator in request URI

The OCSP responder URI included within an X.509 certificate may or may
not include a trailing slash.  We currently rely on the fact that
format_uri() incorrectly inserts an initial slash, which we include
unconditionally within the OCSP request URI.

Switch to using uri_encode() directly, and insert a slash only if the
X.509 certificate's OCSP responder URI does not already include a
trailing slash.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 years ago[uri] Avoid potentially large stack allocation
Michael Brown [Thu, 21 Jan 2016 15:53:44 +0000 (15:53 +0000)] 
[uri] Avoid potentially large stack allocation

Avoid potentially large stack allocation in resolve_path().

Signed-off-by: Michael Brown <mcb30@ipxe.org>