ipxe.git
2 years ago[build] Disable TIVOLI_VMM_WORKAROUND in the qemu configuration ipxe-qemu-release-v2.8.0 ipxe-qemu-release-v2.9.0
Laszlo Ersek [Wed, 26 Oct 2016 22:13:51 +0000 (00:13 +0200)] 
[build] Disable TIVOLI_VMM_WORKAROUND in the qemu configuration

This prevents KVM guests from crashing that run iPXE on host CPUs
without "unrestricted_guest" support.

Once KVM gets the FXSAVE / FXRSTOR emulation feature (*), and the
feature becomes widely available to users, we can back out this change
from iPXE.

(*) Already in progress by Radim:

    [PATCH 0/2] KVM: x86: emulate fxsave and fxrstor

    https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1258895.html
    https://www.spinics.net/lists/kernel/msg2370327.html

Cc: Bandan Das <bsd@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Greg <rollenwiese@yahoo.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Michael Prokop <launchpad@michael-prokop.at>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Peter Pickford <arch@netremedies.ca>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Ref: https://bugs.archlinux.org/task/50778
Ref: https://bugs.launchpad.net/qemu/+bug/1623276
Ref: https://bugzilla.proxmox.com/show_bug.cgi?id=1182
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1356762
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[librm] Conditionalize the workaround for the Tivoli VMM's SSE garbling
Laszlo Ersek [Wed, 26 Oct 2016 22:13:50 +0000 (00:13 +0200)] 
[librm] Conditionalize the workaround for the Tivoli VMM's SSE garbling

Commit 71560d1 ("[librm] Preserve FPU, MMX and SSE state across calls
to virt_call()") added FXSAVE and FXRSTOR instructions to iPXE.  In
KVM virtual machines, these instructions execute fine as long as the
host CPU supports the "unrestricted_guest" feature (that is, it can
virtualize big real mode natively).  On older host CPUs however, KVM
has to emulate big real mode, and it currently doesn't implement
FXSAVE emulation.

Upstream QEMU rebuilt iPXE at commit 0418631 ("[thunderx] Fix
compilation with older versions of gcc") which is a descendant of
commit 71560d1 (see above).

This was done in QEMU commit ffdc5a2 ("ipxe: update submodule from
4e03af8ec to 041863191").  The resultant binaries were bundled with
the QEMU v2.7.0 release; see QEMU commit c52125a ("ipxe: update
prebuilt binaries").

This distributed the iPXE workaround for the Tivoli VMM bug to a
number of KVM users with old host CPUs, causing KVM emulation failures
(guest crashes) for them while netbooting.

Make the FXSAVE and FXRSTOR instructions conditional on a new feature
test macro called TIVOLI_VMM_WORKAROUND.  Define the macro by default.

There is prior art for an assembly file including config/general.h:
see arch/x86/prefix/romprefix.S.  Also, TIVOLI_VMM_WORKAROUND seems to
be a good fit for the "Obscure configuration options" section in
config/general.h.

Cc: Bandan Das <bsd@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Greg <rollenwiese@yahoo.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Michael Prokop <launchpad@michael-prokop.at>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Peter Pickford <arch@netremedies.ca>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Ref: https://bugs.archlinux.org/task/50778
Ref: https://bugs.launchpad.net/qemu/+bug/1623276
Ref: https://bugzilla.proxmox.com/show_bug.cgi?id=1182
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1356762
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[bzimage] Fix page alignment of initrd images
Michael Brown [Fri, 28 Oct 2016 23:08:48 +0000 (00:08 +0100)] 
[bzimage] Fix page alignment of initrd images

The initrd_addr_max field represents the highest byte address that may
be used to hold initrd images, and is therefore almost certainly not
aligned to a page boundary: a typical value might be 0x7fffffff.

Fix the address calculations to ensure that the initrd images are
always aligned to a page boundary.

Reported-by: Sitsofe Wheeler <sitsofe@gmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[efi] Add EFI_BLOCK_IO2_PROTOCOL header and GUID definition
Michael Brown [Sun, 16 Oct 2016 22:27:50 +0000 (23:27 +0100)] 
[efi] Add EFI_BLOCK_IO2_PROTOCOL header and GUID definition

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[efi] Update to current EDK2 headers
Michael Brown [Sun, 16 Oct 2016 15:32:49 +0000 (16:32 +0100)] 
[efi] Update to current EDK2 headers

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[efi] Mark AppleNetBoot.h as a native iPXE header
Michael Brown [Sun, 16 Oct 2016 16:04:30 +0000 (17:04 +0100)] 
[efi] Mark AppleNetBoot.h as a native iPXE header

AppleNetBoot.h is not taken from the EDK2 codebase and so cannot be
imported using include/ipxe/efi/import.pl.  Mark as a native iPXE
header (by changing the include guard) to avoid breaking the import
process.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Mark permanent certificates as permanent
Michael Brown [Wed, 31 Aug 2016 16:23:42 +0000 (17:23 +0100)] 
[crypto] Mark permanent certificates as permanent

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[cmdline] Add certificate management commands
Michael Brown [Thu, 25 Aug 2016 14:40:27 +0000 (15:40 +0100)] 
[cmdline] Add certificate management commands

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Add certstat() to display basic certificate information
Michael Brown [Thu, 25 Aug 2016 14:39:43 +0000 (15:39 +0100)] 
[crypto] Add certstat() to display basic certificate information

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Allow certificates to be marked as having been added explicitly
Michael Brown [Thu, 25 Aug 2016 14:38:58 +0000 (15:38 +0100)] 
[crypto] Allow certificates to be marked as having been added explicitly

Allow certificates to be marked as having been added explicitly at run
time.  Such certificates will not be discarded via the certificate
store cache discarder.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Expose certstore_del() to explicitly remove stored certificates
Michael Brown [Wed, 31 Aug 2016 14:16:43 +0000 (15:16 +0100)] 
[crypto] Expose certstore_del() to explicitly remove stored certificates

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[list] Add list_next_entry() and list_prev_entry()
Michael Brown [Wed, 31 Aug 2016 14:05:22 +0000 (15:05 +0100)] 
[list] Add list_next_entry() and list_prev_entry()

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Generalise X.509 "valid" field to a "flags" field
Michael Brown [Thu, 25 Aug 2016 14:41:57 +0000 (15:41 +0100)] 
[crypto] Generalise X.509 "valid" field to a "flags" field

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Add image_x509() to extract X.509 certificates from image
Michael Brown [Thu, 25 Aug 2016 14:35:44 +0000 (15:35 +0100)] 
[crypto] Add image_x509() to extract X.509 certificates from image

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[pixbuf] Enable PNG format by default
Michael Brown [Fri, 29 Jul 2016 14:58:59 +0000 (15:58 +0100)] 
[pixbuf] Enable PNG format by default

Enable IMAGE_PNG (but not IMAGE_PNM) by default, and drag in the
relevant objects only when image_pixbuf() is present in the binary.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[build] Remove more obsolete explicit object requirements
Michael Brown [Fri, 29 Jul 2016 14:56:10 +0000 (15:56 +0100)] 
[build] Remove more obsolete explicit object requirements

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Enable both DER and PEM formats by default
Michael Brown [Fri, 29 Jul 2016 14:40:39 +0000 (15:40 +0100)] 
[crypto] Enable both DER and PEM formats by default

Enable both IMAGE_DER and IMAGE_PEM by default, and drag in the
relevant objects only when image_asn1() is present in the binary.

This allows "imgverify" to transparently use either DER or PEM
signature files.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[build] Remove obsolete explicit object requirements
Michael Brown [Fri, 29 Jul 2016 14:18:35 +0000 (15:18 +0100)] 
[build] Remove obsolete explicit object requirements

As of commit b1caa48 ("[crypto] Support SHA-{224,384,512} in X.509
certificates"), the list of supported cryptographic algorithms is
controlled by config/crypto.h.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[image] Use image_asn1() to extract data from CMS signature images
Michael Brown [Thu, 28 Jul 2016 15:22:08 +0000 (16:22 +0100)] 
[image] Use image_asn1() to extract data from CMS signature images

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Add PEM image format
Michael Brown [Thu, 28 Jul 2016 21:51:50 +0000 (22:51 +0100)] 
[crypto] Add PEM image format

Add PEM-encoded ASN.1 as an image format.  We accept as PEM any image
containing a line starting with a "-----BEGIN" boundary marker.

We allow for PEM files containing multiple ASN.1 objects, such as a
certificate chain produced by concatenating individual certificate
files.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Add DER image format
Michael Brown [Thu, 28 Jul 2016 15:18:23 +0000 (16:18 +0100)] 
[crypto] Add DER image format

Add DER-encoded ASN.1 as an image format.  There is no fixed signature
for DER files.  We treat an image as DER if it comprises a single
valid SEQUENCE object covering the entire length of the image.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[image] Add image_asn1() to extract ASN.1 objects from image
Michael Brown [Thu, 28 Jul 2016 15:16:55 +0000 (16:16 +0100)] 
[image] Add image_asn1() to extract ASN.1 objects from image

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Allow for parsing of partial ASN.1 cursors
Michael Brown [Thu, 28 Jul 2016 14:02:15 +0000 (15:02 +0100)] 
[crypto] Allow for parsing of partial ASN.1 cursors

Allow code to create a partial ASN.1 cursor containing only the type
and length bytes, so that asn1_start() may be used to determine the
length of a large ASN.1 blob without first allocating memory to hold
the entire blob.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Remove obsolete extern declaration for asn1_invalidate_cursor()
Michael Brown [Thu, 28 Jul 2016 14:00:26 +0000 (15:00 +0100)] 
[crypto] Remove obsolete extern declaration for asn1_invalidate_cursor()

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[hyperv] Use instance UUID in device name
Michael Brown [Tue, 26 Jul 2016 15:18:53 +0000 (16:18 +0100)] 
[hyperv] Use instance UUID in device name

The Windows drivers for VMBus devices are enumerated using the
instance UUID rather than the channel number.  Include the instance
UUID within the iPXE device name to allow an iPXE network device to be
more easily associated with the corresponding Windows network device
when debugging.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[ipv6] Allow for multiple routers
Michael Brown [Mon, 25 Jul 2016 14:20:22 +0000 (15:20 +0100)] 
[ipv6] Allow for multiple routers

Select the IPv6 source address and corresponding router (if any) using
a very simplified version of the algorithm from RFC6724:

- Ignore any source address that has a smaller scope than the
  destination address.  For example, do not use a link-local source
  address when sending to a global destination address.

- If we have a source address which is on the same link as the
  destination address, then use that source address.

- If we are left with multiple possible source addresses, then choose
  the address with the smallest scope.  For example, if we are sending
  to a site-local destination address and we have both a global source
  address and a site-local source address, then use the site-local
  source address.

- If we are still left with multiple possible source addresses, then
  choose the address with the longest matching prefix.

For the purposes of this algorithm, we treat RFC4193 Unique Local
Addresses as having organisation-local scope.  Since we use only
link-local scope for our multicast transmissions, this approximation
should remain valid in all practical situations.

Originally-implemented-by: Thomas Bächler <thomas@archlinux.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[test] Update IPv6 tests to use okx()
Michael Brown [Mon, 25 Jul 2016 12:44:16 +0000 (13:44 +0100)] 
[test] Update IPv6 tests to use okx()

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[ipv6] Rename ipv6_scope to ipv6_settings_scope
Michael Brown [Thu, 21 Jul 2016 14:46:51 +0000 (15:46 +0100)] 
[ipv6] Rename ipv6_scope to ipv6_settings_scope

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[ipv6] Create routing table based on IPv6 settings
Michael Brown [Tue, 19 Jul 2016 16:49:50 +0000 (17:49 +0100)] 
[ipv6] Create routing table based on IPv6 settings

Use the IPv6 settings to construct the routing table, in a matter
analogous to the construction of the IPv4 routing table.

This allows for manual assignment of IPv6 addresses via e.g.

  set net0/ip6 2001:ba8:0:1d4::6950:5845
  set net0/len6 64
  set net0/gateway6 fe80::226:bff:fedd:d3c0

The prefix length ("len6") may be omitted, in which case a default
prefix length of 64 will be assumed.

Multiple IPv6 addresses may be assigned manually by implicitly
creating child settings blocks.  For example:

  set net0/ip6 2001:ba8:0:1d4::6950:5845
  set net0.ula/ip6 fda4:2496:e992::6950:5845

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[ipv6] Match user expectations for IPv6 settings priorities
Michael Brown [Tue, 19 Jul 2016 15:57:32 +0000 (16:57 +0100)] 
[ipv6] Match user expectations for IPv6 settings priorities

A reasonable user expectation is that ${net0/ip6} should show the
"highest-priority" of the IPv6 addresses, even when multiple IPv6
addresses are active.  The expected order of priority is likely to be
manually-assigned addresses first, then stateful DHCPv6 addresses,
then SLAAC addresses, and lastly link-local addresses.

Using ${priority} to enforce an ordering is undesirable since that
would affect the priority assigned to each of the net<N> blocks as a
whole, so use the sibling ordering capability instead.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[settings] Allow settings blocks to specify a sibling ordering
Michael Brown [Tue, 19 Jul 2016 15:44:18 +0000 (16:44 +0100)] 
[settings] Allow settings blocks to specify a sibling ordering

Allow settings blocks to provide an explicit default ordering between
siblings, with lower precedence than the existing ${priority} setting.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[ipv6] Expose IPv6 link-local address settings
Michael Brown [Tue, 19 Jul 2016 13:16:51 +0000 (14:16 +0100)] 
[ipv6] Expose IPv6 link-local address settings

Originally-implemented-by: Hannes Reinecke <hare@suse.de>
Originally-implemented-by: Marin Hannache <git@mareo.fr>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[dhcpv6] Expose IPv6 address setting acquired through DHCPv6
Michael Brown [Tue, 19 Jul 2016 00:18:30 +0000 (01:18 +0100)] 
[dhcpv6] Expose IPv6 address setting acquired through DHCPv6

Originally-implemented-by: Hannes Reinecke <hare@suse.de>
Originally-implemented-by: Marin Hannache <git@mareo.fr>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[ipv6] Expose IPv6 settings acquired through NDP
Michael Brown [Mon, 18 Jul 2016 14:13:10 +0000 (15:13 +0100)] 
[ipv6] Expose IPv6 settings acquired through NDP

Expose the IPv6 address (or prefix) as ${ip6}, the prefix length as
${len6}, and the router address as ${gateway6}.

Originally-implemented-by: Hannes Reinecke <hare@suse.de>
Originally-implemented-by: Marin Hannache <git@mareo.fr>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[ipv6] Allow settings to comprise arbitrary subsets of NDP options
Michael Brown [Mon, 18 Jul 2016 13:37:04 +0000 (14:37 +0100)] 
[ipv6] Allow settings to comprise arbitrary subsets of NDP options

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[settings] Correctly mortalise autovivified child settings blocks
Michael Brown [Mon, 18 Jul 2016 22:52:40 +0000 (23:52 +0100)] 
[settings] Correctly mortalise autovivified child settings blocks

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[ipv6] Rename ipv6_scope to dhcpv6_scope
Michael Brown [Sat, 16 Jul 2016 11:42:08 +0000 (12:42 +0100)] 
[ipv6] Rename ipv6_scope to dhcpv6_scope

The settings scope ipv6_scope refers specifically to IPv6 settings
that have a corresponding DHCPv6 option.  Rename to dhcpv6_scope to
more accurately reflect this purpose.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[settings] Create space for IPv6 in settings display order
Michael Brown [Fri, 15 Jul 2016 15:52:47 +0000 (16:52 +0100)] 
[settings] Create space for IPv6 in settings display order

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[ipv6] Perform SLAAC only during autoconfiguration
Michael Brown [Fri, 15 Jul 2016 14:49:24 +0000 (15:49 +0100)] 
[ipv6] Perform SLAAC only during autoconfiguration

We currently perform IPv6 stateless address autoconfiguration (SLAAC)
in response to any router advertisement with the relevant flags set.
This can result in the local IPv6 source address changing midway
through a TCP connection, since our connections bind only to a local
port number and do not store a local network address.

In addition, this behaviour for SLAAC is inconsistent with that for
DHCPv4 and stateful DHCPv6, both of which will be performed only as a
result of an explicit autoconfiguration action (e.g. via the default
autoboot sequence, or the "ifconf" command).

Fix by ignoring router advertisements arriving outside the context of
an ongoing autoconfiguration attempt.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[intel] Remove duplicate intelvf_mbox_queues() function
Michael Brown [Thu, 14 Jul 2016 12:51:07 +0000 (13:51 +0100)] 
[intel] Remove duplicate intelvf_mbox_queues() function

Commit db34436 ("[intel] Strip spurious VLAN tags received by virtual
function NICs") accidentally introduced two copies of the
intel[x]vf_mbox_queues() function.  Remove the unintended copy.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[intel] Strip spurious VLAN tags received by virtual function NICs
Michael Brown [Mon, 11 Jul 2016 16:14:14 +0000 (17:14 +0100)] 
[intel] Strip spurious VLAN tags received by virtual function NICs

The physical function may be configured to transparently insert a VLAN
tag into all transmitted packets.  Unfortunately, it does not
equivalently strip this same VLAN tag from all received packets.  This
behaviour may be observed in some Amazon EC2 instances with Enhanced
Networking enabled: transmissions work as expected but all packets
received by iPXE appear to have a spurious VLAN tag.

We can configure the receive queue to strip VLAN tags via the
RXDCTL.VME bit.  We need to find out from the PF driver whether or not
we should do so.

There exists a "get queue configuration" mailbox message which
contains a field labelled IXGBE_VF_TRANS_VLAN in the Linux driver.

A comment in the Linux PF driver describes this field as "notify VF of
need for VLAN tag stripping, and correct queue".  It will be filled
with a non-zero value if the PF is enforcing the use of a single VLAN
tag.  It will also be filled with a non-zero value if the PF is using
multiple traffic classes.

The Linux VF driver seems to treat this field as being simply the
number of traffic classes, and gives it no VLAN-related
interpretation.  The Linux VF driver instead handles the VLAN tag
stripping by simply assuming that any unrecognised VLAN tag ought to
be silently dropped.

We choose to strip and ignore the VLAN tag if the IXGBE_VF_TRANS_VLAN
field has a non-zero value.

Reported-by: Leonid Vasetsky <leonidv@velostrata.com>
Tested-by: Leonid Vasetsky <leonidv@velostrata.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[ipv4] Send gratuitous ARPs whenever a new IPv4 address is applied
Michael Brown [Tue, 12 Jul 2016 07:47:27 +0000 (08:47 +0100)] 
[ipv4] Send gratuitous ARPs whenever a new IPv4 address is applied

In a busy network (such as a public cloud), IPv4 addresses may be
recycled rapidly.  When this happens, unidirectional traffic (such as
UDP syslog) will succeed, but bidirectional traffic (such as TCP
connections) may fail due to stale ARP cache entries on other nodes.
The remote ARP cache expiry timeout is likely to exceed iPXE's
connection timeout, meaning that boot attempts can fail before the
problem is automatically resolved.

Fix by sending gratuitous ARPs whenever an IPv4 address is changed, to
attempt to update stale remote ARP cache entries.  Note that this is
not a guaranteed fix, since ARP is an unreliable protocol.

We avoid sending gratuitous ARPs unconditionally, since otherwise any
unrelated settings change (e.g. "set dns 192.168.0.1") would cause
unexpected gratuitous ARPs to be sent.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[intel] Add PCI device ID for I219-V/LM
Lukas Grossar [Mon, 11 Jul 2016 15:06:01 +0000 (17:06 +0200)] 
[intel] Add PCI device ID for I219-V/LM

Signed-off-by: Lukas Grossar <lukas.grossar@adfinis-sygroup.ch>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[acpi] Allow time for ACPI power off to take effect
Michael Brown [Mon, 11 Jul 2016 20:23:03 +0000 (21:23 +0100)] 
[acpi] Allow time for ACPI power off to take effect

The ACPI power off sequence may not take effect immediately.  Delay
for one second, to eliminate potentially confusing log messages such
as "Could not power off: Error 0x43902001 (http://ipx".

Reported-by: Leonid Vasetsky <leonidv@velostrata.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[acpi] Add support for ACPI power off
Michael Brown [Sun, 10 Jul 2016 18:25:26 +0000 (19:25 +0100)] 
[acpi] Add support for ACPI power off

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[rng] Check for functioning RTC interrupt
Michael Brown [Sun, 10 Jul 2016 19:36:53 +0000 (20:36 +0100)] 
[rng] Check for functioning RTC interrupt

On some platforms (observed in a small subset of Microsoft Azure
(Hyper-V) virtual machines), the RTC appears to be incapable of
generating an interrupt via the legacy PIC.  The RTC status registers
show that a periodic interrupt has been asserted, but the PIC IRR
shows that IRQ8 remains inactive.

On such systems, iPXE will currently freeze during the "iPXE
initialising devices..." message.

Work around this problem by checking that RTC interrupts are being
raised before returning from rtc_entropy_enable().  If no interrupt is
seen within 100ms, then we assume that the RTC interrupt mechanism is
broken.  In these circumstances, iPXE will continue to initialise but
any subsequent attempt to generate entropy will fail.  In particular,
HTTPS connections will fail with an error indicating that no entropy
is available.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[efi] Install the HII config access protocol on a child of the SNP handle
Laszlo Ersek [Thu, 30 Jun 2016 12:37:36 +0000 (14:37 +0200)] 
[efi] Install the HII config access protocol on a child of the SNP handle

In edk2, there are several drivers that associate HII forms (and
corresponding config access protocol instances) with each individual
network device.  (In this context, "network device" means the EFI
handle on which the SNP protocol is installed, and on which the device
path ending with the MAC() node is installed also.)  Such edk2 drivers
are, for example: Ip4Dxe, HttpBootDxe, VlanConfigDxe.

In UEFI, any given handle can carry at most one instance of a specific
protocol (see e.g. the specification of the InstallProtocolInterface()
boot service).  This implies that the class of drivers mentioned above
can't install their EFI_HII_CONFIG_ACCESS_PROTOCOL instances on the
SNP handle directly -- they would conflict with each other.
Accordingly, each of those edk2 drivers creates a "private" child
handle under the SNP handle, and installs its config access protocol
(and corresponding HII package list) on its child handle.

The device path for the child handle is traditionally derived by
appending a Hardware Vendor Device Path node after the MAC() node.
The VenHw() nodes in question consist of a GUID (by definition), and
no trailing data (by choice).  The purpose of these VenHw() nodes is
only that all the child nodes can be uniquely identified by device
path.

At the moment iPXE does not follow this pattern.  It doesn't run into
a conflict when it installs its EFI_HII_CONFIG_ACCESS_PROTOCOL
directly on the SNP handle, but that's only because iPXE is the sole
driver not following the pattern.  This behavior seems risky (one
might call it a "latent bug"); better align iPXE with the edk2 custom.

Cc: Michael Brown <mcb30@ipxe.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ladi Prosek <lprosek@redhat.com>
Ref: http://thread.gmane.org/gmane.comp.bios.edk2.devel/13494/focus=13532
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ladi Prosek <lprosek@redhat.com>
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[profile] Allow profiling to be globally enabled or disabled
Michael Brown [Tue, 5 Jul 2016 12:45:54 +0000 (13:45 +0100)] 
[profile] Allow profiling to be globally enabled or disabled

As with assertions, profiling is enabled for objects built with any
debug level (including an explicit debug level of zero).

Allow profiling to be globally enabled or disabled by adding PROFILE=1
or PROFILE=0 respectively to the build command line.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[libc] Allow assertions to be globally enabled or disabled
Michael Brown [Tue, 5 Jul 2016 12:28:51 +0000 (13:28 +0100)] 
[libc] Allow assertions to be globally enabled or disabled

Assertions are enabled for objects built with any debug level
(including an explicit debug level of zero).  It is sometimes useful
to be able to enable assertions across all objects; this currently
requires manually hacking include/assert.h.

Allow assertions to be globally enabled by adding ASSERT=1 to the
build command line.  For example:

  make bin/8086100e.mrom ASSERT=1

Similarly, allow assertions to be globally disabled by adding ASSERT=0
to the build command line.  If no ASSERT=... is specified on the
build command line, then only objects mentioned in DEBUG=... will have
assertions enabled (as is currently the case).

Note than globally enabling assertions imposes a relatively heavy
runtime penalty, primarily due to the various sanity checks performed
by list_add(), list_for_each_entry(), etc.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[debug] Allow debug messages to be initially disabled at runtime
Michael Brown [Tue, 5 Jul 2016 09:19:36 +0000 (10:19 +0100)] 
[debug] Allow debug messages to be initially disabled at runtime

Extend the DEBUG=... syntax to allow debug messages to be compiled in
but disabled by default.  For example:

  make bin/undionly.kpxe DEBUG=netdevice:3:1

would compile in the messages as for DEBUG=netdevice:3, but would set
the debug level mask so that only the DEBUG=netdevice:1 messages would
be displayed.

This allows for external code to selectively enable the additional
debug messages at runtime, without being overwhelmed by unwanted
initial noise.  For example, a developer of a new protocol may want to
temporarily enable tracing of all packets received: this can be done
by building with DEBUG=netdevice:3:1 and using

  // temporarily enable per-packet messages
  DBG_ENABLE_OBJECT ( netdevice, DBGLVL_EXTRA );
  ...
  // disable per-packet messages
  DBG_DISABLE_OBJECT ( netdevice, DBGLVL_EXTRA );

Note that unlike the usual DBG_ENABLE() and DBG_DISABLE() macros,
DBG_ENABLE_OBJECT() and DBG_DISABLE_OBJECT() will not be removed via
dead code elimination if debugging is disabled in the specified
object.  In particular, this means that using either of these macros
will always result in a symbol reference to the specified object.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[debug] Allow per-object runtime enabling/disabling of debug messages
Michael Brown [Tue, 5 Jul 2016 09:10:35 +0000 (10:10 +0100)] 
[debug] Allow per-object runtime enabling/disabling of debug messages

The DBG_ENABLE() and DBG_DISABLE() macros currently affect the debug
level of all objects that were built with debugging enabled.  This is
undesirable, since it is common to use different debug levels in each
object.

Make the debug level mask a per-object variable.  DBG_ENABLE() and
DBG_DISABLE() now control only the debug level for the containing
object (which is consistent with the intended usage across the
existing codebase).  DBG_ENABLE_OBJECT() and DBG_DISABLE_OBJECT() may
be used to control the debug level for a specified object.  For
example:

  // Enable DBG() messages from tcpip.c
  DBG_ENABLE_OBJECT ( tcpip, DBGLVL_LOG );

Note that the existence of debug messages continues to be gated by the
DEBUG=... list specified on the build command line.  If an object was
built without the relevant debug level, then DBG_ENABLE_OBJECT() will
have no effect on that object at runtime (other than to explicitly
drag in the object via a symbol reference).

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[iscsi] Treat redirection failures as fatal
Michael Brown [Mon, 4 Jul 2016 15:14:22 +0000 (16:14 +0100)] 
[iscsi] Treat redirection failures as fatal

Debugged-by: Robin Smidsrød <robin@smidsrod.no>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[downloader] Treat redirection failures as fatal
Michael Brown [Mon, 4 Jul 2016 15:13:25 +0000 (16:13 +0100)] 
[downloader] Treat redirection failures as fatal

Debugged-by: Robin Smidsrød <robin@smidsrod.no>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[xfer] Send intf_close() if redirection fails
Michael Brown [Mon, 4 Jul 2016 15:10:45 +0000 (16:10 +0100)] 
[xfer] Send intf_close() if redirection fails

A redirection failure is fatal, but provides no opportunity for the
caller of xfer_[v]redirect() to report the failure since the interface
will already have been disconnected.  Fix by sending intf_close() from
within the default xfer_vredirect() handler.

Debugged-by: Robin Smidsrød <robin@smidsrod.no>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[dhcp] Automatically generate vendor class identifier string
Michael Brown [Mon, 4 Jul 2016 14:07:05 +0000 (15:07 +0100)] 
[dhcp] Automatically generate vendor class identifier string

The vendor class identifier strings in DHCP_ARCH_VENDOR_CLASS_ID are
out of sync with the (correct) client architecture values in
DHCP_ARCH_CLIENT_ARCHITECTURE.

Fix by removing all definitions of DHCP_ARCH_VENDOR_CLASS_ID, and
instead generating the vendor class identifier string automatically
based on DHCP_ARCH_CLIENT_ARCHITECTURE and DHCP_ARCH_CLIENT_NDI.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[dhcpv6] Include vendor class identifier option in DHCPv6 requests
Michael Brown [Mon, 4 Jul 2016 13:08:26 +0000 (14:08 +0100)] 
[dhcpv6] Include vendor class identifier option in DHCPv6 requests

RFC3315 defines DHCPv6 option 16 (vendor class identifier) but does
not define any direct relationship with the roughly equivalent DHCPv4
option 60.

The PXE specification predates IPv6, and the UEFI specification is
expectedly vague on the subject.  Examination of the reference EDK2
codebase suggests that the DHCPv6 vendor class identifier will be
formatted in accordance with RFC3315, using a single vendor-class-data
item in which the opaque-data field is the string as would appear in
DHCPv4 option 60.

RFC3315 requires the vendor class identifier to specify an IANA
enterprise number, as a way of disambiguating the vendor-class-data
namespace.  The EDK2 code uses the value 343, described as:

    // TODO: IANA TBD: temporarily using Intel's

Since this "TODO" has been present since at least 2010, it is probably
safe to assume that it has now become a de facto standard.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[dhcpv6] Include RFC5970 client architecture options in DHCPv6 requests
Michael Brown [Mon, 4 Jul 2016 12:18:49 +0000 (13:18 +0100)] 
[dhcpv6] Include RFC5970 client architecture options in DHCPv6 requests

RFC5970 defines DHCPv6 options 61 (client system architecture type)
and 62 (client network interface identifier), with contents equivalent
to DHCPv4 options 93 and 94 respectively.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[dhcp] Allow for variable encapsulation of architecture-specific options
Michael Brown [Mon, 4 Jul 2016 12:15:05 +0000 (13:15 +0100)] 
[dhcp] Allow for variable encapsulation of architecture-specific options

DHCPv4 and DHCPv6 share some values in common for the architecture-
specific options (such as the client system architecture type), but
use different encapsulations: DHCPv4 has a single byte for the option
length while DHCPv6 has a 16-bit field for the option length.

Move the containing DHCP_OPTION() and related wrappers from the
individual dhcp_arch.h files to dhcp.c, thus allowing for the
architecture-specific values to be reused in dhcpv6.c.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[pxe] Disable interrupts on the PIC before starting NBP
Michael Brown [Sun, 3 Jul 2016 11:52:20 +0000 (12:52 +0100)] 
[pxe] Disable interrupts on the PIC before starting NBP

Some BIOSes (observed with an HP Gen9) seem to spuriously enable
interrupts at the PIC.  This causes problems with NBPs such as GRUB
which use the UNDI API (thereby enabling interrupts on the NIC)
without first hooking an interrupt service routine.  In this
situation, the interrupt will end up being handled by the default BIOS
ISR, which will typically just send an EOI and return.  Since nothing
in this handler causes the NIC to deassert the interrupt, this will
result in an interrupt storm.

Entertainingly, some BIOSes are immune to this problem because the
default ISR sends the EOI only to the slave PIC; this effectively
disables the interrupt.

Work around this problem by disabling the interrupt on the PIC before
invoking the PXE NBP.  An NBP that expects to make use of interrupts
will need to be configuring the PIC anyway, so it is probably safe to
assume that it will explicitly reenable the interrupt.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[bios] Do not enable interrupts when printing to the console
Michael Brown [Sun, 3 Jul 2016 11:50:19 +0000 (12:50 +0100)] 
[bios] Do not enable interrupts when printing to the console

There seems to be no reason for the sti/cli pair used around each call
to INT 10.  Remove these instructions, so that printing debug messages
from within an ISR does not temporarily reenable interrupts.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[efi] Fix uninitialised data in HII IFR structures
Michael Brown [Wed, 29 Jun 2016 14:13:35 +0000 (15:13 +0100)] 
[efi] Fix uninitialised data in HII IFR structures

The HII IFR structures are allocated via realloc() rather than
zalloc(), and so are not automatically zeroed.  This results in the
presence of uninitialised and invalid data, causing crashes elsewhere
in the UEFI firmware.

Fix by explicitly zeroing the newly allocated portion of any IFR
structure in efi_ifr_op().

Debugged-by: Laszlo Ersek <lersek@redhat.com>
Debugged-by: Gary Lin <glin@suse.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[thunderx] Fix compilation with older versions of gcc
Michael Brown [Wed, 22 Jun 2016 11:04:50 +0000 (12:04 +0100)] 
[thunderx] Fix compilation with older versions of gcc

Remove redundant duplicate typedef which causes a build failure on
older gcc versions.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[efi] Do not copy garbage bytes into SNP device path MAC address
Michael Brown [Wed, 22 Jun 2016 08:07:20 +0000 (09:07 +0100)] 
[efi] Do not copy garbage bytes into SNP device path MAC address

The SNP device path includes the network device's MAC address within
the MAC_ADDR_DEVICE_PATH.MacAddress field.  We check that the
link-layer address will fit within this field, and then perform the
copy using the length of the destination buffer.

At 32 bytes, the MacAddress field is actually larger than the current
maximum iPXE link-layer address.  The copy therefore overflows the
source buffer, resulting in trailing garbage bytes being appended to
the device path's MacAddress.  This is invisible in debug messages,
since the DevicePathToText protocol will render only the length
implied by the interface type.

Fix by copying only the actual length of the link-layer address (which
we have already verified will not overflow the destination buffer).

Debugged-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[efi] Report failures to stop the EFI timer tick event
Michael Brown [Mon, 20 Jun 2016 15:08:17 +0000 (16:08 +0100)] 
[efi] Report failures to stop the EFI timer tick event

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[smsc75xx] Allow up to 100ms for reset to complete
Michael Brown [Mon, 20 Jun 2016 13:07:41 +0000 (14:07 +0100)] 
[smsc75xx] Allow up to 100ms for reset to complete

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[virtio] Fix virtio-pci logging
Ladi Prosek [Tue, 31 May 2016 08:12:12 +0000 (10:12 +0200)] 
[virtio] Fix virtio-pci logging

iPXE debug logging doesn't support %u.  This commit replaces it with
%d in virtio-pci debug format strings.

Signed-off-by: Ladi Prosek <lprosek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[virtio] Renumber virtio_pci_region flags
Ladi Prosek [Mon, 2 May 2016 11:46:39 +0000 (13:46 +0200)] 
[virtio] Renumber virtio_pci_region flags

Some of the regions may end up being unmapped, either because they are
optional or because the attempt to map them has failed.  Region types
starting at 0 didn't make it easy to test for this condition.

This commit bumps all valid region types up by 1 with 0 having the
implicit 'unmapped' meaning.

Signed-off-by: Ladi Prosek <lprosek@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[thunderx] Retrieve base MAC address via EFI_THUNDER_CONFIG_PROTOCOL
Michael Brown [Mon, 13 Jun 2016 17:41:33 +0000 (18:41 +0100)] 
[thunderx] Retrieve base MAC address via EFI_THUNDER_CONFIG_PROTOCOL

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[efi] Include VLAN in SNP device path if applicable
Michael Brown [Sat, 18 Jun 2016 17:45:18 +0000 (18:45 +0100)] 
[efi] Include VLAN in SNP device path if applicable

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[intel] Add PCI device ID for another I219-LM
Christian Nilsson [Thu, 16 Jun 2016 10:41:40 +0000 (11:41 +0100)] 
[intel] Add PCI device ID for another I219-LM

Tested-by: Kuniyasu Suzaki <k.suzaki@aist.go.jp>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[thunderx] Fix channel configuration for VNICs 1-7
Michael Brown [Wed, 15 Jun 2016 19:29:38 +0000 (20:29 +0100)] 
[thunderx] Fix channel configuration for VNICs 1-7

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[thunderx] Add driver for Cavium ThunderX SoC NICs
Michael Brown [Mon, 13 Jun 2016 17:41:26 +0000 (18:41 +0100)] 
[thunderx] Add driver for Cavium ThunderX SoC NICs

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[cmdline] Add "ntp" command
Michael Brown [Mon, 13 Jun 2016 14:57:16 +0000 (15:57 +0100)] 
[cmdline] Add "ntp" command

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[ntp] Add simple NTP client
Michael Brown [Mon, 13 Jun 2016 14:55:49 +0000 (15:55 +0100)] 
[ntp] Add simple NTP client

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[time] Allow system clock to be adjusted at runtime
Michael Brown [Mon, 13 Jun 2016 14:29:05 +0000 (15:29 +0100)] 
[time] Allow system clock to be adjusted at runtime

Provide a mechanism to allow an arbitrary adjustment to be applied to
all subsequent calls to time().

Note that the underlying clock source (e.g. the RTC clock) will not be
changed; only the time as reported within iPXE will be affected.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[tg3] Add missing memory barrier
Leendert van Doorn [Mon, 13 Jun 2016 13:14:42 +0000 (08:14 -0500)] 
[tg3] Add missing memory barrier

ARM64 has a weaker memory order model than x86.  The missing memory
barrier caused phy initialization notification to be delayed beyond
the link-wait timeout (15 secs).

Signed-off-by: Leendert van Doorn <leendert@paramecium.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[tcp] Send TCP keepalives on idle established connections
Michael Brown [Fri, 10 Jun 2016 16:27:06 +0000 (17:27 +0100)] 
[tcp] Send TCP keepalives on idle established connections

In some circumstances, intermediate devices may lose state in a way
that temporarily prevents the successful delivery of packets from a
TCP peer.  For example, a firewall may drop a NAT forwarding table
entry.

Since iPXE spends most of its time downloading files (and hence purely
receiving data, sending only TCP ACKs), this can easily happen in a
situation in which there is no reason for iPXE's TCP stack to generate
any retransmissions.  The temporary loss of connectivity can therefore
effectively become permanent.

Work around this problem by sending TCP keepalives after a period of
inactivity on an established connection.

TCP keepalives usually send a single garbage byte in sequence number
space that has already been ACKed by the peer.  Since we do not need
to elicit a response from the peer, we instead send pure ACKs (with no
garbage data) in order to keep the transmit code path simple.

Originally-implemented-by: Ladi Prosek <lprosek@redhat.com>
Debugged-by: Ladi Prosek <lprosek@redhat.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[tg3] Fix address truncation bug on 64-bit machines
Leendert van Doorn [Fri, 10 Jun 2016 13:54:25 +0000 (08:54 -0500)] 
[tg3] Fix address truncation bug on 64-bit machines

Signed-off-by: Leendert van Doorn <leendert@paramecium.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[http] Accept headers with no whitespace following the colon
Michael Brown [Thu, 9 Jun 2016 11:20:35 +0000 (12:20 +0100)] 
[http] Accept headers with no whitespace following the colon

Reported-by: Raphael Cohn <raphael.cohn@stormmq.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[pci] Support systems with multiple PCI root bridges
Michael Brown [Thu, 9 Jun 2016 08:36:28 +0000 (09:36 +0100)] 
[pci] Support systems with multiple PCI root bridges

Extend the 16-bit PCI bus:dev.fn address to a 32-bit seg:bus:dev.fn
address, assuming a segment value of zero in contexts where multiple
segments are unsupported by the underlying data structures (e.g. in
the iBFT or BOFM tables).

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[libc] Always use a non-zero seed for the (non-crypto) RNG
Michael Brown [Thu, 9 Jun 2016 07:39:25 +0000 (08:39 +0100)] 
[libc] Always use a non-zero seed for the (non-crypto) RNG

The non-cryptographic RNG implemented by random() has the property
that a seed value of zero will result in a generated sequence of
all-zero values.  This situation can arise if currticks() returns zero
at start of day.

Work around this problem by falling back to a fixed non-zero seed if
necessary.

This has no effect on the separate DRBG used by cryptographic code.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[build] Remove nested "my" declaration
Vinson Lee [Fri, 3 Jun 2016 17:09:54 +0000 (18:09 +0100)] 
[build] Remove nested "my" declaration

Fix build error with perl >= 5.23.2:

  Can't redeclare "my" in "my" at ./util/parserom.pl line 160

Signed-off-by: Vinson Lee <vlee@freedesktop.org>
Reviewed-by: Robin Smidsrød <robin@smidsrod.no>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[efi] Expose DHCP packets via the Apple NetBoot protocol
Michael Brown [Sun, 29 May 2016 12:04:26 +0000 (13:04 +0100)] 
[efi] Expose DHCP packets via the Apple NetBoot protocol

Mac OS X uses non-standard EFI protocols to obtain the DHCP packets
from the UEFI firmware.

Originally-implemented-by: Michael Kuron <m.kuron@gmx.de>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[dhcp] Fix definitions for x86_64 and EFI BC client architectures
Michael Brown [Thu, 26 May 2016 12:58:37 +0000 (13:58 +0100)] 
[dhcp] Fix definitions for x86_64 and EFI BC client architectures

There has been a longstanding disagreement between RFC4578 and the
IANA "Processor Architecture Types" registry.  RFC4578 section 2.1
defines type 7 as "EFI BC" and type 9 as "EFI x86-64"; the IANA
registry quotes RFC4578 as its source but has these values erroneously
swapped.  The EDK2 codebase uses the IANA values.

As of March 2016, RFC4578 has been modified by an errata to match the
values as recorded in the IANA registry.

Fix our definitions to match the consensus values.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[arm] Use correct DHCP client architecture values
Michael Brown [Thu, 26 May 2016 12:43:33 +0000 (13:43 +0100)] 
[arm] Use correct DHCP client architecture values

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[axge] Add driver for ASIX 10/100/1000 USB Ethernet NICs
Michael Brown [Mon, 23 May 2016 23:23:10 +0000 (00:23 +0100)] 
[axge] Add driver for ASIX 10/100/1000 USB Ethernet NICs

Add driver for the AX88178A (USB2) and AX88179 (USB3) 10/100/1000
Ethernet NICs.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[efi] Work around broken UEFI keyboard drivers
Michael Brown [Wed, 25 May 2016 14:51:36 +0000 (15:51 +0100)] 
[efi] Work around broken UEFI keyboard drivers

Some UEFI keyboard drivers are blissfully unaware of the existence of
either Ctrl key, and will report "Ctrl-<key>" as just "<key>".  This
breaks substantial portions of the iPXE user interface.

Work around these broken UEFI drivers by allowing "ESC <key>" to be
used as a substitute for "Ctrl-<key>".

Tested-by: Dreamcat4 <dreamcat4@gmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[http] Ignore unrecognised "Connection" header tokens
Michael Brown [Wed, 25 May 2016 14:27:50 +0000 (15:27 +0100)] 
[http] Ignore unrecognised "Connection" header tokens

Some HTTP/2 servers send the header "Connection: upgrade, close".  This
currently causes iPXE to fail due to the unrecognised "upgrade" token.

Fix by ignoring any unrecognised tokens in the "Connection" header.

Reported-by: Ján ONDREJ (SAL) <ondrejj@salstar.sk>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[lotest] Add option to use broadcast packets for loopback testing
Michael Brown [Fri, 20 May 2016 19:57:18 +0000 (20:57 +0100)] 
[lotest] Add option to use broadcast packets for loopback testing

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[netdevice] Fix failure path in register_netdev()
Michael Brown [Fri, 20 May 2016 19:43:58 +0000 (20:43 +0100)] 
[netdevice] Fix failure path in register_netdev()

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[settings] Extend numerical setting tags to "unsigned long"
Michael Brown [Fri, 20 May 2016 12:05:39 +0000 (13:05 +0100)] 
[settings] Extend numerical setting tags to "unsigned long"

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[pci] Add support for PCI Enhanced Allocation
Michael Brown [Sat, 14 May 2016 17:34:08 +0000 (18:34 +0100)] 
[pci] Add support for PCI Enhanced Allocation

Some embedded devices have immovable BARs, which are described via a
PCI Enhanced Allocation capability.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[undi] Work around broken HP EliteBook 745 G3 PXE ROM
Michael Brown [Fri, 13 May 2016 12:22:06 +0000 (13:22 +0100)] 
[undi] Work around broken HP EliteBook 745 G3 PXE ROM

Reported-by: Arturino Mazzei <mazzeia@hotmail.com>
Tested-by: Arturino Mazzei <mazzeia@hotmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[ath9k] Fix buffer overrun for ar9287
Christian Hesse [Sat, 7 May 2016 19:20:37 +0000 (21:20 +0200)] 
[ath9k] Fix buffer overrun for ar9287

This backport is from linux kernel upstream commit 83d6f1f ("ath9k:
fix buffer overrun for ar9287").

Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[arm] Use CNTVCT_EL0 as profiling timestamp
Michael Brown [Wed, 11 May 2016 20:44:23 +0000 (21:44 +0100)] 
[arm] Use CNTVCT_EL0 as profiling timestamp

The raw cycle counter at PMCCNTR_EL0 works in qemu but seems to always
read as zero on physical hardware (tested on Juno r1 and Cavium
ThunderX), even after ensuring that PMCR_EL0.E and PMCNTENSET_EL0.C
are both enabled.

Use CNTVCT_EL0 instead; this seems to count at a lower resolution
(tens of CPU cycles), but is usable for profiling.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[efi] Guard against GetStatus() failing to return a NULL TX buffer
Michael Brown [Wed, 11 May 2016 21:02:26 +0000 (22:02 +0100)] 
[efi] Guard against GetStatus() failing to return a NULL TX buffer

The UEFI specification requires the EFI_SIMPLE_NETWORK_PROTOCOL
GetStatus() method to set TxBuf to NULL if there are no transmit
buffers to recycle.

Some implementations (observed with Lan9118Dxe in EDK2) fill in TxBuf
only when there is a transmit buffer to recycle, which leads to large
numbers of "spurious TX completion" errors.

Work around this problem by initialising TxBuf to NULL before calling
the GetStatus() method.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[arm] Add optimised TCP/IP checksumming for 64-bit ARM
Michael Brown [Tue, 10 May 2016 16:13:05 +0000 (17:13 +0100)] 
[arm] Add optimised TCP/IP checksumming for 64-bit ARM

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[arm] Add optimised string functions for 64-bit ARM
Michael Brown [Mon, 9 May 2016 15:03:19 +0000 (16:03 +0100)] 
[arm] Add optimised string functions for 64-bit ARM

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[libc] Avoid implicit assumptions about potentially-optimised memcpy()
Michael Brown [Mon, 9 May 2016 15:01:06 +0000 (16:01 +0100)] 
[libc] Avoid implicit assumptions about potentially-optimised memcpy()

Do not assume that an architecture-specific optimised memcpy() will
have the same properties as generic_memcpy() in terms of handling
overlapping regions.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[efi] Allow for building with older versions of elf.h system header
Michael Brown [Mon, 9 May 2016 15:16:43 +0000 (16:16 +0100)] 
[efi] Allow for building with older versions of elf.h system header

Reported-by: Ahmad Mahagna <ahmhad@mellanox.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>