Andrew Schran [Tue, 12 Aug 2008 00:05:26 +0000 (01:05 +0100)]
[retry] Added configurable timeouts to retry timer
New min_timeout and max_timeout fields in struct retry_timer allow
users of this timer to set their own desired minimum and maximum
timeouts, without being constrained to a single global minimum and
maximum. Users of the timer can still elect to use the default global
values by leaving the min_timeout and max_timeout fields as 0.
Michael Brown [Sat, 2 Aug 2008 02:03:42 +0000 (03:03 +0100)]
[pxe] If no ProxyDHCPACK exists, use DHCPACK for the fake ProxyDHCPACK packet
WinPE seems to have a bug that causes it to always use the TFTP server
IP address and filename from the ProxyDHCPACK packet, even if the
ProxyDHCPACK packet doesn't exist. This causes it to end up
attempting to fetch a file such as
tftp://0.0.0.0/bootmgr.exe
If we don't have a ProxyDHCPACK to use, we pretend that it was a copy
of the DHCPACK packet. This works around the problem, and hopefully
won't surprise any NBPs.
Michael Brown [Thu, 31 Jul 2008 15:55:46 +0000 (16:55 +0100)]
[autoboot] Retain initial-slash (if present) when constructing TFTP URIs
When we boot from a DHCP-supplied filename, we previously relied on
the fact that the current working URI is set to tftp://[next-server]/
in order to resolve the filename into a full tftp:// URI. However,
this process will eliminate the distinction between filenames with and
without initial slashes:
Michael Brown [Thu, 31 Jul 2008 05:28:46 +0000 (06:28 +0100)]
[util] Add mergerom.pl
This utility is required as a workaround for legal restrictions on
including GPL and non-GPL code within the same expansion ROM image.
While this is not encouraged, we are prepared to accept that
concatenation of ROM images and updating of the ROM header data
structures can be classed as "mere aggregation" within the terms of
the GPL.
If in any doubt, assume that you cannot include GPL and non-GPL code
within the same expansion ROM image. Contact the Etherboot team for
clarification on your specific circumstances.
[ftp] Terminate processing after receiving an error
When an error reply (not 1xx, 2xx or 3xx) was received, ftp_reply()
invoked ftp_done() to close connections, but did not return, and the
rest of code in this function could try to send commands to the closed
control connection.
Michael Brown [Wed, 30 Jul 2008 19:22:49 +0000 (20:22 +0100)]
[ftp] Cope with RETR completion prior to all data received
Based on a patch contributed by Sergey Vlasov <vsu@altlinux.ru> :
In my testing with "qemu -net user" the 226 response to RETR was
often received earlier than final packets of the data connection;
this caused the received file to become truncated without any error
indication. Fix this by adding an intermediate state FTP_TRANSFER
between FTP_RETR and FTP_QUIT, so that the transfer is considered to
be complete only when both the end of data connection is encountered
and the final reply to the RETR command is received.
Stefan Hajnoczi [Wed, 30 Jul 2008 18:45:48 +0000 (19:45 +0100)]
[prefix] Reasonable value for lkrn initrd_addr_max
H. Peter Anvin <hpa@zytor.com> sent word that Sergey Vlasov
<vsu@altlinux.ru> discovered gPXE lkrn images fail to load in SYSLINUX
3.70 because we have initrd_addr_max zeroed. This patch sets the same
value as the Linux kernel.
Also change the header jmp instruction to use a hardcoded opcode value
like Linux does. Just in case the assembler decides to use a three-byte
instruction instead of the desired two-byte jmp.
Andrew Schran [Thu, 24 Jul 2008 18:59:12 +0000 (19:59 +0100)]
[cmdline] Added configurable shell banner timeout
This change allows the time for which shell banners are displayed to
be configured in the config.h file. The ability to access the shell
can also be effectively disabled by setting this timeout to zero.
Andrew Schran [Thu, 24 Jul 2008 18:55:53 +0000 (19:55 +0100)]
[tg3] Added support for tg3-5754.
In tg3_chip_reset(), the PCI_EXPRESS change is taken from the Linux
tg3 driver. I am not sure what exactly it does (it is not documented
in the Linux driver), but it is necessary for the NIC to work
correctly.
Michael Brown [Thu, 24 Jul 2008 18:45:35 +0000 (19:45 +0100)]
[makefile] Suppress "No such file or directory" warnings at start of build
Use "-include" rather than "include" for the generated Makefile
fragments, in order to suppress the long list of warnings that
otherwise appears at the start of a clean build.
Michael Brown [Thu, 17 Jul 2008 16:45:17 +0000 (17:45 +0100)]
[iSCSI] Support Windows Server 2008 direct iSCSI installation
Add yet another ugly hack to iscsiboot.c, this time to allow the user to
inhibit the shutdown/removal of the iSCSI INT13 device (and the network
devices, since they are required for the iSCSI device to function).
On the plus side, the fact that shutdown() now takes flags to
differentiate between shutdown-for-exit and shutdown-for-boot means that
another ugly hack (to allow returning via the PXE stack on BIOSes that
have broken INT 18 calls) will be easier.
Michael Brown [Thu, 17 Jul 2008 14:45:40 +0000 (15:45 +0100)]
[phantom] Guard against partially-written status descriptors
Conjecture: The hardware issues 64-bit DMA writes of status descriptors,
which some PCI bridges seem to split into two 32-bit writes in reverse
order (i.e. dword 1 first). This means that we sometimes observe a
partial status descriptor. Add an explicit check to ensure that the
descriptor is complete before processing it.
Also ensure that the RDS consumer counter is incremented only when we
know that we have actually consumed an RX descriptor.
Michael Brown [Tue, 15 Jul 2008 22:19:59 +0000 (23:19 +0100)]
[int13] Pairwise swap drive numbers, instead of shifting all drive numbers
Shifting all INT13 drive numbers causes problems on systems that use a
sparse drive number space (e.g. qemu BIOS, which uses 0xe0 for the CD-ROM
drive).
The strategy now is:
Each drive is assigned a "natural" drive number, being the next
available drive number in the system (based on the BIOS drive count).
Each drive is accessed using its specified drive number. If the
specified drive number is -1, the natural drive number will be used.
Accesses to the specified drive number will be delivered to the
emulated drive, masking out any preexisting drive using this number.
Accesses to the natural drive number, if different, will be remapped to
the masked-out drive.
The overall upshot is that, for examples:
System has no drives. Emulated INT13 drive gets natural number 0x80
and specified number 0x80. Accesses to drive 0x80 go to the emulated
drive, and there is no remapping.
System has one drive. Emulated INT13 drive gets natural number 0x81
and specified number 0x80. Accesses to drive 0x80 go to the emulated
drive. Accesses to drive 0x81 get remapped to the original drive 0x80.
Michael Brown [Thu, 10 Jul 2008 03:11:09 +0000 (04:11 +0100)]
[dhcp] Verify DHCP server source port
Verifying server ID and DHCP transaction ID is insufficient to
differentiate between DHCPACK and ProxyDHCPACK when the DHCP server and
Proxy DHCP server are the same machine.
Michael Brown [Tue, 8 Jul 2008 02:50:44 +0000 (03:50 +0100)]
[image] Fail "imgexec"/"boot" if the image to execute is ambiguous
If there is more than one loaded image, refuse to automatically select
the image to execute. There are at least two possible cases, with
different "correct" answers:
1. User loads image A by mistake, then loads image B and types "boot".
User wants to execute image B.
2. User loads image A, then loads image B (which patches image A), then
types "boot". User wants to execute image A.
If a user actually wants to load multiple images, they must explicitly
specify which image is to be executed.
Michael Brown [Tue, 8 Jul 2008 02:15:02 +0000 (03:15 +0100)]
[image] Revert "clear LOADED flag" patch
Clearing the LOADED flag actually prevents users from doing clever things
such as loading an image, then loading a patch image, then executing the
first image. (image_exec() checks for IMAGE_LOADED, so this sequence of
operations will fail if the LOADED flag gets cleared.)
Michael Brown [Tue, 8 Jul 2008 02:03:48 +0000 (03:03 +0100)]
[image] Clear LOADED flag on all other images when loading a new image
Loading an image may overwrite part or all of any previously-loaded
images, so we should clear the LOADED flag for all images prior to
attempting to load a new image.
Michael Brown [Tue, 8 Jul 2008 00:30:11 +0000 (01:30 +0100)]
[bzimage] Kill off the initrd image type
We can just treat all non-kernel images as initrds, which matches our
behaviour for multiboot kernels. This allows us to eliminate initrd as
an image type, and treat the "initrd" command as just another synonym for
"imgfetch".
Michael Brown [Tue, 8 Jul 2008 00:13:59 +0000 (01:13 +0100)]
[dhcp] Allow DHCP non-option settings to be cleared
dhcppkt_store() is supposed to clear the setting if passed NULL for the
setting data. In the case of fixed-location fields (e.g. client IP
address), this requires setting the content of the field to all-zeros.
Michael Brown [Tue, 1 Jul 2008 01:52:13 +0000 (18:52 -0700)]
[i386] Change semantics of __from_data16 and __from_text16
__from_data16 and __from_text16 now take a pointer to a
.data16/.text16 variable, and return the real-mode offset within the
appropriate segment. This matches the use case for every occurrence
of these macros, and prevents potential future bugs such as that fixed
in commit d51d80f. (The bug arose essentially because "&pointer" is
still syntactically valid.)
Michael Brown [Tue, 1 Jul 2008 01:35:51 +0000 (18:35 -0700)]
[pxe] Fix a typo in PXENV_GET_CACHED_INFO that broke Altiris
__from_data16 takes the value pointed to, rather than the pointer
itself. This was silently causing gPXE to return a dud buffer pointer
when the caller did not supply a buffer for PXENV_GET_CACHED_INFO.
Michael Brown [Tue, 1 Jul 2008 00:56:37 +0000 (17:56 -0700)]
[dhcp] Verify server identifier on ProxyDHCPACKs
Perform the same test for a matching DHCP_SERVER_IDENTIFIER on
ProxyDHCPACKs as we do for DHCPACKs. Otherwise, a retransmitted
DHCPACK can end up being treated as the ProxyDHCPACK.
I have a vague and unsettling memory that this test was deliberately
omitted, but I can't remember why, and can't find anything in the VC
logs.
H. Peter Anvin [Mon, 30 Jun 2008 19:09:21 +0000 (12:09 -0700)]
[ns8390] Use stub files instead of src/Config
ns8390.c can produce four different drivers (one PCI, three ISA.) The
ISA driver requires setting a few macros; do that by setting defines
in stub files instead of using src/Config.
Currently, all the ISA drivers are broken (they were not enabled by
default), so #if 0 them out.
Stefan Hajnoczi [Fri, 13 Jun 2008 09:26:49 +0000 (10:26 +0100)]
[GDB] Zero-extend 16-bit segment registers
When the 16-bit segment registers are accessed using 32-bit instructions
the high order bytes are undefined on older CPUs. We now explicitly
zero the high order bytes when snapshotting the CPU state. This ensures
that the GDB stub reports consistent values for the segment registers.
Michael Brown [Sat, 28 Jun 2008 22:18:11 +0000 (23:18 +0100)]
[romprefix] Fix PMM detection start address
Commit fd0aef9 introduced a typo that caused PMM detection to start at
paragraph 0xe00 rather than 0xe000. (Detection would still work, since it
would scan until it ran out of base memory, but it would end up scanning
an unnecessarily large portion of base memory.)
H. Peter Anvin [Fri, 27 Jun 2008 21:29:13 +0000 (22:29 +0100)]
[a20] Send a null command to the KBC after changing A20
Send a null command, specifically "pulse outputs" with no outputs
selected, to the KBC after changing A20. This was apparently done by DOS,
presumably as a synchronization hack, and the authors of the UHCI spec
thought it was inherent. Therefore, there are systems out there (e.g. HP
DL360 G5) which will stop responsing to "legacy USB" unless they see the
null command, 0xFF, written to port 0x64 at the end of the A20 toggling
sequence.
Michael Brown [Sat, 14 Jun 2008 19:01:14 +0000 (20:01 +0100)]
[legacy] Align legacy drivers' __shared data to the maximum possible
Some drivers that still use the legacy-driver wrapper (tg3 in particular)
apparently do not specify their alignment constraints properly. This
hack forces any __shared data to be maximally aligned.
Note that this provides only 16-byte alignment; it is not possible to
request alignment to any greater than 16 bytes using
__attribute__((aligned)), since the relocation code will preserve only 16
byte alignment (and operation under -DKEEP_IT_REAL cannot preserve more
that 16 byte alignment).
Michael Brown [Sat, 14 Jun 2008 12:49:26 +0000 (13:49 +0100)]
[prefix] When we have to hook INT 19, chain to original handler if possible
When the BIOS doesn't support BBS, hooking INT 19 is the only way to add
ourselves as a boot device. If we have to do this, we should at least
try to chain to the original INT 19 vector if our boot fails.
Idea suggested by Andrew Schran <aschran@google.com>
Michael Brown [Thu, 12 Jun 2008 01:19:10 +0000 (02:19 +0100)]
[bzimage] Support kernel command lines of greater than 256 characters
2.6.22+ kernels have an extra field in the bzimage_header structure to
indicate the maximum permitted command-line length. Use this if it is
available.
Michael Brown [Wed, 11 Jun 2008 12:43:58 +0000 (13:43 +0100)]
[smbios] Fix SMBIOS string fetching
A bug in read_smbios_string() was causing the starting offset of the
SMBIOS structure to be added twice, resulting in completely the wrong
strings being returned.
Michael Brown [Wed, 11 Jun 2008 12:16:02 +0000 (13:16 +0100)]
[slam] Add support for SLAM window lengths of greater than one packet
Add the definition of SLAM_MAX_BLOCKS_PER_NACK, which is roughly
equivalent to a TCP window size; it represents the maximum number of
packets that will be requested in a single NACK.
Note that, to keep the code size down, we still limit ourselves to
requesting only a single range per NACK; if the missing-block list is
discontiguous then we may request fewer than SLAM_MAX_BLOCKS_PER_NACK
blocks.
Michael Brown [Wed, 11 Jun 2008 11:06:10 +0000 (12:06 +0100)]
[console] Call cpu_nap() only if there is no input waiting
Avoid calling cpu_nap() until after we have determined that there is
no input ready to read. This avoids delaying for one timer interrupt
(~50ms) in the case of
if ( iskey() )
char = getkey()
which happens to be present in monojob.c, which is where we spend most
of our time looping (e.g. during any download).
This should eliminate the irritating tendency of gPXE to lose
keypresses.
Discovered on a Dell system where the serial port seems to send in a
constant stream of 0xff characters; this wouldn't be a problem in
itself except that each one triggers the 50ms delay (as mentioned
above), which really kills performance.
Michael Brown [Wed, 11 Jun 2008 08:41:31 +0000 (09:41 +0100)]
[slam] Implement SLAM flow control
On any fast network, or with any driver that may drop packets
(e.g. Infiniband, which has very small RX rings), the traditional
usage of the SLAM protocol will result in enormous numbers of packet
drops and a consequent large number of retransmissions.
By adapting the client behaviour, we can force the server to act more
like a multicast TFTP server, with flow control provided by a single
master client.
This behaviour should interoperate with any traditional SLAM client
(e.g. Etherboot 5.4) on the network. The SLAM protocol isn't actually
documented anywhere, so it's hard to define either behaviour as
compliant or otherwise.
Michael Brown [Wed, 11 Jun 2008 05:20:49 +0000 (06:20 +0100)]
[dhcp] Do not transition to DHCPREQUEST without a valid DHCPOFFER
A missing test for dhcp->dhcpoffer in dhcp_timer_expired() was causing
the client to transition to DHCPREQUEST after timing out on waiting
for ProxyDHCP even if no DHCPOFFERs had been received.
Michael Brown [Tue, 10 Jun 2008 11:30:43 +0000 (12:30 +0100)]
[slam] Request all remaining blocks if we run out of space for the blocklist
In a SLAM NACK packet, if we run out of space to represent the
missing-block list, then indicate all remaining blocks as missing.
This avoids the need to wait for the one-second timeout before
receiving the blocks that otherwise wouldn't have been requested due
to running out of space.
Michael Brown [Tue, 10 Jun 2008 10:23:34 +0000 (11:23 +0100)]
[slam] Speed up NACK transmission by restricting the block-list length
Shorter NACK packets take less time to construct and spew out less
debug output, and there's a limit to how useful it is to send a
complete missing-block list anyway; if the loss rate is high then
we're going to have to retransmit an updated missing-block list
anyway.
Also add pretty debugging output to show the list of requested blocks.
Michael Brown [Tue, 10 Jun 2008 07:56:44 +0000 (08:56 +0100)]
[undi] Ask for promiscuous packet reception when using UNDI driver
We never set up specific multicast filters; native drivers will ask
the card to receive all multicast packets. The only way to achieve
this via the UNDI API is to enable promiscuous mode.
Michael Brown [Mon, 9 Jun 2008 21:56:48 +0000 (22:56 +0100)]
[udp] Verify local socket address (if specified) for UDP sockets
UDP sockets can be used for multicast, at which point it becomes
plausible that we could receive packets that aren't destined for us
but that still match on a port number.
Michael Brown [Mon, 9 Jun 2008 12:11:46 +0000 (13:11 +0100)]
[ELF] Add ability to boot ELF images generated by wraplinux and mkelfImage
Delete ELF as a generic image type. The method for invoking an
ELF-based image (as well as any tables that must be set up to allow it
to boot) will always depend on the specific architecture. core/elf.c
now only provides the elf_load() function, to avoid duplicating
functionality between ELF-based image types.
Add arch/i386/image/elfboot.c, to handle the generic case of 32-bit
x86 ELF images. We don't currently set up any multiboot tables, ELF
notes, etc. This seems to be sufficient for loading kernels generated
using both wraplinux and coreboot's mkelfImage.
Note that while Etherboot 5.4 allowed ELF images to return, we don't.
There is no callback mechanism for the loaded image to shut down gPXE,
which means that we have to shut down before invoking the image. This
means that we lose device state, protection against being trampled on,
etc. It is not safe to continue afterwards.
.SECONDARY doesn't seem to work properly with the target patterns of
implicit rules. In particular, a "make clean ; make bin/rtl8139.dsk"
will correctly leave the bin/rtl8139.dsk.tmp file present when .PRECIOUS
is used, but not when .SECONDARY is used.
This is slightly irritating since we don't want the
"do-not-delete-if-interrupted" semantics of .PRECIOUS, but it seems to be
the best compromise.
Stefan Hajnoczi [Wed, 4 Jun 2008 19:56:20 +0000 (20:56 +0100)]
[util] config-local.h to avoid accidental commits
During development it is often handy to change the config.h options from
their defaults, for example to enable debugging features.
To prevent accidental commits of debugging config.h changes, mdc
suggested having a config-local.h that is excluded from source control.
This file acts as a temporary config.h and can override any of the
defaults.
This commit is an attempt to implement the config-local.h feature.
The config.h file now has the following as its last line:
/* @TRYSOURCE config-local.h */
The @TRYSOURCE directive causes config-local.h to be included at that
point in the file. If config-local.h does not exist, no error will be
printed and parsing will continue as normal. Therefore, mkconfig.pl is
"trying" to "source" config-local.h.
Stefan Hajnoczi [Wed, 4 Jun 2008 19:52:38 +0000 (20:52 +0100)]
[GDBSYM] Remove unused gdbsym.c
The GDBSYM config.h option was an attempt at QEMU GDB debugging. I have
removed the code since it is unused and may confuse people wanting to
use the GDB stub.
Michael Brown [Wed, 4 Jun 2008 23:28:17 +0000 (00:28 +0100)]
[TCP] Avoid shrinking TCP window
Maintain state for the advertised window length, and only ever increase
it (instead of calculating it afresh on each transmit). This avoids
triggering "treason uncloaked" messages on Linux peers.
Respond to zero-length TCP keepalives (i.e. empty data packets
transmitted outside the window). Even if the peer wouldn't otherwise
expect an ACK (because its packet consumed no sequence space), force an
ACK if it was outside the window.
We don't yet generate TCP keepalives. It could be done, but it's unclear
what benefit this would have. (Linux, for example, doesn't start sending
keepalives until the connection has been idle for two hours.)
Michael Brown [Tue, 3 Jun 2008 23:02:23 +0000 (00:02 +0100)]
[embed] Add missing register_image() to image/embedded.c
When the embedded image is a script, the unregister_image() performed by
image/script.c corrupts memory, since image/embedded.c omitted the call
to register_image().
This is the first bug fixed using Stefan Hajnoczi's gdb stub for gPXE.
Michael Brown [Tue, 3 Jun 2008 22:46:36 +0000 (23:46 +0100)]
[iSCSI] Produce meaningful errors on login failure
Return the most appropriate of EACCES, EPERM, ENODEV, ENOTSUP, EIO or
EINVAL depending on the exact error returned by the target, rather than
just always returning EPERM.
Also, ensure that error strings exist for these errors.
Michael Brown [Thu, 22 May 2008 14:14:33 +0000 (15:14 +0100)]
[prefix] Prompt for entering gPXE shell during POST
The ROM prefix now prompts the user to enter the gPXE shell during POST;
this allows for configuring gPXE without needing to attempt to boot from
it. (It also slows down system boot by three seconds per gPXE ROM, but
hey.)
This is apparently a certain OEM's requirement for option ROMs.
projects / thirdparty / ipxe.git / log
