2 * Copyright (C) 2006 Michael Brown <mbrown@fensystems.co.uk>.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 of the
7 * License, or any later version.
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 * You can also choose to distribute this program under the terms of
20 * the Unmodified Binary Distribution Licence (as given in the file
21 * COPYING.UBDL), provided that you have satisfied its requirements.
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
34 #include <ipxe/list.h>
35 #include <ipxe/umalloc.h>
37 #include <ipxe/image.h>
45 /* Disambiguate the various error causes */
46 #define EACCES_UNTRUSTED \
47 __einfo_error ( EINFO_EACCES_UNTRUSTED )
48 #define EINFO_EACCES_UNTRUSTED \
49 __einfo_uniqify ( EINFO_EACCES, 0x01, "Untrusted image" )
50 #define EACCES_PERMANENT \
51 __einfo_error ( EINFO_EACCES_PERMANENT )
52 #define EINFO_EACCES_PERMANENT \
53 __einfo_uniqify ( EINFO_EACCES, 0x02, "Trust requirement is permanent" )
55 /** List of registered images */
56 struct list_head images = LIST_HEAD_INIT ( images );
58 /** Currently-executing image */
59 struct image *current_image;
61 /** Current image trust requirement */
62 static int require_trusted_images = 0;
64 /** Prevent changes to image trust requirement */
65 static int require_trusted_images_permanent = 0;
68 * Free executable image
70 * @v refcnt Reference counter
72 static void free_image ( struct refcnt *refcnt ) {
73 struct image *image = container_of ( refcnt, struct image, refcnt );
75 DBGC ( image, "IMAGE %s freed\n", image->name );
77 free ( image->cmdline );
78 uri_put ( image->uri );
79 ufree ( image->data );
80 image_put ( image->replacement );
85 * Allocate executable image
88 * @ret image Executable image
90 struct image * alloc_image ( struct uri *uri ) {
96 image = zalloc ( sizeof ( *image ) );
100 /* Initialise image */
101 ref_init ( &image->refcnt, free_image );
103 image->uri = uri_get ( uri );
105 name = basename ( ( char * ) uri->path );
106 if ( ( rc = image_set_name ( image, name ) ) != 0 )
123 * @v name New image name
124 * @ret rc Return status code
126 int image_set_name ( struct image *image, const char *name ) {
130 name_copy = strdup ( name );
134 /* Replace existing name */
135 free ( image->name );
136 image->name = name_copy;
142 * Set image command line
145 * @v cmdline New image command line, or NULL
146 * @ret rc Return status code
148 int image_set_cmdline ( struct image *image, const char *cmdline ) {
150 free ( image->cmdline );
151 image->cmdline = NULL;
153 image->cmdline = strdup ( cmdline );
154 if ( ! image->cmdline )
161 * Determine image type
163 * @v image Executable image
164 * @ret rc Return status code
166 static int image_probe ( struct image *image ) {
167 struct image_type *type;
170 /* Try each type in turn */
171 for_each_table_entry ( type, IMAGE_TYPES ) {
172 if ( ( rc = type->probe ( image ) ) == 0 ) {
174 DBGC ( image, "IMAGE %s is %s\n",
175 image->name, type->name );
178 DBGC ( image, "IMAGE %s is not %s: %s\n", image->name,
179 type->name, strerror ( rc ) );
182 DBGC ( image, "IMAGE %s format not recognised\n", image->name );
187 * Register executable image
189 * @v image Executable image
190 * @ret rc Return status code
192 int register_image ( struct image *image ) {
193 static unsigned int imgindex = 0;
194 char name[8]; /* "imgXXXX" */
197 /* Create image name if it doesn't already have one */
198 if ( ! image->name ) {
199 snprintf ( name, sizeof ( name ), "img%d", imgindex++ );
200 if ( ( rc = image_set_name ( image, name ) ) != 0 )
204 /* Avoid ending up with multiple "selected" images on
207 if ( image_find_selected() )
208 image->flags &= ~IMAGE_SELECTED;
210 /* Add to image list */
212 image->flags |= IMAGE_REGISTERED;
213 list_add_tail ( &image->list, &images );
214 DBGC ( image, "IMAGE %s at [%lx,%lx) registered\n",
215 image->name, user_to_phys ( image->data, 0 ),
216 user_to_phys ( image->data, image->len ) );
218 /* Try to detect image type, if applicable. Ignore failures,
219 * since we expect to handle some unrecognised images
220 * (e.g. kernel initrds, multiboot modules, random files
221 * provided via our EFI virtual filesystem, etc).
224 image_probe ( image );
230 * Unregister executable image
232 * @v image Executable image
234 void unregister_image ( struct image *image ) {
236 /* Do nothing unless image is registered */
237 if ( ! ( image->flags & IMAGE_REGISTERED ) )
240 DBGC ( image, "IMAGE %s unregistered\n", image->name );
241 list_del ( &image->list );
242 image->flags &= ~IMAGE_REGISTERED;
250 * @ret image Executable image, or NULL
252 struct image * find_image ( const char *name ) {
255 list_for_each_entry ( image, &images, list ) {
256 if ( strcmp ( image->name, name ) == 0 )
266 * @v image Executable image
267 * @ret rc Return status code
269 * The image must already be registered. Note that executing an image
270 * may cause it to unregister itself. The caller must therefore
271 * assume that the image pointer becomes invalid.
273 int image_exec ( struct image *image ) {
274 struct image *saved_current_image;
275 struct image *replacement = NULL;
276 struct uri *old_cwuri;
280 assert ( image->flags & IMAGE_REGISTERED );
282 /* Switch current working directory to be that of the image itself */
283 old_cwuri = uri_get ( cwuri );
284 churi ( image->uri );
286 /* Preserve record of any currently-running image */
287 saved_current_image = current_image;
289 /* Take out a temporary reference to the image. This allows
290 * the image to unregister itself if necessary, without
291 * automatically freeing itself.
293 current_image = image_get ( image );
295 /* Check that this image can be executed */
296 if ( ! ( image->type && image->type->exec ) ) {
301 /* Check that image is trusted (if applicable) */
302 if ( require_trusted_images && ! ( image->flags & IMAGE_TRUSTED ) ) {
303 DBGC ( image, "IMAGE %s is not trusted\n", image->name );
304 rc = -EACCES_UNTRUSTED;
308 /* Record boot attempt */
309 syslog ( LOG_NOTICE, "Executing \"%s\"\n", image->name );
311 /* Try executing the image */
312 if ( ( rc = image->type->exec ( image ) ) != 0 ) {
313 DBGC ( image, "IMAGE %s could not execute: %s\n",
314 image->name, strerror ( rc ) );
315 /* Do not return yet; we still have clean-up to do */
318 /* Record result of boot attempt */
320 syslog ( LOG_NOTICE, "Execution of \"%s\" completed\n",
323 syslog ( LOG_ERR, "Execution of \"%s\" failed: %s\n",
324 image->name, strerror ( rc ) );
327 /* Pick up replacement image before we drop the original
328 * image's temporary reference. The replacement image must
329 * already be registered, so we don't need to hold a temporary
330 * reference (which would complicate the tail-recursion).
332 replacement = image->replacement;
334 assert ( replacement->flags & IMAGE_REGISTERED );
337 /* Unregister image if applicable */
338 if ( image->flags & IMAGE_AUTO_UNREGISTER )
339 unregister_image ( image );
341 /* Debug message for tail-recursion. Placed here because the
342 * image_put() may end up freeing the image.
345 DBGC ( image, "IMAGE %s replacing self with IMAGE %s\n",
346 image->name, replacement->name );
349 /* Drop temporary reference to the original image */
352 /* Restore previous currently-running image */
353 current_image = saved_current_image;
355 /* Reset current working directory */
357 uri_put ( old_cwuri );
359 /* Tail-recurse into replacement image, if one exists */
361 return image_exec ( replacement );
367 * Set replacement image
369 * @v replacement Replacement image
370 * @ret rc Return status code
372 * The replacement image must already be registered, and must remain
373 * registered until the currently-executing image returns.
375 int image_replace ( struct image *replacement ) {
376 struct image *image = current_image;
380 assert ( replacement->flags & IMAGE_REGISTERED );
382 /* Fail unless there is a currently-executing image */
385 DBGC ( replacement, "IMAGE %s cannot replace non-existent "
386 "image: %s\n", replacement->name, strerror ( rc ) );
390 /* Check that the replacement image can be executed */
391 if ( ! ( replacement->type && replacement->type->exec ) )
394 /* Clear any existing replacement */
395 image_put ( image->replacement );
397 /* Set replacement */
398 image->replacement = image_get ( replacement );
399 DBGC ( image, "IMAGE %s will replace self with IMAGE %s\n",
400 image->name, replacement->name );
406 * Select image for execution
408 * @v image Executable image
409 * @ret rc Return status code
411 int image_select ( struct image *image ) {
414 /* Unselect all other images */
415 for_each_image ( tmp )
416 tmp->flags &= ~IMAGE_SELECTED;
418 /* Check that this image can be executed */
419 if ( ! ( image->type && image->type->exec ) )
422 /* Mark image as selected */
423 image->flags |= IMAGE_SELECTED;
429 * Find selected image
431 * @ret image Executable image, or NULL
433 struct image * image_find_selected ( void ) {
436 for_each_image ( image ) {
437 if ( image->flags & IMAGE_SELECTED )
444 * Change image trust requirement
446 * @v require_trusted Require trusted images
447 * @v permanent Make trust requirement permanent
448 * @ret rc Return status code
450 int image_set_trust ( int require_trusted, int permanent ) {
452 /* Update trust requirement, if permitted to do so */
453 if ( ! require_trusted_images_permanent ) {
454 require_trusted_images = require_trusted;
455 require_trusted_images_permanent = permanent;
458 /* Fail if we attempted to change the trust requirement but
459 * were not permitted to do so.
461 if ( require_trusted_images != require_trusted )
462 return -EACCES_PERMANENT;
468 * Create pixel buffer from image
471 * @v pixbuf Pixel buffer to fill in
472 * @ret rc Return status code
474 int image_pixbuf ( struct image *image, struct pixel_buffer **pixbuf ) {
477 /* Check that this image can be used to create a pixel buffer */
478 if ( ! ( image->type && image->type->pixbuf ) )
481 /* Try creating pixel buffer */
482 if ( ( rc = image->type->pixbuf ( image, pixbuf ) ) != 0 ) {
483 DBGC ( image, "IMAGE %s could not create pixel buffer: %s\n",
484 image->name, strerror ( rc ) );