sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2026-01-01 09:09:32 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
7ce3b8405002ac58c4c2d24b90a601b1802c1d83
ipxe/src/interface/efi/efi_init.c
Michael Brown e10a40d41f [efi] Avoid dropping below TPL as at entry to iPXE 
iPXE will currently drop to TPL_APPLICATION whenever the current
system time is obtained via currticks(), since the system time
mechanism relies on a timer that can fire only when the TPL is below
TPL_CALLBACK.

This can cause unexpected behaviour if the system time is obtained in
the middle of an API call into iPXE by external code.  For example,
MnpDxe sets up a 10ms periodic timer running at TPL_CALLBACK to poll
the underling EFI_SIMPLE_NETWORK_PROTOCOL device for received packets.
If the resulting poll within iPXE happens to hit a code path that
requires obtaining the current system time (e.g. due to reception of
an STP packet, which affects iPXE's blocked link timer), then iPXE
will end up temporarily dropping to TPL_APPLICATION.  This can
potentially result in retriggering the MnpDxe periodic timer, causing
code to be unexpectedly re-entered.

Fix by recording the external TPL at any entry point into iPXE and
dropping only as far as this external TPL, rather than dropping
unconditionally to TPL_APPLICATION.

The side effect of this change is that iPXE's view of the current
system time will be frozen for the duration of any API calls made into
iPXE by external code at TPL_CALLBACK or above.  Since any such
external code is already responsible for allowing execution at
TPL_APPLICATION to occur, then this should not cause a problem in
practice.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2020-11-20 16:57:50 +00:00

398 lines
11 KiB
C
Raw Blame History

/*
* Copyright (C) 2008 Michael Brown <mbrown@fensystems.co.uk>.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
FILE_LICENCE ( GPL2_OR_LATER );
#include <string.h>
#include <errno.h>
#include <endian.h>
#include <ipxe/init.h>
#include <ipxe/rotate.h>
#include <ipxe/efi/efi.h>
#include <ipxe/efi/efi_driver.h>
#include <ipxe/efi/efi_path.h>
#include <ipxe/efi/Protocol/LoadedImage.h>
/** Image handle passed to entry point */
EFI_HANDLE efi_image_handle;
/** Loaded image protocol for this image */
EFI_LOADED_IMAGE_PROTOCOL *efi_loaded_image;
/** Device path for the loaded image's device handle */
EFI_DEVICE_PATH_PROTOCOL *efi_loaded_image_path;
/** System table passed to entry point
*
* We construct the symbol name efi_systab via the PLATFORM macro.
* This ensures that the symbol is defined only in EFI builds, and so
* prevents EFI code from being incorrectly linked in to a non-EFI
* build.
*/
EFI_SYSTEM_TABLE * _C2 ( PLATFORM, _systab );
/** External task priority level */
EFI_TPL efi_external_tpl = TPL_APPLICATION;
/** EFI shutdown is in progress */
int efi_shutdown_in_progress;
/** Event used to signal shutdown */
static EFI_EVENT efi_shutdown_event;
/** Stack cookie */
unsigned long __stack_chk_guard;
/** Exit function
*
* Cached to minimise external dependencies when a stack check
* failure is triggered.
*/
static EFI_EXIT efi_exit;
/* Forward declarations */
static EFI_STATUS EFIAPI efi_unload ( EFI_HANDLE image_handle );
/**
* Shut down in preparation for booting an OS.
*
* This hook gets called at ExitBootServices time in order to make
* sure that everything is properly shut down before the OS takes
* over.
*/
static EFIAPI void efi_shutdown_hook ( EFI_EVENT event __unused,
void *context __unused ) {
/* Mark shutdown as being in progress, to indicate that large
* parts of the system (e.g. timers) are no longer functional.
*/
efi_shutdown_in_progress = 1;
/* Shut down iPXE */
shutdown_boot();
}
/**
* Look up EFI configuration table
*
* @v guid Configuration table GUID
* @ret table Configuration table, or NULL
*/
static void * efi_find_table ( EFI_GUID *guid ) {
unsigned int i;
for ( i = 0 ; i < efi_systab->NumberOfTableEntries ; i++ ) {
if ( memcmp ( &efi_systab->ConfigurationTable[i].VendorGuid,
guid, sizeof ( *guid ) ) == 0 )
return efi_systab->ConfigurationTable[i].VendorTable;
}
return NULL;
}
/**
* Construct a stack cookie value
*
* @v handle Image handle
* @ret cookie Stack cookie
*/
__attribute__ (( noinline )) unsigned long
efi_stack_cookie ( EFI_HANDLE handle ) {
unsigned long cookie = 0;
unsigned int rotation = ( 8 * sizeof ( cookie ) / 4 );
/* There is no viable source of entropy available at this
* point. Construct a value that is at least likely to vary
* between platforms and invocations.
*/
cookie ^= ( ( unsigned long ) handle );
cookie = roll ( cookie, rotation );
cookie ^= ( ( unsigned long ) &handle );
cookie = roll ( cookie, rotation );
cookie ^= profile_timestamp();
cookie = roll ( cookie, rotation );
cookie ^= build_id;
/* Ensure that the value contains a NUL byte, to act as a
* runaway string terminator. Construct the NUL using a shift
* rather than a mask, to avoid losing valuable entropy in the
* lower-order bits.
*/
cookie <<= 8;
/* Ensure that the NUL byte is placed at the bottom of the
* stack cookie, to avoid potential disclosure via an
* unterminated string.
*/
if ( __BYTE_ORDER == __BIG_ENDIAN )
cookie >>= 8;
return cookie;
}
/**
* Initialise EFI environment
*
* @v image_handle Image handle
* @v systab System table
* @ret efirc EFI return status code
*/
EFI_STATUS efi_init ( EFI_HANDLE image_handle,
EFI_SYSTEM_TABLE *systab ) {
EFI_BOOT_SERVICES *bs;
struct efi_protocol *prot;
struct efi_config_table *tab;
void *loaded_image;
void *device_path;
void *device_path_copy;
size_t device_path_len;
EFI_STATUS efirc;
int rc;
/* Store image handle and system table pointer for future use */
efi_image_handle = image_handle;
efi_systab = systab;
/* Sanity checks */
if ( ! systab ) {
efirc = EFI_NOT_AVAILABLE_YET;
goto err_sanity;
}
if ( ! systab->ConOut ) {
efirc = EFI_NOT_AVAILABLE_YET;
goto err_sanity;
}
if ( ! systab->BootServices ) {
DBGC ( systab, "EFI provided no BootServices entry point\n" );
efirc = EFI_NOT_AVAILABLE_YET;
goto err_sanity;
}
if ( ! systab->RuntimeServices ) {
DBGC ( systab, "EFI provided no RuntimeServices entry "
"point\n" );
efirc = EFI_NOT_AVAILABLE_YET;
goto err_sanity;
}
DBGC ( systab, "EFI handle %p systab %p\n", image_handle, systab );
bs = systab->BootServices;
/* Store abort function pointer */
efi_exit = bs->Exit;
/* Look up used protocols */
for_each_table_entry ( prot, EFI_PROTOCOLS ) {
if ( ( efirc = bs->LocateProtocol ( &prot->guid, NULL,
prot->protocol ) ) == 0 ) {
DBGC ( systab, "EFI protocol %s is at %p\n",
efi_guid_ntoa ( &prot->guid ),
*(prot->protocol) );
} else {
DBGC ( systab, "EFI does not provide protocol %s\n",
efi_guid_ntoa ( &prot->guid ) );
/* Fail if protocol is required */
if ( prot->required )
goto err_missing_protocol;
}
}
/* Look up used configuration tables */
for_each_table_entry ( tab, EFI_CONFIG_TABLES ) {
if ( ( *(tab->table) = efi_find_table ( &tab->guid ) ) ) {
DBGC ( systab, "EFI configuration table %s is at %p\n",
efi_guid_ntoa ( &tab->guid ), *(tab->table) );
} else {
DBGC ( systab, "EFI does not provide configuration "
"table %s\n", efi_guid_ntoa ( &tab->guid ) );
if ( tab->required ) {
efirc = EFI_NOT_AVAILABLE_YET;
goto err_missing_table;
}
}
}
/* Get loaded image protocol */
if ( ( efirc = bs->OpenProtocol ( image_handle,
&efi_loaded_image_protocol_guid,
&loaded_image, image_handle, NULL,
EFI_OPEN_PROTOCOL_GET_PROTOCOL ) ) != 0 ) {
rc = -EEFI ( efirc );
DBGC ( systab, "EFI could not get loaded image protocol: %s",
strerror ( rc ) );
goto err_no_loaded_image;
}
efi_loaded_image = loaded_image;
DBGC ( systab, "EFI image base address %p\n",
efi_loaded_image->ImageBase );
/* Get loaded image's device handle's device path */
if ( ( efirc = bs->OpenProtocol ( efi_loaded_image->DeviceHandle,
&efi_device_path_protocol_guid,
&device_path, image_handle, NULL,
EFI_OPEN_PROTOCOL_GET_PROTOCOL ) ) != 0 ) {
rc = -EEFI ( efirc );
DBGC ( systab, "EFI could not get loaded image's device path: "
"%s", strerror ( rc ) );
goto err_no_device_path;
}
/* Make a copy of the loaded image's device handle's device
* path, since the device handle itself may become invalidated
* when we load our own drivers.
*/
device_path_len = ( efi_path_len ( device_path ) +
sizeof ( EFI_DEVICE_PATH_PROTOCOL ) );
if ( ( efirc = bs->AllocatePool ( EfiBootServicesData, device_path_len,
&device_path_copy ) ) != 0 ) {
rc = -EEFI ( efirc );
goto err_alloc_device_path;
}
memcpy ( device_path_copy, device_path, device_path_len );
efi_loaded_image_path = device_path_copy;
DBGC ( systab, "EFI image device path %s\n",
efi_devpath_text ( efi_loaded_image_path ) );
/* EFI is perfectly capable of gracefully shutting down any
* loaded devices if it decides to fall back to a legacy boot.
* For no particularly comprehensible reason, it doesn't
* bother doing so when ExitBootServices() is called.
*/
if ( ( efirc = bs->CreateEvent ( EVT_SIGNAL_EXIT_BOOT_SERVICES,
TPL_CALLBACK, efi_shutdown_hook,
NULL, &efi_shutdown_event ) ) != 0 ) {
rc = -EEFI ( efirc );
DBGC ( systab, "EFI could not create ExitBootServices event: "
"%s\n", strerror ( rc ) );
goto err_create_event;
}
/* Install driver binding protocol */
if ( ( rc = efi_driver_install() ) != 0 ) {
DBGC ( systab, "EFI could not install driver: %s\n",
strerror ( rc ) );
efirc = EFIRC ( rc );
goto err_driver_install;
}
/* Install image unload method */
efi_loaded_image->Unload = efi_unload;
return 0;
efi_driver_uninstall();
err_driver_install:
bs->CloseEvent ( efi_shutdown_event );
err_create_event:
bs->FreePool ( efi_loaded_image_path );
err_alloc_device_path:
err_no_device_path:
err_no_loaded_image:
err_missing_table:
err_missing_protocol:
err_sanity:
return efirc;
}
/**
* Shut down EFI environment
*
* @v image_handle Image handle
*/
static EFI_STATUS EFIAPI efi_unload ( EFI_HANDLE image_handle __unused ) {
EFI_BOOT_SERVICES *bs = efi_systab->BootServices;
EFI_SYSTEM_TABLE *systab = efi_systab;
DBGC ( systab, "EFI image unloading\n" );
/* Shut down */
shutdown_exit();
/* Disconnect any remaining devices */
efi_driver_disconnect_all();
/* Uninstall driver binding protocol */
efi_driver_uninstall();
/* Uninstall exit boot services event */
bs->CloseEvent ( efi_shutdown_event );
/* Free copy of loaded image's device handle's device path */
bs->FreePool ( efi_loaded_image_path );
DBGC ( systab, "EFI image unloaded\n" );
return 0;
}
/**
* Abort on stack check failure
*
*/
__attribute__ (( noreturn )) void __stack_chk_fail ( void ) {
EFI_STATUS efirc;
int rc;
/* Report failure (when debugging) */
DBGC ( efi_systab, "EFI stack check failed (cookie %#lx); aborting\n",
__stack_chk_guard );
/* Attempt to exit cleanly with an error status */
if ( efi_exit ) {
efirc = efi_exit ( efi_image_handle, EFI_COMPROMISED_DATA,
0, NULL );
rc = -EEFI ( efirc );
DBGC ( efi_systab, "EFI stack check exit failed: %s\n",
strerror ( rc ) );
}
/* If the exit fails for any reason, lock the system */
while ( 1 ) {}
}
/**
* Raise task priority level to TPL_CALLBACK
*
* @v tpl Saved TPL
*/
void efi_raise_tpl ( struct efi_saved_tpl *tpl ) {
EFI_BOOT_SERVICES *bs = efi_systab->BootServices;
/* Record current external TPL */
tpl->previous = efi_external_tpl;
/* Raise TPL and record previous TPL as new external TPL */
tpl->current = bs->RaiseTPL ( TPL_CALLBACK );
efi_external_tpl = tpl->current;
}
/**
* Restore task priority level
*
* @v tpl Saved TPL
*/
void efi_restore_tpl ( struct efi_saved_tpl *tpl ) {
EFI_BOOT_SERVICES *bs = efi_systab->BootServices;
/* Restore external TPL */
efi_external_tpl = tpl->previous;
/* Restore TPL */
bs->RestoreTPL ( tpl->current );
}
Reference in New Issue View Git Blame Copy Permalink