Executable images. More...

#include <stddef.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <ctype.h>
#include <errno.h>
#include <assert.h>
#include <libgen.h>
#include <syslog.h>
#include <ipxe/list.h>
#include <ipxe/umalloc.h>
#include <ipxe/uri.h>
#include <ipxe/image.h>

Macros
#define	EACCES_UNTRUSTED __einfo_error ( EINFO_EACCES_UNTRUSTED )

#define	EINFO_EACCES_UNTRUSTED __einfo_uniqify ( EINFO_EACCES, 0x01, "Untrusted image" )

#define	EACCES_PERMANENT __einfo_error ( EINFO_EACCES_PERMANENT )

#define	EINFO_EACCES_PERMANENT __einfo_uniqify ( EINFO_EACCES, 0x02, "Trust requirement is permanent" )

Functions
	FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)

static void	free_image (struct refcnt *refcnt)
	Free executable image. More...

struct image *	alloc_image (struct uri *uri)
	Allocate executable image. More...

int	image_set_uri (struct image image, struct uri uri)
	Set image URI. More...

int	image_set_name (struct image image, const char name)
	Set image name. More...

int	image_set_cmdline (struct image image, const char cmdline)
	Set image command line. More...

int	image_set_len (struct image *image, size_t len)
	Set image length. More...

int	image_set_data (struct image *image, userptr_t data, size_t len)
	Set image data. More...

static int	image_probe (struct image *image)
	Determine image type. More...

int	register_image (struct image *image)
	Register executable image. More...

void	unregister_image (struct image *image)
	Unregister executable image. More...

struct image *	find_image (const char *name)
	Find image by name. More...

struct image *	find_image_tag (struct image_tag *tag)
	Find image by tag. More...

int	image_exec (struct image *image)
	Execute image. More...

int	image_replace (struct image *replacement)
	Set replacement image. More...

int	image_select (struct image *image)
	Select image for execution. More...

int	image_set_trust (int require_trusted, int permanent)
	Change image trust requirement. More...

struct image *	image_memory (const char *name, userptr_t data, size_t len)
	Create registered image from block of memory. More...

const char *	image_argument (struct image image, const char key)
	Find argument within image command line. More...

Variables
struct list_head	images = LIST_HEAD_INIT ( images )
	List of registered images. More...

struct image_tag selected_image	__image_tag
	Image selected for execution. More...

static int	require_trusted_images = 0
	Current image trust requirement. More...

static int	require_trusted_images_permanent = 0
	Prevent changes to image trust requirement. More...

Detailed Description

Executable images.

Definition in file image.c.

Macro Definition Documentation

◆ EACCES_UNTRUSTED

#define EACCES_UNTRUSTED __einfo_error ( EINFO_EACCES_UNTRUSTED )

Definition at line 47 of file image.c.

◆ EINFO_EACCES_UNTRUSTED

#define EINFO_EACCES_UNTRUSTED __einfo_uniqify ( EINFO_EACCES, 0x01, "Untrusted image" )

Definition at line 49 of file image.c.

◆ EACCES_PERMANENT

#define EACCES_PERMANENT __einfo_error ( EINFO_EACCES_PERMANENT )

Definition at line 51 of file image.c.

◆ EINFO_EACCES_PERMANENT

#define EINFO_EACCES_PERMANENT __einfo_uniqify ( EINFO_EACCES, 0x02, "Trust requirement is permanent" )

Definition at line 53 of file image.c.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL )

◆ free_image()

static void free_image ( struct refcnt * refcnt )

static

Free executable image.

Parameters

refcnt Reference counter

Definition at line 80 of file image.c.

                                                  {
         struct image *image = container_of ( refcnt, struct image, refcnt );
         struct image_tag *tag;
 
         DBGC ( image, "IMAGE %s freed\n", image->name );
         for_each_table_entry ( tag, IMAGE_TAGS ) {
                 if ( tag->image == image )
                         tag->image = NULL;
         }
         free ( image->name );
         free ( image->cmdline );
         uri_put ( image->uri );
         ufree ( image->data );
         image_put ( image->replacement );
         free ( image );
 }

References image::cmdline, container_of, image::data, DBGC, for_each_table_entry, free, image_put(), IMAGE_TAGS, image::name, NULL, image::replacement, tag, ufree(), image::uri, and uri_put().

Referenced by alloc_image().

◆ alloc_image()

struct image* alloc_image ( struct uri * uri )

Allocate executable image.

Parameters

uri	URI, or NULL

Return values

image Executable image

Definition at line 103 of file image.c.

                                                {
         struct image *image;
         int rc;
 
         /* Allocate image */
         image = zalloc ( sizeof ( *image ) );
         if ( ! image )
                 goto err_alloc;
 
         /* Initialise image */
         ref_init ( &image->refcnt, free_image );
         if ( uri && ( ( rc = image_set_uri ( image, uri ) ) != 0 ) )
                 goto err_set_uri;
 
         return image;
 
  err_set_uri:
         image_put ( image );
  err_alloc:
         return NULL;
 }

References free_image(), image_put(), image_set_uri(), NULL, rc, ref_init, image::refcnt, and zalloc().

Referenced by image_extract(), image_memory(), and imgdownload().

◆ image_set_uri()

int image_set_uri	(	struct image *	image,
		struct uri *	uri
	)

Set image URI.

Parameters

image	Image
uri	New image URI

Return values

rc	Return status code

Definition at line 132 of file image.c.

                                                            {
         const char *name;
         int rc;
 
         /* Set name, if image does not already have one */
         if ( ! ( image->name && image->name[0] ) ) {
                 name = ( uri->path ? uri->path : uri->opaque );
                 if ( name ) {
                         name = basename ( ( char * ) name );
                         if ( ( rc = image_set_name ( image, name ) ) != 0 )
                                 return rc;
                 }
         }
 
         /* Update image URI */
         uri_put ( image->uri );
         image->uri = uri_get ( uri );
 
         return 0;
 }

References basename(), image_set_name(), image::name, name, uri::opaque, uri::path, rc, image::uri, uri_get(), and uri_put().

Referenced by alloc_image(), and downloader_vredirect().

◆ image_set_name()

int image_set_name	(	struct image *	image,
		const char *	name
	)

Set image name.

Parameters

image	Image
name	New image name

Return values

rc	Return status code

Definition at line 160 of file image.c.

                                                              {
         char *name_copy;
 
         /* Duplicate name */
         name_copy = strdup ( name );
         if ( ! name_copy )
                 return -ENOMEM;
 
         /* Replace existing name */
         free ( image->name );
         image->name = name_copy;
 
         return 0;
 }

References ENOMEM, free, image::name, name, and strdup().

Referenced by image_extract(), image_memory(), image_set_uri(), imgsingle_exec(), and register_image().

◆ image_set_cmdline()

int image_set_cmdline	(	struct image *	image,
		const char *	cmdline
	)

Set image command line.

Parameters

image	Image
cmdline	New image command line, or NULL

Return values

rc	Return status code

Definition at line 182 of file image.c.

                                                                    {
 
         free ( image->cmdline );
         image->cmdline = NULL;
         if ( cmdline ) {
                 image->cmdline = strdup ( cmdline );
                 if ( ! image->cmdline )
                         return -ENOMEM;
         }
         return 0;
 }

References cmdline, image::cmdline, ENOMEM, free, NULL, and strdup().

Referenced by image_clear_cmdline(), image_extract_exec(), and imgsingle_exec().

◆ image_set_len()

int image_set_len	(	struct image *	image,
		size_t	len
	)

Set image length.

Parameters

image	Image
len	Length of image data

Return values

rc	Return status code

Definition at line 201 of file image.c.

                                                       {
         userptr_t new;
 
         /* (Re)allocate image data */
         new = urealloc ( image->data, len );
         if ( ! new )
                 return -ENOMEM;
         image->data = new;
         image->len = len;
 
         return 0;
 }

References image::data, ENOMEM, len, image::len, and urealloc().

Referenced by gzip_extract(), image_set_data(), and zlib_deflate().

◆ image_set_data()

int image_set_data	(	struct image *	image,
		userptr_t	data,
		size_t	len
	)

Set image data.

Parameters

image	Image
data	Image data
len	Length of image data

Return values

rc	Return status code

Definition at line 222 of file image.c.

                                                                        {
         int rc;
 
         /* Set image length */
         if ( ( rc = image_set_len ( image, len ) ) != 0 )
                 return rc;
 
         /* Copy in new image data */
         memcpy_user ( image->data, 0, data, 0, len );
 
         return 0;
 }

References data, image::data, image_set_len(), len, memcpy_user(), and rc.

Referenced by image_memory().

◆ image_probe()

static int image_probe ( struct image * image )

static

Determine image type.

Parameters

image Executable image

Return values

rc	Return status code

Definition at line 241 of file image.c.

                                                {
         struct image_type *type;
         int rc;
 
         /* Try each type in turn */
         for_each_table_entry ( type, IMAGE_TYPES ) {
                 if ( ( rc = type->probe ( image ) ) == 0 ) {
                         image->type = type;
                         DBGC ( image, "IMAGE %s is %s\n",
                                image->name, type->name );
                         return 0;
                 }
                 DBGC ( image, "IMAGE %s is not %s: %s\n", image->name,
                        type->name, strerror ( rc ) );
         }
 
         DBGC ( image, "IMAGE %s format not recognised\n", image->name );
         return -ENOTSUP;
 }

References DBGC, ENOTSUP, for_each_table_entry, IMAGE_TYPES, image::name, rc, strerror(), type, and image::type.

Referenced by register_image().

◆ register_image()

int register_image ( struct image * image )

Register executable image.

Parameters

image Executable image

Return values

rc	Return status code

Definition at line 267 of file image.c.

                                            {
         static unsigned int imgindex = 0;
         char name[8]; /* "imgXXXX" */
         int rc;
 
         /* Create image name if it doesn't already have one */
         if ( ! image->name ) {
                 snprintf ( name, sizeof ( name ), "img%d", imgindex++ );
                 if ( ( rc = image_set_name ( image, name ) ) != 0 )
                         return rc;
         }
 
         /* Add to image list */
         image_get ( image );
         image->flags |= IMAGE_REGISTERED;
         list_add_tail ( &image->list, &images );
         DBGC ( image, "IMAGE %s at [%lx,%lx) registered\n",
                image->name, user_to_phys ( image->data, 0 ),
                user_to_phys ( image->data, image->len ) );
 
         /* Try to detect image type, if applicable.  Ignore failures,
          * since we expect to handle some unrecognised images
          * (e.g. kernel initrds, multiboot modules, random files
          * provided via our EFI virtual filesystem, etc).
          */
         if ( ! image->type )
                 image_probe ( image );
 
         return 0;
 }

References image::data, DBGC, image::flags, image_get(), image_probe(), IMAGE_REGISTERED, image_set_name(), images, image::len, image::list, list_add_tail, image::name, name, rc, snprintf(), image::type, and user_to_phys().

Referenced by asn1_okx(), cmdline_init(), efi_cmdline_init(), efi_image_exec(), embedded_init(), image_exec(), image_extract(), image_memory(), imgdownload(), pixbuf_okx(), and test_init().

◆ unregister_image()

void unregister_image ( struct image * image )

Unregister executable image.

Parameters

image Executable image

Definition at line 303 of file image.c.

                                               {
 
         /* Do nothing unless image is registered */
         if ( ! ( image->flags & IMAGE_REGISTERED ) )
                 return;
 
         DBGC ( image, "IMAGE %s unregistered\n", image->name );
         list_del ( &image->list );
         image->flags &= ~IMAGE_REGISTERED;
         image_put ( image );
 }

References DBGC, image::flags, image_put(), IMAGE_REGISTERED, image::list, list_del, and image::name.

Referenced by asn1_okx(), bzimage_exec(), cert_exec(), com32_exec_loop(), comboot_exec_loop(), console_exec(), efi_autoexec_load(), efi_image_exec(), gzip_okx(), image_exec(), image_extract(), image_extract_exec(), imgextract_exec(), imgfree_exec(), imgverify_exec(), pixbuf_okx(), and zlib_okx().

◆ find_image()

struct image* find_image ( const char * name )

Find image by name.

Parameters

name	Image name

Return values

image Executable image, or NULL

Definition at line 321 of file image.c.

                                                {
         struct image *image;
 
         for_each_image ( image ) {
                 if ( strcmp ( image->name, name ) == 0 )
                         return image;
         }
 
         return NULL;
 }

References for_each_image, image::name, name, NULL, and strcmp().

Referenced by imgacquire(), and imgmulti_exec().

◆ find_image_tag()

struct image* find_image_tag ( struct image_tag * tag )

Find image by tag.

Parameters

tag Image tag

Return values

image Executable image, or NULL

Definition at line 338 of file image.c.

                                                         {
         struct image *image;
 
         for_each_image ( image ) {
                 if ( tag->image == image )
                         return image;
         }
 
         return NULL;
 }

References for_each_image, NULL, and tag.

Referenced by efi_file_open(), efi_image_exec(), imgsingle_exec(), and shim_exec().

◆ image_exec()

int image_exec ( struct image * image )

Execute image.

Parameters

image Executable image

Return values

rc	Return status code

The image must already be registered. Note that executing an image may cause it to unregister itself. The caller must therefore assume that the image pointer becomes invalid.

Definition at line 359 of file image.c.

                                        {
         struct image *saved_current_image;
         struct image *replacement = NULL;
         struct uri *old_cwuri;
         int rc;
 
         /* Sanity check */
         assert ( image->flags & IMAGE_REGISTERED );
 
         /* Switch current working directory to be that of the image
          * itself, if applicable
          */
         old_cwuri = uri_get ( cwuri );
         if ( image->uri )
                 churi ( image->uri );
 
         /* Set as currently running image */
         saved_current_image = image_tag ( image, &current_image );
 
         /* Take out a temporary reference to the image, so that it
          * does not get freed when temporarily unregistered.
          */
         image_get ( image );
 
         /* Check that this image can be executed */
         if ( ! ( image->type && image->type->exec ) ) {
                 rc = -ENOEXEC;
                 goto err;
         }
 
         /* Check that image is trusted (if applicable) */
         if ( require_trusted_images && ! ( image->flags & IMAGE_TRUSTED ) ) {
                 DBGC ( image, "IMAGE %s is not trusted\n", image->name );
                 rc = -EACCES_UNTRUSTED;
                 goto err;
         }
 
         /* Record boot attempt */
         syslog ( LOG_NOTICE, "Executing \"%s\"\n", image->name );
 
         /* Temporarily unregister the image during its execution */
         unregister_image ( image );
 
         /* Try executing the image */
         if ( ( rc = image->type->exec ( image ) ) != 0 ) {
                 DBGC ( image, "IMAGE %s could not execute: %s\n",
                        image->name, strerror ( rc ) );
                 /* Do not return yet; we still have clean-up to do */
         }
 
         /* Record result of boot attempt */
         if ( rc == 0 ) {
                 syslog ( LOG_NOTICE, "Execution of \"%s\" completed\n",
                          image->name );
         } else {
                 syslog ( LOG_ERR, "Execution of \"%s\" failed: %s\n",
                          image->name, strerror ( rc ) );
         }
 
         /* Re-register image (unless due to be replaced) */
         if ( ! image->replacement )
                 register_image ( image );
 
         /* Pick up replacement image before we drop the original
          * image's temporary reference.  The replacement image must
          * already be registered, so we don't need to hold a temporary
          * reference (which would complicate the tail-recursion).
          */
         replacement = image->replacement;
         if ( replacement )
                 assert ( replacement->flags & IMAGE_REGISTERED );
 
  err:
         /* Unregister image if applicable */
         if ( image->flags & IMAGE_AUTO_UNREGISTER )
                 unregister_image ( image );
 
         /* Debug message for tail-recursion.  Placed here because the
          * image_put() may end up freeing the image.
          */
         if ( replacement ) {
                 DBGC ( image, "IMAGE %s replacing self with IMAGE %s\n",
                        image->name, replacement->name );
         }
 
         /* Drop temporary reference to the original image */
         image_put ( image );
 
         /* Restore previous currently-running image */
         image_tag ( saved_current_image, &current_image );
 
         /* Reset current working directory */
         churi ( old_cwuri );
         uri_put ( old_cwuri );
 
         /* Tail-recurse into replacement image, if one exists */
         if ( replacement )
                 return image_exec ( replacement );
 
         return rc;
 }

References assert(), churi(), current_image, cwuri, DBGC, EACCES_UNTRUSTED, ENOEXEC, image_type::exec, image::flags, IMAGE_AUTO_UNREGISTER, image_exec(), image_get(), image_put(), IMAGE_REGISTERED, image_tag(), IMAGE_TRUSTED, LOG_ERR, LOG_NOTICE, image::name, NULL, rc, register_image(), replacement, image::replacement, require_trusted_images, strerror(), syslog, image::type, unregister_image(), image::uri, uri_get(), and uri_put().

Referenced by image_exec(), image_extract_exec(), imgexec(), ipxe(), and uriboot().

◆ image_replace()

int image_replace ( struct image * replacement )

Set replacement image.

Parameters

replacement Replacement image

Return values

rc	Return status code

The replacement image must already be registered, and must remain registered until the currently-executing image returns.

Definition at line 470 of file image.c.

                                                 {
         struct image *image = current_image.image;
         int rc;
 
         /* Sanity check */
         assert ( replacement->flags & IMAGE_REGISTERED );
 
         /* Fail unless there is a currently-executing image */
         if ( ! image ) {
                 rc = -ENOTTY;
                 DBGC ( replacement, "IMAGE %s cannot replace non-existent "
                        "image: %s\n", replacement->name, strerror ( rc ) );
                 return rc;
         }
 
         /* Check that the replacement image can be executed */
         if ( ! ( replacement->type && replacement->type->exec ) )
                 return -ENOEXEC;
 
         /* Clear any existing replacement */
         image_put ( image->replacement );
 
         /* Set replacement */
         image->replacement = image_get ( replacement );
         DBGC ( image, "IMAGE %s will replace self with IMAGE %s\n",
                image->name, replacement->name );
 
         return 0;
 }

References assert(), current_image, DBGC, ENOEXEC, ENOTTY, image_tag::image, image_get(), image_put(), IMAGE_REGISTERED, image::name, rc, replacement, image::replacement, and strerror().

Referenced by comboot_fetch_kernel(), and imgexec().

◆ image_select()

int image_select ( struct image * image )

Select image for execution.

Parameters

image Executable image

Return values

rc	Return status code

Definition at line 506 of file image.c.

                                          {
 
         /* Check that this image can be executed */
         if ( ! ( image->type && image->type->exec ) )
                 return -ENOEXEC;
 
         /* Mark image as selected */
         image_tag ( image, &selected_image );
 
         return 0;
 }

References ENOEXEC, image_type::exec, image_tag(), selected_image, and image::type.

Referenced by embedded_init(), and imgselect().

◆ image_set_trust()

int image_set_trust	(	int	require_trusted,
		int	permanent
	)

Change image trust requirement.

Parameters

require_trusted	Require trusted images
permanent	Make trust requirement permanent

Return values

rc	Return status code

Definition at line 525 of file image.c.

                                                            {
 
         /* Update trust requirement, if permitted to do so */
         if ( ! require_trusted_images_permanent ) {
                 require_trusted_images = require_trusted;
                 require_trusted_images_permanent = permanent;
         }
 
         /* Fail if we attempted to change the trust requirement but
          * were not permitted to do so.
          */
         if ( require_trusted_images != require_trusted )
                 return -EACCES_PERMANENT;
 
         return 0;
 }

References EACCES_PERMANENT, require_trusted_images, and require_trusted_images_permanent.

Referenced by imgtrust_exec().

◆ image_memory()

struct image* image_memory	(	const char *	name,
		userptr_t	data,
		size_t	len
	)

Create registered image from block of memory.

Parameters

name	Name
data	Image data
len	Length

Return values

image Image, or NULL on error

Definition at line 550 of file image.c.

                                                                              {
         struct image *image;
         int rc;
 
         /* Allocate image */
         image = alloc_image ( NULL );
         if ( ! image ) {
                 rc = -ENOMEM;
                 goto err_alloc_image;
         }
 
         /* Set name */
         if ( ( rc = image_set_name ( image, name ) ) != 0 )
                 goto err_set_name;
 
         /* Set data */
         if ( ( rc = image_set_data ( image, data, len ) ) != 0 )
                 goto err_set_data;
 
         /* Register image */
         if ( ( rc = register_image ( image ) ) != 0 )
                 goto err_register;
 
         /* Drop local reference to image */
         image_put ( image );
 
         return image;
 
  err_register:
  err_set_data:
  err_set_name:
         image_put ( image );
  err_alloc_image:
         return NULL;
 }

References alloc_image(), data, ENOMEM, image_put(), image_set_data(), image_set_name(), len, name, NULL, rc, and register_image().

Referenced by gzip_okx(), imgmem(), initrd_init(), and zlib_okx().

◆ image_argument()

const char* image_argument	(	struct image *	image,
		const char *	key
	)

Find argument within image command line.

Parameters

image	Image
key	Argument search key (including trailing delimiter)

Return values

value Argument value, or NULL if not found

Definition at line 593 of file image.c.

                                                                      {
         const char *cmdline = image->cmdline;
         const char *search;
         const char *match;
         const char *next;
 
         /* Find argument */
         for ( search = cmdline ; search ; search = next ) {
 
                 /* Find next occurrence, if any */
                 match = strstr ( search, key );
                 if ( ! match )
                         break;
                 next = ( match + strlen ( key ) );
 
                 /* Check preceding delimiter, if any */
                 if ( ( match == cmdline ) || isspace ( match[-1] ) )
                         return next;
         }
 
         return NULL;
 }

References cmdline, image::cmdline, isspace(), key, next, NULL, strlen(), and strstr().

Referenced by bzimage_parse_cmdline(), and cpio_parse_cmdline().

Variable Documentation

◆ images

struct list_head images = LIST_HEAD_INIT ( images )

List of registered images.

Definition at line 57 of file image.c.

Referenced by first_image(), initrd_dump(), initrd_reshuffle(), initrd_squash_high(), initrd_swap(), and register_image().

◆ __image_tag

struct image_tag current_image __image_tag

Initial value:

= {
        .name = "SELECTED",
}

Image selected for execution.

Currently-executing image.

Definition at line 60 of file image.c.

◆ require_trusted_images

int require_trusted_images = 0

static

Current image trust requirement.

Definition at line 70 of file image.c.

Referenced by image_exec(), and image_set_trust().

◆ require_trusted_images_permanent

int require_trusted_images_permanent = 0

static

Prevent changes to image trust requirement.

Definition at line 73 of file image.c.

Referenced by image_set_trust().

Macros

Functions

Variables

Detailed Description

Macro Definition Documentation

◆ EACCES_UNTRUSTED

◆ EINFO_EACCES_UNTRUSTED

◆ EACCES_PERMANENT

◆ EINFO_EACCES_PERMANENT

Function Documentation

◆ FILE_LICENCE()

◆ free_image()

◆ alloc_image()

◆ image_set_uri()

◆ image_set_name()

◆ image_set_cmdline()

◆ image_set_len()

◆ image_set_data()

◆ image_probe()

◆ register_image()

◆ unregister_image()

◆ find_image()

◆ find_image_tag()

◆ image_exec()

◆ image_replace()

◆ image_select()

◆ image_set_trust()

◆ image_memory()

◆ image_argument()

Variable Documentation

◆ images

◆ __image_tag

◆ require_trusted_images

◆ require_trusted_images_permanent