#include <syslinux/firmware.h>
#include <syslinux/memscan.h>
#include <core.h>
#include "pxe.h"
#include <net.h>
#include <minmax.h>
#include <bios.h>
#include <dprintf.h>
static uint16_t real_base_mem; /* Amount of DOS memory after freeing */
static bool has_gpxe;
static uint32_t gpxe_funcs;
far_ptr_t StrucPtr;
/*
* Validity check on possible !PXE structure in buf
* return 1 for success, 0 for failure.
*
*/
static int is_pxe(const void *buf)
{
const struct pxe_t *pxe = buf;
const uint8_t *p = buf;
int i = pxe->structlength;
uint8_t sum = 0;
if (i < sizeof(struct pxe_t) ||
memcmp(pxe->signature, "!PXE", 4))
return 0;
while (i--)
sum += *p++;
return sum == 0;
}
/*
* Just like is_pxe, it checks PXENV+ structure
*
*/
static int is_pxenv(const void *buf)
{
const struct pxenv_t *pxenv = buf;
const uint8_t *p = buf;
int i = pxenv->length;
uint8_t sum = 0;
/* The pxeptr field isn't present in old versions */
if (i < offsetof(struct pxenv_t, pxeptr) ||
memcmp(pxenv->signature, "PXENV+", 6))
return 0;
while (i--)
sum += *p++;
return sum == 0;
}
/*
* memory_scan_for_pxe_struct:
* memory_scan_for_pxenv_struct:
*
* If none of the standard methods find the !PXE/PXENV+ structure,
* look for it by scanning memory.
*
* return the corresponding pxe structure if found, or NULL;
*/
static const void *memory_scan(uintptr_t start, int (*func)(const void *))
{
const char *ptr;
/* Scan each 16 bytes of conventional memory before the VGA region */
for (ptr = (const char *)start; ptr < (const char *)0xA0000; ptr += 16) {
if (func(ptr))
return ptr; /* found it! */
ptr += 16;
}
return NULL;
}
static const struct pxe_t *memory_scan_for_pxe_struct(void)
{
uint16_t start = bios_fbm(); /* Starting segment */
return memory_scan(start << 10, is_pxe);
}
static const struct pxenv_t *memory_scan_for_pxenv_struct(void)
{
return memory_scan(0x10000, is_pxenv);
}
static int pxelinux_scan_memory(scan_memory_callback_t callback, void *data)
{
addr_t start, size;
int rv = 0;
if (KeepPXE)
return 0;
/*
* If we are planning on calling unload_pxe() and unmapping the PXE
* region before we transfer control away from PXELINUX we can mark
* that region as SMT_TERMINAL to indicate that the region will
* become free at some point in the future.
*/
start = bios_fbm() << 10;
size = (real_base_mem - bios_fbm()) << 10;
dprintf("Marking PXE region 0x%x - 0x%x as SMT_TERMINAL\n",
start, start + size);
callback(data, start, size, SMT_TERMINAL);
return rv;
}
/*
* Find the !PXE structure; we search for the following, in order:
*
* a. !PXE structure as SS:[SP + 4]
* b. PXENV+ structure at [ES:BX]
* c. INT 1Ah AX=0x5650 -> PXENV+
* d. Search memory for !PXE
* e. Search memory for PXENV+
*
* If we find a PXENV+ structure, we try to find a !PXE structure from
* if if the API version is 2.1 or later
*
*/
int pxe_init(bool quiet)
{
extern void pxe_int1a(void);
char plan = 'A';
uint16_t seg, off;
uint16_t code_seg, code_len;
uint16_t data_seg, data_len;
const char *base = GET_PTR(InitStack);
com32sys_t regs;
const char *type;
const struct pxenv_t *pxenv;
const struct pxe_t *pxe;
/* Assume API version 2.1 */
APIVer = 0x201;
/* Plan A: !PXE structure as SS:[SP + 4] */
off = *(const uint16_t *)(base + 48);
seg = *(const uint16_t *)(base + 50);
pxe = MK_PTR(seg, off);
if (is_pxe(pxe))
goto have_pxe;
/* Plan B: PXENV+ structure at [ES:BX] */
plan++;
off = *(const uint16_t *)(base + 24); /* Original BX */
seg = *(const uint16_t *)(base + 4); /* Original ES */
pxenv = MK_PTR(seg, off);
if (is_pxenv(pxenv))
goto have_pxenv;
/* Plan C: PXENV+ structure via INT 1Ah AX=5650h */
plan++;
memset(®s, 0, sizeof regs);
regs.eax.w[0] = 0x5650;
call16(pxe_int1a, ®s, ®s);
if (!(regs.eflags.l & EFLAGS_CF) && (regs.eax.w[0] == 0x564e)) {
off = regs.ebx.w[0];
seg = regs.es;
pxenv = MK_PTR(seg, off);
if (is_pxenv(pxenv))
goto have_pxenv;
}
/* Plan D: !PXE memory scan */
plan++;
if ((pxe = memory_scan_for_pxe_struct())) {
off = OFFS(pxe);
seg = SEG(pxe);
goto have_pxe;
}
/* Plan E: PXENV+ memory scan */
plan++;
if ((pxenv = memory_scan_for_pxenv_struct())) {
off = OFFS(pxenv);
seg = SEG(pxenv);
goto have_pxenv;
}
/* Found nothing at all !! */
if (!quiet)
ddprintf("No !PXE or PXENV+ API found; we're dead...\n");
return -1;
have_pxenv:
APIVer = pxenv->version;
if (!quiet)
ddprintf("Found PXENV+ structure\nPXE API version is %04x\n", APIVer);
/* if the API version number is 0x0201 or higher, use the !PXE structure */
if (APIVer >= 0x201) {
if (pxenv->length >= sizeof(struct pxenv_t)) {
pxe = GET_PTR(pxenv->pxeptr);
if (is_pxe(pxe))
goto have_pxe;
/*
* Nope, !PXE structure missing despite API 2.1+, or at least
* the pointer is missing. Do a last-ditch attempt to find it
*/
if ((pxe = memory_scan_for_pxe_struct()))
goto have_pxe;
}
APIVer = 0x200; /* PXENV+ only, assume version 2.00 */
}
/* Otherwise, no dice, use PXENV+ structure */
data_len = pxenv->undidatasize;
data_seg = pxenv->undidataseg;
code_len = pxenv->undicodesize;
code_seg = pxenv->undicodeseg;
PXEEntry = pxenv->rmentry;
type = "PXENV+";
goto have_entrypoint;
have_pxe:
data_len = pxe->seg[PXE_Seg_UNDIData].size;
data_seg = pxe->seg[PXE_Seg_UNDIData].sel;
code_len = pxe->seg[PXE_Seg_UNDICode].size;
code_seg = pxe->seg[PXE_Seg_UNDICode].sel;
PXEEntry = pxe->entrypointsp;
type = "!PXE";
have_entrypoint:
StrucPtr.offs = off;
StrucPtr.seg = seg;
if (!quiet) {
ddprintf("%s entry point found (we hope) at %04X:%04X via plan %c\n",
type, PXEEntry.seg, PXEEntry.offs, plan);
ddprintf("UNDI code segment at %04X len %04X\n", code_seg, code_len);
ddprintf("UNDI data segment at %04X len %04X\n", data_seg, data_len);
}
syslinux_memscan_new(pxelinux_scan_memory);
code_seg = code_seg + ((code_len + 15) >> 4);
data_seg = data_seg + ((data_len + 15) >> 4);
real_base_mem = max(code_seg, data_seg) >> 6; /* Convert to kilobytes */
probe_undi();
return 0;
}
/*
* See if we have gPXE
*/
void gpxe_init(void)
{
int err;
static __lowmem struct s_PXENV_FILE_API_CHECK api_check;
if (APIVer >= 0x201) {
api_check.Size = sizeof api_check;
api_check.Magic = 0x91d447b2;
err = pxe_call(PXENV_FILE_API_CHECK, &api_check);
if (!err && api_check.Magic == 0xe9c17b20)
gpxe_funcs = api_check.APIMask;
}
/* Necessary functions for us to use the gPXE file API */
has_gpxe = (~gpxe_funcs & 0x4b) == 0;
}
/**
* Get a DHCP packet from the PXE stack into a lowmem buffer
*
* @param: type, packet type
* @return: buffer size
*
*/
static int pxe_get_cached_info(int type, void *buf, size_t bufsiz)
{
int err;
static __lowmem struct s_PXENV_GET_CACHED_INFO get_cached_info;
ddprintf(" %02x", type);
memset(&get_cached_info, 0, sizeof get_cached_info);
get_cached_info.PacketType = type;
get_cached_info.BufferSize = bufsiz;
get_cached_info.Buffer = FAR_PTR(buf);
err = pxe_call(PXENV_GET_CACHED_INFO, &get_cached_info);
if (err) {
ddprintf("PXE API call failed, error %04x\n", err);
kaboom();
}
return get_cached_info.BufferSize;
}
/*
* This function unloads the PXE and UNDI stacks and
* unclaims the memory.
*/
__export void unload_pxe(uint16_t flags)
{
/* PXE unload sequences */
/*
* iPXE does:
* UNDI_SHUTDOWN, UNDI_CLEANUP, STOP_UNDI
* Older Syslinux did:
* UDP_CLOSE, UNDI_SHUTDOWN, UNLOAD_STACK, STOP_UNDI/UNDI_CLEANUP
*/
static const uint8_t new_api_unload[] = {
PXENV_UNDI_SHUTDOWN, PXENV_UNLOAD_STACK, PXENV_STOP_UNDI, 0
};
static const uint8_t old_api_unload[] = {
PXENV_UNDI_SHUTDOWN, PXENV_UNLOAD_STACK, PXENV_UNDI_CLEANUP, 0
};
unsigned int api;
const uint8_t *api_ptr;
int err;
size_t int_addr;
static __lowmem union {
struct s_PXENV_UNDI_SHUTDOWN undi_shutdown;
struct s_PXENV_UNLOAD_STACK unload_stack;
struct s_PXENV_STOP_UNDI stop_undi;
struct s_PXENV_UNDI_CLEANUP undi_cleanup;
uint16_t Status; /* All calls have this as the first member */
} unload_call;
dprintf("Called unload_pxe()...\n");
dprintf("FBM before unload = %d\n", bios_fbm());
err = reset_pxe();
dprintf("FBM after reset_pxe = %d, err = %d\n", bios_fbm(), err);
/* If we want to keep PXE around, we still need to reset it */
if (flags || err)
return;
dprintf("APIVer = %04x\n", APIVer);
api_ptr = APIVer >= 0x0200 ? new_api_unload : old_api_unload;
while((api = *api_ptr++)) {
dprintf("PXE call %04x\n", api);
memset(&unload_call, 0, sizeof unload_call);
err = pxe_call(api, &unload_call);
if (err || unload_call.Status != PXENV_STATUS_SUCCESS) {
ddprintf("PXE unload API call %04x failed: 0x%x\n",
api, unload_call.Status);
goto cant_free;
}
}
api = 0xff00;
if (real_base_mem <= bios_fbm()) { /* Sanity check */
dprintf("FBM %d < real_base_mem %d\n", bios_fbm(), real_base_mem);
goto cant_free;
}
api++;
/* Check that PXE actually unhooked the INT 0x1A chain */
int_addr = (size_t)GET_PTR(*(far_ptr_t *)(4 * 0x1a));
int_addr >>= 10;
if (int_addr >= real_base_mem || int_addr < bios_fbm()) {
set_bios_fbm(real_base_mem);
dprintf("FBM after unload_pxe = %d\n", bios_fbm());
return;
}
dprintf("Can't free FBM, real_base_mem = %d, "
"FBM = %d, INT 1A = %08x (%d)\n",
real_base_mem, bios_fbm(),
*(uint32_t *)(4 * 0x1a), int_addr);
cant_free:
ddprintf("Failed to free base memory error %04x-%08x (%d/%dK)\n",
api, *(uint32_t *)(4 * 0x1a), bios_fbm(), real_base_mem);
return;
}
extern const char bdhcp_data[], adhcp_data[];
extern const uint32_t bdhcp_len, adhcp_len;
void net_parse_dhcp(void)
{
int pkt_len;
struct bootp_t *bp;
const size_t dhcp_max_packet = 4096;
bp = lmalloc(dhcp_max_packet);
if (!bp) {
ddprintf("Out of low memory\n");
kaboom();
}
*LocalDomain = 0; /* No LocalDomain received */
/*
* Parse any "before" hardcoded options
*/
dprintf("DHCP: bdhcp_len = %d\n", bdhcp_len);
parse_dhcp_options(bdhcp_data, bdhcp_len, 0);
/*
* Get the DHCP client identifiers (query info 1)
*/
ddprintf("Getting cached packet ");
pkt_len = pxe_get_cached_info(1, bp, dhcp_max_packet);
parse_dhcp(bp, pkt_len);
/*
* We don't use flags from the request packet, so
* this is a good time to initialize DHCPMagic...
* Initialize it to 1 meaning we will accept options found;
* in earlier versions of PXELINUX bit 0 was used to indicate
* we have found option 208 with the appropriate magic number;
* we no longer require that, but MAY want to re-introduce
* it in the future for vendor encapsulated options.
*/
*(char *)&DHCPMagic = 1;
/*
* Get the BOOTP/DHCP packet that brought us file (and an IP
* address). This lives in the DHCPACK packet (query info 2)
*/
pkt_len = pxe_get_cached_info(2, bp, dhcp_max_packet);
parse_dhcp(bp, pkt_len);
/*
* Save away MAC address (assume this is in query info 2. If this
* turns out to be problematic it might be better getting it from
* the query info 1 packet
*/
MAC_len = bp->hardlen > 16 ? 0 : bp->hardlen;
MAC_type = bp->hardware;
memcpy(MAC, bp->macaddr, MAC_len);
/*
* Get the boot file and other info. This lives in the CACHED_REPLY
* packet (query info 3)
*/
pkt_len = pxe_get_cached_info(3, bp, dhcp_max_packet);
parse_dhcp(bp, pkt_len);
ddprintf("\n");
/*
* Parse any "after" hardcoded options
*/
dprintf("DHCP: adhcp_len = %d\n", adhcp_len);
parse_dhcp_options(adhcp_data, adhcp_len, 0);
lfree(bp);
}