Krutskikh Ivan | 3 Mar 08:51 2015
Picon

Multiple disks using sanhook/sanboot

Hi,

I am faced with the subj problem: booting windows with multiple iscsi
disks attached. I know, that the strict answer to my question is : not
possible. But after some googling I found out that guys from ccboot
seemed to overcome this limitation in their proprietary
solution(ex:http://www.ccboot.com/ccboot-multi-os-boot.htm and
others). So what is limiting us from achieving the same result using
opensource ipxe?

Thanks in advance,

Ivan
Randall Wood | 25 Feb 15:58 2015

Rom-O-Matic.eu failing

The Rom-O-Matic.eu buid.fcgi script is failing. This is the output for https://rom-o-matic.eu/build.fcgi?BINARY=ipxe.usb&BINDIR=bin&REVISION=master&DEBUG=&EMBED.00script.ipxe=&

 

Build failed:

 

"make" unexpectedly returned exit value 2 at /var/www/ipxe-buildweb/build.fcgi line 630

 

 

Build log:

Path:

Parameters:

  BINARY = ipxe.usb

  BINDIR = bin

  DEBUG =

  EMBED.00script.ipxe =

  REVISION = master

Binary: ipxe.usb

Binary directory: bin

Revision: master

Canonicalising revision master...

Canonical revision: 3e04f0791e614772f3ffe3663e4c8da71e2bc981

Creating temporary directories...

Temporary git directory: /var/tmp/ipxe-build/ipxe-build-ijpBbf

Temporary working tree: /var/tmp/ipxe-build/ipxe-build-NzwEjr

Cloning git tree from /var/tmp/ipxe/.git...

Finding closest cached binaries for 3e04f0791e614772f3ffe3663e4c8da71e2bc981...

Found cached binaries in ipxe-build/cached/bin/3e04f0791e614772f3ffe3663e4c8da71e2bc981.gz at distance 0

Opening binary tarball /var/cache/ipxe-build/3e04f0791e614772f3ffe3663e4c8da71e2bc981-bin.tar.gz...

Opened binary tarball /var/cache/ipxe-build/3e04f0791e614772f3ffe3663e4c8da71e2bc981-bin.tar.gz...

Checking out revision 3e04f0791e614772f3ffe3663e4c8da71e2bc981...

Identifying timestamp for commit 3e04f0791e614772f3ffe3663e4c8da71e2bc981...

Setting timestamps to Tue Feb 24 17:33:14 2015...

Unpacking binary tarball /var/cache/ipxe-build/3e04f0791e614772f3ffe3663e4c8da71e2bc981-bin.tar.gz...

Checking out revision 3e04f0791e614772f3ffe3663e4c8da71e2bc981...

Building final target bin/ipxe.usb...

make: Entering directory `/var/tmp/ipxe-build/ipxe-build-NzwEjr/src'

  [DEPS] arch/i386/drivers/net/undiisr.S

…truncated output…

  [DEPS] libgcc/__divdi3.c

make: Leaving directory `/var/tmp/ipxe-build/ipxe-build-NzwEjr/src'

make: Entering directory `/var/tmp/ipxe-build/ipxe-build-NzwEjr/src'

  [BUILD] bin/usbdisk.o

…truncated output…

  [BUILD] bin/undiisr.o

  [HOSTCC] util/zbin

  [VERSION] bin/version.ipxe.hd.o

  [OBJCOPY] bin/usbdisk.bin

  [AR] bin/blib.a

ar: creating bin/blib.a

  [LD] bin/ipxe.hd.tmp

arch/i386/scripts/i386.lds:1: undefined symbol `_min_decompress_stack' referenced in expression

make: *** [bin/ipxe.hd.tmp] Error 1

rm bin/version.ipxe.hd.o

make: Leaving directory `/var/tmp/ipxe-build/ipxe-build-NzwEjr/src'

"make" unexpectedly returned exit value 2 at /var/www/ipxe-buildweb/build.fcgi line 630

 

 

Randall Wood
Senior Cyber Engineer II With Honors
Raytheon Cyber Products
703.840.2056 | 703.318.7134
Randall.H.Wood-dn2d4abHGrBWk0Htik3J/w@public.gmane.org

www.Raytheon.com/capabilities/cyber

 

<div>
<div class="WordSection1">
<p class="MsoNormal">The Rom-O-Matic.eu buid.fcgi script is failing. This is the output for https://rom-o-matic.eu/build.fcgi?BINARY=ipxe.usb&amp;BINDIR=bin&amp;REVISION=master&amp;DEBUG=&amp;EMBED.00script.ipxe=&amp;<p></p></p>
<p class="MsoNormal"><p>&nbsp;</p></p>
<p class="MsoNormal"><span>Build failed:<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>"make" unexpectedly returned exit value 2 at /var/www/ipxe-buildweb/build.fcgi line 630<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>Build log:<p></p></span></p>
<p class="MsoNormal"><span>Path:
<p></p></span></p>
<p class="MsoNormal"><span>Parameters:
<p></p></span></p>
<p class="MsoNormal"><span>&nbsp;&nbsp;BINARY = ipxe.usb<p></p></span></p>
<p class="MsoNormal"><span>&nbsp; BINDIR = bin<p></p></span></p>
<p class="MsoNormal"><span>&nbsp; DEBUG =
<p></p></span></p>
<p class="MsoNormal"><span>&nbsp;&nbsp;EMBED.00script.ipxe =
<p></p></span></p>
<p class="MsoNormal"><span>&nbsp;&nbsp;REVISION = master<p></p></span></p>
<p class="MsoNormal"><span>Binary: ipxe.usb<p></p></span></p>
<p class="MsoNormal"><span>Binary directory: bin<p></p></span></p>
<p class="MsoNormal"><span>Revision: master<p></p></span></p>
<p class="MsoNormal"><span>Canonicalising revision master...<p></p></span></p>
<p class="MsoNormal"><span>Canonical revision: 3e04f0791e614772f3ffe3663e4c8da71e2bc981<p></p></span></p>
<p class="MsoNormal"><span>Creating temporary directories...<p></p></span></p>
<p class="MsoNormal"><span>Temporary git directory: /var/tmp/ipxe-build/ipxe-build-ijpBbf<p></p></span></p>
<p class="MsoNormal"><span>Temporary working tree: /var/tmp/ipxe-build/ipxe-build-NzwEjr<p></p></span></p>
<p class="MsoNormal"><span>Cloning git tree from /var/tmp/ipxe/.git...<p></p></span></p>
<p class="MsoNormal"><span>Finding closest cached binaries for 3e04f0791e614772f3ffe3663e4c8da71e2bc981...<p></p></span></p>
<p class="MsoNormal"><span>Found cached binaries in ipxe-build/cached/bin/3e04f0791e614772f3ffe3663e4c8da71e2bc981.gz at distance 0<p></p></span></p>
<p class="MsoNormal"><span>Opening binary tarball /var/cache/ipxe-build/3e04f0791e614772f3ffe3663e4c8da71e2bc981-bin.tar.gz...<p></p></span></p>
<p class="MsoNormal"><span>Opened binary tarball /var/cache/ipxe-build/3e04f0791e614772f3ffe3663e4c8da71e2bc981-bin.tar.gz...<p></p></span></p>
<p class="MsoNormal"><span>Checking out revision 3e04f0791e614772f3ffe3663e4c8da71e2bc981...<p></p></span></p>
<p class="MsoNormal"><span>Identifying timestamp for commit 3e04f0791e614772f3ffe3663e4c8da71e2bc981...<p></p></span></p>
<p class="MsoNormal"><span>Setting timestamps to Tue Feb 24 17:33:14 2015...<p></p></span></p>
<p class="MsoNormal"><span>Unpacking binary tarball /var/cache/ipxe-build/3e04f0791e614772f3ffe3663e4c8da71e2bc981-bin.tar.gz...<p></p></span></p>
<p class="MsoNormal"><span>Checking out revision 3e04f0791e614772f3ffe3663e4c8da71e2bc981...<p></p></span></p>
<p class="MsoNormal"><span>Building final target bin/ipxe.usb...<p></p></span></p>
<p class="MsoNormal"><span>make: Entering directory `/var/tmp/ipxe-build/ipxe-build-NzwEjr/src'<p></p></span></p>
<p class="MsoNormal"><span>&nbsp; [DEPS] arch/i386/drivers/net/undiisr.S<p></p></span></p>
<p class="MsoNormal"><span>&hellip;truncated output&hellip;<p></p></span></p>
<p class="MsoNormal"><span>&nbsp; [DEPS] libgcc/__divdi3.c<p></p></span></p>
<p class="MsoNormal"><span>make: Leaving directory `/var/tmp/ipxe-build/ipxe-build-NzwEjr/src'<p></p></span></p>
<p class="MsoNormal"><span>make: Entering directory `/var/tmp/ipxe-build/ipxe-build-NzwEjr/src'<p></p></span></p>
<p class="MsoNormal"><span>&nbsp; [BUILD] bin/usbdisk.o<p></p></span></p>
<p class="MsoNormal"><span>&hellip;truncated output&hellip;<p></p></span></p>
<p class="MsoNormal"><span>&nbsp; [BUILD] bin/undiisr.o<p></p></span></p>
<p class="MsoNormal"><span>&nbsp; [HOSTCC] util/zbin<p></p></span></p>
<p class="MsoNormal"><span>&nbsp; [VERSION] bin/version.ipxe.hd.o<p></p></span></p>
<p class="MsoNormal"><span>&nbsp; [OBJCOPY] bin/usbdisk.bin<p></p></span></p>
<p class="MsoNormal"><span>&nbsp; [AR] bin/blib.a<p></p></span></p>
<p class="MsoNormal"><span>ar: creating bin/blib.a<p></p></span></p>
<p class="MsoNormal"><span>&nbsp; [LD] bin/ipxe.hd.tmp<p></p></span></p>
<p class="MsoNormal"><span>arch/i386/scripts/i386.lds:1: undefined symbol `_min_decompress_stack' referenced in expression<p></p></span></p>
<p class="MsoNormal"><span>make: *** [bin/ipxe.hd.tmp] Error 1<p></p></span></p>
<p class="MsoNormal"><span>rm bin/version.ipxe.hd.o<p></p></span></p>
<p class="MsoNormal"><span>make: Leaving directory `/var/tmp/ipxe-build/ipxe-build-NzwEjr/src'<p></p></span></p>
<p class="MsoNormal"><span>"make" unexpectedly returned exit value 2 at /var/www/ipxe-buildweb/build.fcgi line 630<p></p></span></p>
<p class="MsoNormal"><p>&nbsp;</p></p>
<p class="MsoNormal"><p>&nbsp;</p></p>
<p class="MsoNormal">Randall Wood<br>
Senior Cyber Engineer II With Honors<br>
Raytheon Cyber Products<br>
703.840.2056 | 703.318.7134<br><a href="mailto:Randall.H.Wood@...">Randall.H.Wood@...</a><p></p></p>
<p class="MsoNormal"><a href="www.Raytheon.com/capabilities/cyber">www.Raytheon.com/capabilities/cyber</a><p></p></p>
<p class="MsoNormal"><p>&nbsp;</p></p>
</div>
</div>
Sven Dreyer | 25 Feb 08:15 2015
Picon

Latest commit fails to build on Debian stable

Hi,

the latest commit 3e04f0791e614772f3ffe3663e4c8da71e2bc981 ([prefix] Use 
.bss16 as temporary stack space for calls to install_block) fails to 
build on Debian Wheezy (current stable version).

I did:
$ git clone git://git.ipxe.org/ipxe.git
$ cd ipxe/src/
$ make

The build process stops with:
   [BUILD] bin/com32_wrapper.o
   [BUILD] bin/undiisr.o
   [AR] bin/blib.a
ar: creating bin/blib.a
   [HOSTCC] util/zbin
   [VERSION] bin/version.ipxe.dsk.o
   [LD] bin/ipxe.dsk.tmp
arch/i386/scripts/i386.lds:1: undefined symbol `_min_decompress_stack' 
referenced in expression
make: *** [bin/ipxe.dsk.tmp] Error 1
rm bin/version.ipxe.dsk.o

Debian Wheezy uses gcc 4.7.2 and binutils 2.22.

If of interest, I can provide SSH access to a Debian box.

Thanks and best regards, Sven
Steven Haber | 24 Feb 19:09 2015

Re: TCP flow control window shrink on discard causes low throughput

No love? We've been sitting with this patch on top of our iPXE source. It's pretty heinous.

On Thu, Dec 4, 2014 at 4:02 PM, Steven Haber <steven-haeK+pnH1mrQT0dZR+AlfA@public.gmane.org> wrote:
Hello!

As the subject states, I'm seeing a situation where the TCP window
shrink logic causes a connection to be throttled indefinitely. I am
downloading a ~600MB ISO image from an internal server using iPXE's
HTTP capabilities. Intermittently I will see the download slow to a
crawl. A packet capture shows the receive side decreasing the TCP
window drastically and permanently, from a reasonable size of ~150k
down to 1k. I can send the capture to you if it'd be useful. The
responsible code lives in src/net/tcp.c:tcp_discard. Below is a patch
that remedies the issue. Obviously this is hack. The correct solution
might involve capping the maximum window size decrease per discard,
and adding complimentary window size increase code to the main rx
path. This way slowdowns wouldn't be as severe and we could recover
from them.

What do you think? Thanks!

Steven Haber
Software Engineer
Qumulo, Inc.





diff --git a/src/net/tcp.c b/src/net/tcp.c
index 987cb63..3c59e46 100644
--- a/src/net/tcp.c
+++ b/src/net/tcp.c
<at> <at> -1331,31 +1331,31 <at> <at> static unsigned int tcp_discard ( void ) {
        struct tcp_rx_queued_header *tcpqhdr;
        uint32_t max_win;
        unsigned int discarded = 0;

        /* Try to drop one queued RX packet from each connection */
        list_for_each_entry ( tcp, &tcp_conns, list ) {
                list_for_each_entry_reverse ( iobuf, &tcp->rx_queue, list ) {

                        /* Limit window to prevent future discards */
                        tcpqhdr = iobuf->data;
                        max_win = ( tcpqhdr->seq - tcp->rcv_ack );
                        if ( max_win < tcp->max_rcv_win ) {
                                DBGC ( tcp, "TCP %p reducing maximum window "
                                       "from %d to %d\n",
                                       tcp, tcp->max_rcv_win, max_win );
-                               tcp->max_rcv_win = max_win;
+                               //tcp->max_rcv_win = max_win;
                        }

                        /* Remove packet from queue */
                        list_del ( &iobuf->list );
                        free_iob ( iobuf );

                        /* Report discard */
                        discarded++;
                        break;
                }
        }

        return discarded;
 }

<div>
<div dir="ltr">No love? We've been sitting with this patch on top of our iPXE source. It's pretty heinous.</div>
<div class="gmail_extra">
<br><div class="gmail_quote">On Thu, Dec 4, 2014 at 4:02 PM, Steven Haber <span dir="ltr">&lt;<a href="mailto:steven@..." target="_blank">steven@...</a>&gt;</span> wrote:<br><blockquote class="gmail_quote">Hello!<br><br>
As the subject states, I'm seeing a situation where the TCP window<br>
shrink logic causes a connection to be throttled indefinitely. I am<br>
downloading a ~600MB ISO image from an internal server using iPXE's<br>
HTTP capabilities. Intermittently I will see the download slow to a<br>
crawl. A packet capture shows the receive side decreasing the TCP<br>
window drastically and permanently, from a reasonable size of ~150k<br>
down to 1k. I can send the capture to you if it'd be useful. The<br>
responsible code lives in src/net/tcp.c:tcp_discard. Below is a patch<br>
that remedies the issue. Obviously this is hack. The correct solution<br>
might involve capping the maximum window size decrease per discard,<br>
and adding complimentary window size increase code to the main rx<br>
path. This way slowdowns wouldn't be as severe and we could recover<br>
from them.<br><br>
What do you think? Thanks!<br><br>
Steven Haber<br>
Software Engineer<br>
Qumulo, Inc.<br><br><br><br><br><br>
diff --git a/src/net/tcp.c b/src/net/tcp.c<br>
index 987cb63..3c59e46 100644<br>
--- a/src/net/tcp.c<br>
+++ b/src/net/tcp.c<br>
 <at>  <at>  -1331,31 +1331,31  <at>  <at>  static unsigned int tcp_discard ( void ) {<br>
&nbsp; &nbsp; &nbsp; &nbsp; struct tcp_rx_queued_header *tcpqhdr;<br>
&nbsp; &nbsp; &nbsp; &nbsp; uint32_t max_win;<br>
&nbsp; &nbsp; &nbsp; &nbsp; unsigned int discarded = 0;<br><br>
&nbsp; &nbsp; &nbsp; &nbsp; /* Try to drop one queued RX packet from each connection */<br>
&nbsp; &nbsp; &nbsp; &nbsp; list_for_each_entry ( tcp, &amp;tcp_conns, list ) {<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; list_for_each_entry_reverse ( iobuf, &amp;tcp-&gt;rx_queue, list ) {<br><br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; /* Limit window to prevent future discards */<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; tcpqhdr = iobuf-&gt;data;<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; max_win = ( tcpqhdr-&gt;seq - tcp-&gt;rcv_ack );<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if ( max_win &lt; tcp-&gt;max_rcv_win ) {<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; DBGC ( tcp, "TCP %p reducing maximum window "<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;"from %d to %d\n",<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;tcp, tcp-&gt;max_rcv_win, max_win );<br>
-&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;tcp-&gt;max_rcv_win = max_win;<br>
+&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;//tcp-&gt;max_rcv_win = max_win;<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }<br><br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; /* Remove packet from queue */<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; list_del ( &amp;iobuf-&gt;list );<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; free_iob ( iobuf );<br><br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; /* Report discard */<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; discarded++;<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; break;<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }<br>
&nbsp; &nbsp; &nbsp; &nbsp; }<br><br>
&nbsp; &nbsp; &nbsp; &nbsp; return discarded;<br>
&nbsp;}<br>
</blockquote>
</div>
<br>
</div>
</div>
Harry Coin | 20 Feb 22:03 2015

Small bug report re: ssl_verify_client optional w/o iPXE client cert


Hello and much appreciation for the iPXE effort.

Kindly notice that when iPXE is built with only a certificate authority 
to trust (no cert + key), and
the iPXE shell does an https://.... request of any kind, and
the SSL enabled server explicitly does not ask for a client certificate then
-- all is well.

But, if the SSL enabled server does ask for a client certificate but 
only in an optional way, e.g. nginx example:

ssl_verify_client optional;

Then iPXE fails trying to find a non-existent cert:
in tls.c

         /* Determine client certificate to be sent */
         tls->cert = certstore_find_key ( &private_key );
         if ( ! tls->cert ) {
                 DBGC ( tls, "TLS %p could not find certificate 
corresponding "
                        "to private key\n", tls );
                 return -EPERM_CLIENT_CERT;

The correct response is not to fail the tls session when asked for an 
optional client cert doesn't exist, only when an required client cert 
doesn't exist.

I tested this, setting the server to explicitly not ask for a client 
cert when one didn't exist allowed normal operations.  Setting it to 
optionally validate the client cert when one didn't exist failed on the 
iPXE end.

Olaf Hering | 12 Feb 14:44 2015
Picon

how to provide a stable _build_id?

In the spirit of 335a7ddcd4e2d0faaee6d5b1edf0307dfba3d0e5 ("[build] Sort
objects in blib.a") to get reproducible binaries from the very same
source on different build hosts, the last missing piece to reach that
goal is this code in src/Makefile.housekeeping:

...
# Command to generate build ID.  Must be unique for each $(BIN)/%.tmp,
# even within the same build run.
#
BUILD_ID_CMD    := perl -e 'printf "0x%08x", int ( rand ( 0xffffffff ) );'
...
--defsym _build_id=`$(BUILD_ID_CMD)`
...

The comment makes it clear: appearently some code out there wants this ever
changing build_id. What code is it, what will break if _build_id gets a fixed
value, and what can be done to give each object an stable but unique id?

I think its up to me to figure out the last part.

Olaf
Jan Kundrát | 11 Feb 19:15 2015
Picon

Unrecognised relocation type R_X86_64_32S in util/elf2efi64

Hi,
I'm on Gentoo Linux, amd64, with GCC 4.7.2. When trying to build 
bin-x86_64-efi/ipxe.efi, I'm getting the following error from 
util/elf2efi64:

  [FINISH] bin-x86_64-efi/ipxe.efi
Unrecognised relocation type R_X86_64_32S
make: *** [bin-x86_64-efi/ipxe.efi] Error 1

The case for R_X86_64_32S is indeed not implemented in process_reloc in 
elf2efi.c.

I don't know anything about relocations, but I suppose that simply adding 
code for this signed variant to call out to generate_pe_reloc is not the 
way to go.

With kind regards,
Jan

--

-- 
Trojitá, a fast Qt IMAP e-mail client -- http://trojita.flaska.net/
_______________________________________________
ipxe-devel mailing list
ipxe-devel <at> lists.ipxe.org
https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
Gerd Hoffmann | 11 Feb 16:52 2015
Picon

[PATCH] [efi] make load file protocol optional

The load file implementation added by commit
c7c3d839fc9120aee28de9aabe452dc85ad91502 doesn't support loading
arbitrary files from the tftp server, so efi applications trying
to do exactly that fail to boot:

  iPXE 1.0.0+ (17ace) -- Open Source Network Boot Firmware -- http://ipxe.org
  Features: HTTP DNS TFTP EFI Menu

  net0: 52:54:00:47:d3:07 using virtio-net on PCI00:09.0 (open)
    [Link:up, TX:0 TXE:0 RX:13 RXE:2]
    [RXE: 2 x "Operation not supported (http://ipxe.org/3c086083)"]
  Configuring (net0 52:54:00:47:d3:07)...... ok
  net0: 192.168.132.93/255.255.255.0 gw 192.168.132.1
  Next server: 192.168.132.1
  Filename: shim.efi
  tftp://192.168.132.1/shim.efi... ok
  Failed to open grubx64.efi - Not Found
  Failed to load image grubx64.efi: Not Found
  Failed to open MokManager.efi - Not Found
  Failed to load image MokManager.efi: Not Found
  Could not boot image: Error 0x7f04828e (http://ipxe.org/7f04828e)

  Boot Failed. EFI Network

This is not acceptable for qemu.  efi pxe configurations which work
just fine with real hardware must work with qemu virtual machines too.

This patch adds a config option for the load file protocol
implementation, to allow it being disabled, so we can turn it off
for the pxe roms shipped with qemu.

The default for the new option maintains current behavior, i.e.
load file is enabled unless you override it in config/local/general.h

Signed-off-by: Gerd Hoffmann <kraxel@...>
---
 src/config/general.h        | 6 ++++++
 src/interface/efi/efi_snp.c | 5 +++++
 2 files changed, 11 insertions(+)

diff --git a/src/config/general.h b/src/config/general.h
index 5392034..e0f9634 100644
--- a/src/config/general.h
+++ b/src/config/general.h
 <at>  <at>  -158,6 +158,12  <at>  <at>  FILE_LICENCE ( GPL2_OR_LATER );
 #undef	NONPNP_HOOK_INT19	/* Hook INT19 on non-PnP BIOSes */

 /*
+ * EFI specific options
+ *
+ */
+#define EFI_PROTO_LOAD_FILE	/* register LOAD_FILE protocol */
+
+/*
  * Error message tables to include
  *
  */
diff --git a/src/interface/efi/efi_snp.c b/src/interface/efi/efi_snp.c
index 4a2bb73..a3c3780 100644
--- a/src/interface/efi/efi_snp.c
+++ b/src/interface/efi/efi_snp.c
 <at>  <at>  -34,6 +34,7  <at>  <at>  FILE_LICENCE ( GPL2_OR_LATER );
 #include <ipxe/efi/efi_utils.h>
 #include <ipxe/efi/efi_snp.h>
 #include <usr/autoboot.h>
+#include <config/general.h>

 /** List of SNP devices */
 static LIST_HEAD ( efi_snp_devices );
 <at>  <at>  -1029,7 +1030,9  <at>  <at>  static int efi_snp_probe ( struct net_device *netdev ) {
 			&efi_nii_protocol_guid, &snpdev->nii,
 			&efi_nii31_protocol_guid, &snpdev->nii,
 			&efi_component_name2_protocol_guid, &snpdev->name2,
+#ifdef EFI_PROTO_LOAD_FILE
 			&efi_load_file_protocol_guid, &snpdev->load_file,
+#endif
 			NULL ) ) != 0 ) {
 		rc = -EEFI ( efirc );
 		DBGC ( snpdev, "SNPDEV %p could not install protocols: "
 <at>  <at>  -1078,7 +1081,9  <at>  <at>  static int efi_snp_probe ( struct net_device *netdev ) {
 			&efi_nii_protocol_guid, &snpdev->nii,
 			&efi_nii31_protocol_guid, &snpdev->nii,
 			&efi_component_name2_protocol_guid, &snpdev->name2,
+#ifdef EFI_PROTO_LOAD_FILE
 			&efi_load_file_protocol_guid, &snpdev->load_file,
+#endif
 			NULL );
  err_install_protocol_interface:
 	free ( snpdev->path );
--

-- 
1.8.3.1

Alex Williamson | 9 Feb 20:52 2015
Picon

[RESEND PATCH] [dhcp] Extract timing parameters out to header and document

iPXE uses DHCP timeouts loosely based on values recommended by the
specification, but often abbreviated to reduce timeouts for reliable
and/or simple network topologies.  Previous attempts to change the
defaults to more spec-compliant values have met resistance and
apathy, therefore this patch simply tries to extract the timing
parameters to a config file and document them.  The resulting default
iPXE behavior is exactly the same, but downstreams are now afforded
the opportunity to implement spec compliant behavior via config file
overrides.

I believe the following overrides defined in config/local/general.h
provide sufficiently spec compliant DHCP timeouts:

/*
 * PXE spec defines timeouts of 4, 8, 16, 32 seconds
 */
#undef DHCP_DISC_START_TIMEOUT_SEC
#define DHCP_DISC_START_TIMEOUT_SEC	4
#undef DHCP_DISC_END_TIMEOUT_SEC
#define DHCP_DISC_END_TIMEOUT_SEC	32

/*
 * Elapsed time used for early break waiting for ProxyDHCP, this therefore
 * needs to be less than the cumulative time for the first 2 timeouts.
 */
#undef DHCP_DISC_PROXY_TIMEOUT_SEC
#define DHCP_DISC_PROXY_TIMEOUT_SEC	11

/*
 * Approximate PXE spec requirement using minimum timeout (0.25s) for
 * timeouts of 0.25, 0.5, 1, 2, 4
 */
#undef DHCP_REQ_START_TIMEOUT_SEC
#define DHCP_REQ_START_TIMEOUT_SEC	0
#undef DHCP_REQ_END_TIMEOUT_SEC
#define DHCP_REQ_END_TIMEOUT_SEC	4

/*
 * Same as normal request phase, except non-fatal, so we extend the timer
 * to 8 and set the early timeout to an elapsed time value that causes a
 * break after the 4 second timeout.
 */
#undef DHCP_PROXY_START_TIMEOUT_SEC
#define DHCP_PROXY_START_TIMEOUT_SEC	0
#undef DHCP_PROXY_END_TIMEOUT_SEC
#define DHCP_PROXY_END_TIMEOUT_SEC	8
#undef DHCP_REQ_PROXY_TIMEOUT_SEC
#define DHCP_REQ_PROXY_TIMEOUT_SEC	7

/*
 * Same as above, retry each server using standard timeouts, extended by
 * one so that we can increment to the next before a timer induced failure.
 */
#undef PXEBS_START_TIMEOUT_SEC
#define PXEBS_START_TIMEOUT_SEC		0
#undef PXEBS_END_TIMEOUT_SEC
#define PXEBS_END_TIMEOUT_SEC		8
#undef PXEBS_MAX_TIMEOUT_SEC
#define PXEBS_MAX_TIMEOUT_SEC		7

Signed-off-by: Alex Williamson <alex.williamson@...>
---

Michael, does this look reasonable or can you suggest a better
mechanism for downstreams to tune DHCP timeouts for customers on
topologies that require something more spec compliant without forking
the code?  I know you don't want to change the default user
experience so allowing build-time tuning via a local config header
seemed like a compromise and I hope the additional documentation helps
make the change worthwhile.  Thanks,

Alex

 src/config/general.h    |   61 +++++++++++++++++++++++++++++++++++++++++++++++
 src/include/ipxe/dhcp.h |   11 +-------
 src/net/udp/dhcp.c      |   31 ++++++++++++++----------
 3 files changed, 80 insertions(+), 23 deletions(-)

diff --git a/src/config/general.h b/src/config/general.h
index 5392034..bead2ac 100644
--- a/src/config/general.h
+++ b/src/config/general.h
 <at>  <at>  -182,6 +182,67  <at>  <at>  FILE_LICENCE ( GPL2_OR_LATER );
 #undef	GDBUDP			/* Remote GDB debugging over UDP
 				 * (both may be set) */

+/*
+ * DHCP and PXE Boot Server timeout parameters
+ *
+ * Initial and final timeout for DHCP discovery
+ *
+ * The PXE spec indicates discover request are sent 4 times, with timeouts
+ * of 4, 8, 16, 32 seconds.  iPXE by default uses 1, 2, 4, 8.
+ */
+#define DHCP_DISC_START_TIMEOUT_SEC	1
+#define DHCP_DISC_END_TIMEOUT_SEC	10
+
+/*
+ * ProxyDHCP offers are given precedence by continue to wait for them after
+ * a valid DHCPOFFER is received.  We'll wait through this timeout for it.
+ * The PXE spec indicates waiting through the 4 & 8 second timeouts, iPXE
+ * by default stops after 2.
+ */
+#define DHCP_DISC_PROXY_TIMEOUT_SEC	2
+
+/*
+ * Per the PXE spec, requests are also tried 4 times, but at timeout intervals
+ * of 1, 2, 3, 4 seconds.  To adapt this to an exponential backoff timer, we
+ * can either do 1, 2, 4, 8, ie. 4 retires with a longer interval or start at
+ * 0 (0.25s) for 0.25, 0.5, 1, 2, 4, ie. one extra try and shorter initial
+ * timeouts.  iPXE by default does a combination of both, starting at 0 and
+ * going through the 8 second timeout.
+ */
+#define DHCP_REQ_START_TIMEOUT_SEC	0
+#define DHCP_REQ_END_TIMEOUT_SEC	10
+
+/*
+ * A ProxyDHCP offer without PXE options also goes through a request phase
+ * using these same parameters, but note the early break below.
+ */
+#define DHCP_PROXY_START_TIMEOUT_SEC	0
+#define DHCP_PROXY_END_TIMEOUT_SEC	10
+
+/*
+ * A ProxyDHCP request timeout should not induce a failure condition, so we
+ * always want to break before the above set of timers expire.  The iPXE
+ * default value of 2 breaks at the first timeout after 2 seconds, which will
+ * be after the 2 second timeout.
+ */
+#define DHCP_REQ_PROXY_TIMEOUT_SEC	2
+
+/*
+ * Per the PXE spec, a PXE boot server request is also be retried 4 times
+ * at timeouts of 1, 2, 3, 4.  iPXE uses the same timeouts as discovery,
+ * 1, 2, 4, 8, but will move on to the next server if available after an
+ * elapsed time greater than 3 seconds, therefore effectively only sending
+ * 3 tries at timeouts of 1, 2, 4.
+ */
+#define PXEBS_START_TIMEOUT_SEC		1
+#define PXEBS_END_TIMEOUT_SEC		10
+
+/*
+ * Increment to the next PXE Boot server, if available, after this this much
+ * time has elapsed.
+ */
+#define PXEBS_MAX_TIMEOUT_SEC		3
+
 #include <config/named.h>
 #include NAMED_CONFIG(general.h)
 #include <config/local/general.h>
diff --git a/src/include/ipxe/dhcp.h b/src/include/ipxe/dhcp.h
index bcfb85c..d1dc5bc 100644
--- a/src/include/ipxe/dhcp.h
+++ b/src/include/ipxe/dhcp.h
 <at>  <at>  -18,6 +18,7  <at>  <at>  FILE_LICENCE ( GPL2_OR_LATER );
 #include <ipxe/uuid.h>
 #include <ipxe/netdevice.h>
 #include <ipxe/uaccess.h>
+#include <config/general.h>

 struct interface;
 struct dhcp_options;
 <at>  <at>  -639,16 +640,6  <at>  <at>  struct dhcphdr {
  */
 #define DHCP_MIN_LEN 552

-/** Timeouts for sending DHCP packets */
-#define DHCP_MIN_TIMEOUT ( 1 * TICKS_PER_SEC )
-#define DHCP_MAX_TIMEOUT ( 10 * TICKS_PER_SEC )
-
-/** Maximum time that we will wait for ProxyDHCP responses */
-#define PROXYDHCP_MAX_TIMEOUT ( 2 * TICKS_PER_SEC )
-
-/** Maximum time that we will wait for Boot Server responses */
-#define PXEBS_MAX_TIMEOUT ( 3 * TICKS_PER_SEC )
-
 /** Settings block name used for DHCP responses */
 #define DHCP_SETTINGS_NAME "dhcp"

diff --git a/src/net/udp/dhcp.c b/src/net/udp/dhcp.c
index 04fad04..3527c44 100644
--- a/src/net/udp/dhcp.c
+++ b/src/net/udp/dhcp.c
 <at>  <at>  -171,8 +171,9  <at>  <at>  struct dhcp_session_state {
 	void ( * expired ) ( struct dhcp_session *dhcp );
 	/** Transmitted message type */
 	uint8_t tx_msgtype;
-	/** Apply minimum timeout */
-	uint8_t apply_min_timeout;
+	/** Timeout parameters */
+	uint8_t min_timeout_sec;
+	uint8_t max_timeout_sec;
 };

 static struct dhcp_session_state dhcp_state_discover;
 <at>  <at>  -272,9 +273,8  <at>  <at>  static void dhcp_set_state ( struct dhcp_session *dhcp,
 	dhcp->state = state;
 	dhcp->start = currticks();
 	stop_timer ( &dhcp->timer );
-	dhcp->timer.min_timeout =
-		( state->apply_min_timeout ? DHCP_MIN_TIMEOUT : 0 );
-	dhcp->timer.max_timeout = DHCP_MAX_TIMEOUT;
+	dhcp->timer.min_timeout = state->min_timeout_sec * TICKS_PER_SEC;
+	dhcp->timer.max_timeout = state->max_timeout_sec * TICKS_PER_SEC;
 	start_timer_nodelay ( &dhcp->timer );
 }

 <at>  <at>  -415,7 +415,7  <at>  <at>  static void dhcp_discovery_rx ( struct dhcp_session *dhcp,
 	/* If we can't yet transition to DHCPREQUEST, do nothing */
 	elapsed = ( currticks() - dhcp->start );
 	if ( ! ( dhcp->no_pxedhcp || dhcp->proxy_offer ||
-		 ( elapsed > PROXYDHCP_MAX_TIMEOUT ) ) )
+		 ( elapsed > DHCP_DISC_PROXY_TIMEOUT_SEC * TICKS_PER_SEC ) ) )
 		return;

 	/* Transition to DHCPREQUEST */
 <at>  <at>  -431,7 +431,8  <at>  <at>  static void dhcp_discovery_expired ( struct dhcp_session *dhcp ) {
 	unsigned long elapsed = ( currticks() - dhcp->start );

 	/* Give up waiting for ProxyDHCP before we reach the failure point */
-	if ( dhcp->offer.s_addr && ( elapsed > PROXYDHCP_MAX_TIMEOUT ) ) {
+	if ( dhcp->offer.s_addr &&
+	     ( elapsed > DHCP_DISC_PROXY_TIMEOUT_SEC * TICKS_PER_SEC ) ) {
 		dhcp_set_state ( dhcp, &dhcp_state_request );
 		return;
 	}
 <at>  <at>  -447,7 +448,8  <at>  <at>  static struct dhcp_session_state dhcp_state_discover = {
 	.rx			= dhcp_discovery_rx,
 	.expired		= dhcp_discovery_expired,
 	.tx_msgtype		= DHCPDISCOVER,
-	.apply_min_timeout	= 1,
+	.min_timeout_sec	= DHCP_DISC_START_TIMEOUT_SEC,
+	.max_timeout_sec	= DHCP_DISC_END_TIMEOUT_SEC,
 };

 /**
 <at>  <at>  -584,7 +586,8  <at>  <at>  static struct dhcp_session_state dhcp_state_request = {
 	.rx			= dhcp_request_rx,
 	.expired		= dhcp_request_expired,
 	.tx_msgtype		= DHCPREQUEST,
-	.apply_min_timeout	= 0,
+	.min_timeout_sec	= DHCP_REQ_START_TIMEOUT_SEC,
+	.max_timeout_sec	= DHCP_REQ_END_TIMEOUT_SEC,
 };

 /**
 <at>  <at>  -669,7 +672,7  <at>  <at>  static void dhcp_proxy_expired ( struct dhcp_session *dhcp ) {
 	unsigned long elapsed = ( currticks() - dhcp->start );

 	/* Give up waiting for ProxyDHCP before we reach the failure point */
-	if ( elapsed > PROXYDHCP_MAX_TIMEOUT ) {
+	if ( elapsed > DHCP_REQ_PROXY_TIMEOUT_SEC * TICKS_PER_SEC ) {
 		dhcp_finished ( dhcp, 0 );
 		return;
 	}
 <at>  <at>  -685,7 +688,8  <at>  <at>  static struct dhcp_session_state dhcp_state_proxy = {
 	.rx			= dhcp_proxy_rx,
 	.expired		= dhcp_proxy_expired,
 	.tx_msgtype		= DHCPREQUEST,
-	.apply_min_timeout	= 0,
+	.min_timeout_sec	= DHCP_PROXY_START_TIMEOUT_SEC,
+	.max_timeout_sec	= DHCP_PROXY_END_TIMEOUT_SEC,
 };

 /**
 <at>  <at>  -810,7 +814,7  <at>  <at>  static void dhcp_pxebs_expired ( struct dhcp_session *dhcp ) {
 	/* Give up waiting before we reach the failure point, and fail
 	 * over to the next server in the attempt list
 	 */
-	if ( elapsed > PXEBS_MAX_TIMEOUT ) {
+	if ( elapsed > PXEBS_MAX_TIMEOUT_SEC * TICKS_PER_SEC ) {
 		dhcp->pxe_attempt++;
 		if ( dhcp->pxe_attempt->s_addr ) {
 			dhcp_set_state ( dhcp, &dhcp_state_pxebs );
 <at>  <at>  -832,7 +836,8  <at>  <at>  static struct dhcp_session_state dhcp_state_pxebs = {
 	.rx			= dhcp_pxebs_rx,
 	.expired		= dhcp_pxebs_expired,
 	.tx_msgtype		= DHCPREQUEST,
-	.apply_min_timeout	= 1,
+	.min_timeout_sec	= PXEBS_START_TIMEOUT_SEC,
+	.max_timeout_sec	= PXEBS_END_TIMEOUT_SEC,
 };

 /****************************************************************************

Alexandre Blanchette | 8 Feb 17:05 2015
Picon

wimboot: regression between 2.1.0 and 2.2.0

I'm planning to jump into the UEFI bandwagon soon and I'm updating my wimboot setup from 1.0.3 to the latest version (currently 2.4.1). I tried to simply drop the new wimboot binary in place of the old one but all I got was a black screen. Adding the 'gui' parameter revealed a BSOD (SYSTEM_THREAD_EXCEPTION_NOT_HANDLED). I downgraded versions until it worked again and that was at version 2.1.0. So between 2.1.0 and 2.2.0 something broke.

My setup is currently pxelinux.0 (for the menu system) => ipxe (http requests with variables) => wimboot => WinPE 5.0 (SCCM). Test platform is VMWare Workstation 10.0.5

The boot script:
#!ipxe
set wimboot-path http://some-server/wimboot
kernel ${wimboot-path}/wimboot
initrd ${wimboot-path}/bootmgr50.exe      bootmgr.exe
initrd ${wimboot-path}/bcd                BCD
initrd ${wimboot-path}/boot.sdi           boot.sdi
initrd ${wimboot-path}/wgl4_boot.ttf      wgl4_boot.ttf
initrd ${wimboot-path}/segmono_boot.ttf   segmono_boot.ttf
initrd ${wimboot-path}/segoe_slboot.ttf   segoe_slboot.ttf
initrd ${wimboot-path}/SCCM-EP3-WinPE50-x64.wim    boot.wim
boot
<div><div dir="ltr">I'm planning to jump into the UEFI bandwagon soon and I'm updating my wimboot setup from 1.0.3 to the latest version (currently 2.4.1). I tried to simply drop the new wimboot binary in place of the old one but all I got was a black screen. Adding the 'gui' parameter revealed a BSOD (SYSTEM_THREAD_EXCEPTION_NOT_HANDLED). I downgraded versions until it worked again and that was at version 2.1.0. So between 2.1.0 and 2.2.0 something broke.<br clear="all"><br><div>My setup is currently pxelinux.0 (for the menu system) =&gt; ipxe (http requests with variables) =&gt; wimboot =&gt; WinPE 5.0 (SCCM). Test platform is VMWare Workstation 10.0.5<br><br>
</div>
<div>The boot script:<br>#!ipxe<br>set wimboot-path <a href="http://some-server/wimboot">http://some-server/wimboot</a><br>kernel ${wimboot-path}/wimboot<br>initrd ${wimboot-path}/bootmgr50.exe&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bootmgr.exe<br>initrd ${wimboot-path}/bcd&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; BCD<br>initrd ${wimboot-path}/boot.sdi&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; boot.sdi<br>initrd ${wimboot-path}/wgl4_boot.ttf&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; wgl4_boot.ttf<br>initrd ${wimboot-path}/segmono_boot.ttf&nbsp;&nbsp; segmono_boot.ttf<br>initrd ${wimboot-path}/segoe_slboot.ttf&nbsp;&nbsp; segoe_slboot.ttf<br>initrd ${wimboot-path}/SCCM-EP3-WinPE50-x64.wim&nbsp;&nbsp;&nbsp; boot.wim<br>boot<br>
</div>
<div>
<br>-- <br><div class="gmail_signature">Alexandre Blanchette &lt;<a href="mailto:blanalex@...">blanalex@...</a>&gt;</div>
</div>
</div></div>
David Krovich | 7 Feb 09:59 2015
Picon

netinstall nbi image of ipxe

Hi list,

I'm trying to use a mac laptop as a client to boot ipxe via a mac 
netinstall server nbi image.

My setup is Yosemite Server on the Mac server.

I'm using dnsmasq to provide tftp and dhcp options for pxe filename and 
host.

I grabbed the netinstall nbi from here:

http://www.fink.org/netboot/netbooting.html

On my mac laptop client, it boots and I "n", it boots off the netinstall 
image and the ipxe screen comes up fine.  The problem is when it tries 
to download the pxelinux.0 file via tftp I get a permission denied error 
message.  It points me to http://ipxe.org/0212608f.

I've tested my pxe installation by using virtualbox running on a 
different machine and it gets on the network and downloads the pxelinux 
file without issue.

For another test I disabled dnsmasq, and setup isc dhcp and tftp server 
on another machine.  I get the same result, but a slightly different 
error message.  http://ipxe.org/2d03e18e

Again I tested this second setup with virtualbox and it worked fine as well.

Any ideas on the next thing I can attempt to do to debug this issue?

-Dave

Gmane