xref: /src/usr.sbin/installboot/arch/i386.c

/* $NetBSD: i386.c,v 1.23 2007/01/06 10:21:24 dsl Exp $ */

/*-
 * Copyright (c) 2003 The NetBSD Foundation, Inc.
 * All rights reserved.
 *
 * This code is derived from software contributed to The NetBSD Foundation
 * by David Laight.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *        This product includes software developed by the NetBSD
 *        Foundation, Inc. and its contributors.
 * 4. Neither the name of The NetBSD Foundation nor the names of its
 *    contributors may be used to endorse or promote products derived
 *    from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#if HAVE_NBTOOL_CONFIG_H
#include "nbtool_config.h"
#endif

#include <sys/cdefs.h>
#if !defined(__lint)
__RCSID("$NetBSD: i386.c,v 1.23 2007/01/06 10:21:24 dsl Exp $");
#endif /* !__lint */

#include <sys/param.h>
#ifndef HAVE_NBTOOL_CONFIG_H
#include <sys/ioctl.h>
#include <sys/dkio.h>
#endif

#include <assert.h>
#include <errno.h>
#include <err.h>
#include <md5.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

#include "installboot.h"

#define nelem(x) (sizeof (x)/sizeof *(x))

static const char *const console_names[] = {
	"pc", "com0", "com1", "com2", "com3",
	"com0kbd", "com1kbd", "com2kbd", "com3kbd",
	NULL };

static int i386_setboot(ib_params *);
static int i386_editboot(ib_params *);

struct ib_mach ib_mach_i386 =
	{ "i386", i386_setboot, no_clearboot, i386_editboot,
		IB_RESETVIDEO | IB_CONSOLE | IB_CONSPEED | IB_CONSADDR |
		IB_KEYMAP | IB_PASSWORD | IB_TIMEOUT };

struct ib_mach ib_mach_amd64 =
	{ "amd64", i386_setboot, no_clearboot, i386_editboot,
		IB_RESETVIDEO | IB_CONSOLE | IB_CONSPEED | IB_CONSADDR |
		IB_KEYMAP | IB_PASSWORD | IB_TIMEOUT };

/*
 * Attempting to write the 'labelsector' (or a sector near it - within 8k?)
 * using the non-raw disk device fails silently.  This can be detected (today)
 * by doing a fsync() and a read back.
 * This is very likely to affect installboot, indeed the code may need to
 * be written into the 'labelsector' itself - especially on non-512 byte media.
 * We do all writes with a read verify.
 * If EROFS is returned we also try to enable writes to the label sector.
 * (Maybe these functions should be in the generic part of installboot.)
 */
static int
pwrite_validate(int fd, const void *buf, size_t n_bytes, off_t offset)
{
	void *r_buf;
	ssize_t rv;

	r_buf = malloc(n_bytes);
	if (r_buf == NULL)
		return -1;
	rv = pwrite(fd, buf, n_bytes, offset);
	if (rv == -1) {
		free(r_buf);
		return -1;
	}
	fsync(fd);
	if (pread(fd, r_buf, rv, offset) == rv && memcmp(r_buf, buf, rv) == 0)
		return rv;
	errno = EROFS;
	return -1;
}

static int
write_boot_area(ib_params *params, void *v_buf, int len)
{
	int rv, i;
	uint8_t *buf = v_buf;

	/*
	 * Writing the 'label' sector (likely to be bytes 512-1023) could
	 * fail, so we try to avoid writing that area.
	 * Unfortunately, if we are accessing the raw disk, and the sector
	 * size is larger than 512 bytes that is also doomed.
	 * See how we get on....
	 *
	 * NB: Even if the physical sector size is not 512, the space for
	 * the label is 512 bytes from the start of the disk.
	 * So all the '512' constants in these functions are correct.
	 */

	/* Write out first 512 bytes - the pbr code */
	rv = pwrite_validate(params->fsfd, buf, 512, 0);
	if (rv == 512) {
		/* That worked, do the rest */
		if (len == 512)
			return 1;
		len -= 512 * 2;
		rv = pwrite_validate(params->fsfd, buf + 512 * 2, len, 512 * 2);
		if (rv != len)
			goto bad_write;
		return 1;
	}
	if (rv != -1 || (errno != EINVAL && errno != EROFS))
		goto bad_write;

	if (errno == EINVAL) {
		/* Assume the failure was due to to the sector size > 512 */
		rv = pwrite_validate(params->fsfd, buf, len, 0);
		if (rv == len)
			return 1;
		if (rv != -1 || (errno != EROFS))
			goto bad_write;
	}

#ifdef DIOCWLABEL
	/* Pesky label is protected, try to unprotect it */
	i = 1;
	rv = ioctl(params->fsfd, DIOCWLABEL, &i);
	if (rv != 0) {
		warn("Cannot enable writes to the label sector");
		return 0;
	}
	/* Try again with label write-enabled */
	rv = pwrite_validate(params->fsfd, buf, len, 0);

	/* Reset write-protext */
	i = 0;
	ioctl(params->fsfd, DIOCWLABEL, &i);
	if (rv == len)
		return 1;
#endif

  bad_write:
	if (rv == -1)
		warn("Writing `%s'", params->filesystem);
	else
		warnx("Writing `%s': short write, %u bytes",
			params->filesystem, rv);
	return 0;
}

static void
show_i386_boot_params(struct x86_boot_params  *bpp)
{
	uint32_t i;

	printf("Boot options:        ");
	printf("timeout %d, ", le32toh(bpp->bp_timeout));
	printf("flags %x, ", le32toh(bpp->bp_flags));
	printf("speed %d, ", le32toh(bpp->bp_conspeed));
	printf("ioaddr %x, ", le32toh(bpp->bp_consaddr));
	i = le32toh(bpp->bp_consdev);
	if (i < nelem(console_names) - 1)
		printf("console %s\n", console_names[i]);
	else
		printf("console %d\n", i);
	if (bpp->bp_keymap[0])
		printf("                     keymap %s\n", bpp->bp_keymap);
}

static int
is_zero(const uint8_t *p, unsigned int len)
{
	return len == 0 || (p[0] == 0 && memcmp(p, p + 1, len - 1) == 0);
}

static int
update_i386_boot_params(ib_params *params, struct x86_boot_params  *bpp)
{
	struct x86_boot_params bp;
	int bplen;
	int i;

	bplen = le32toh(bpp->bp_length);
	if (bplen > sizeof bp)
		/* Ignore pad space in bootxx */
		bplen = sizeof bp;

	/* Take (and update) local copy so we handle size mismatches */
	memset(&bp, 0, sizeof bp);
	memcpy(&bp, bpp, bplen);

	if (params->flags & IB_TIMEOUT)
		bp.bp_timeout = htole32(params->timeout);
	if (params->flags & IB_RESETVIDEO)
		bp.bp_flags ^= htole32(X86_BP_FLAGS_RESET_VIDEO);
	if (params->flags & IB_CONSPEED)
		bp.bp_conspeed = htole32(params->conspeed);
	if (params->flags & IB_CONSADDR)
		bp.bp_consaddr = htole32(params->consaddr);
	if (params->flags & IB_CONSOLE) {
		for (i = 0; ; i++) {
			if (console_names[i] == NULL) {
				warnx("invalid console name, valid names are:");
				fprintf(stderr, "\t%s", console_names[0]);
				for (i = 1; console_names[i] != NULL; i++)
					fprintf(stderr, ", %s", console_names[i]);
				fprintf(stderr, "\n");
				return 1;
			}
			if (strcmp(console_names[i], params->console) == 0)
				break;
		}
		bp.bp_consdev = htole32(i);
	}
	if (params->flags & IB_PASSWORD) {
		if (params->password[0]) {
			MD5_CTX md5ctx;
			MD5Init(&md5ctx);
			MD5Update(&md5ctx, params->password,
			    strlen(params->password));
			MD5Final(bp.bp_password, &md5ctx);
			bp.bp_flags |= htole32(X86_BP_FLAGS_PASSWORD);
		} else {
			memset(&bp.bp_password, 0, sizeof bp.bp_password);
			bp.bp_flags &= ~htole32(X86_BP_FLAGS_PASSWORD);
		}
	}
	if (params->flags & IB_KEYMAP)
		strlcpy(bp.bp_keymap, params->keymap, sizeof bp.bp_keymap);

	if (params->flags & (IB_NOWRITE | IB_VERBOSE))
		show_i386_boot_params(&bp);

	/* Check we aren't trying to set anything we can't save */
	if (!is_zero((char *)&bp + bplen, sizeof bp - bplen)) {
		warnx("Patch area in stage1 bootstrap is too small");
		return 1;
	}
	memcpy(bpp, &bp, bplen);
	return 0;
}

static int
i386_setboot(ib_params *params)
{
	unsigned int	u;
	ssize_t		rv;
	uint32_t	*magic, expected_magic;
	union {
	    struct mbr_sector	mbr;
	    uint8_t		b[8192];
	} disk_buf, bootstrap;

	assert(params != NULL);
	assert(params->fsfd != -1);
	assert(params->filesystem != NULL);
	assert(params->s1fd != -1);
	assert(params->stage1 != NULL);

	/*
	 * There is only 8k of space in a UFSv1 partition (and ustarfs)
	 * so ensure we don't splat over anything important.
	 */
	if (params->s1stat.st_size > sizeof bootstrap) {
		warnx("stage1 bootstrap `%s' (%u bytes) is larger than 8192 bytes",
			params->stage1, (unsigned int)params->s1stat.st_size);
		return 0;
	}
	if (params->s1stat.st_size < 3 * 512 && params->s1stat.st_size != 512) {
		warnx("stage1 bootstrap `%s' (%u bytes) is too small",
			params->stage1, (unsigned int)params->s1stat.st_size);
		return 0;
	}

	/* Read in the existing disk header and boot code */
	rv = pread(params->fsfd, &disk_buf, sizeof (disk_buf), 0);
	if (rv != sizeof (disk_buf)) {
		if (rv == -1)
			warn("Reading `%s'", params->filesystem);
		else
			warnx("Reading `%s': short read, %d bytes",
				    params->filesystem, rv);
		return 0;
	}

	if (disk_buf.mbr.mbr_magic != le16toh(MBR_MAGIC)) {
		if (params->flags & IB_VERBOSE) {
			printf(
		    "Ignoring PBR with invalid magic in sector 0 of `%s'\n",
			    params->filesystem);
		}
		memset(&disk_buf, 0, 512);
	}

	/* Read the new bootstrap code. */
	rv = pread(params->s1fd, &bootstrap, params->s1stat.st_size, 0);
	if (rv != params->s1stat.st_size) {
		if (rv == -1)
			warn("Reading `%s'", params->stage1);
		else
			warnx("Reading `%s': short read, %d bytes",
				params->stage1, rv);
		return 0;
	}

	/*
	 * The bootstrap code is either 512 bytes for booting FAT16, or best
	 * part of 8k (with bytes 512-1023 all zeros).
	 */
	if (params->s1stat.st_size == 512) {
		/* Magic number is at end of pbr code */
		magic = (void *)(bootstrap.b + 512 - 16 + 4);
		expected_magic = htole32(X86_BOOT_MAGIC_FAT);
	} else {
		/* Magic number is at start of sector following label */
		magic = (void *)(bootstrap.b + 512 * 2 + 4);
		expected_magic = htole32(X86_BOOT_MAGIC_1);
		/*
		 * For a variety of reasons we restrict our 'normal' partition
		 * boot code to a size which enable it to be used as mbr code.
		 * IMHO this is bugus (dsl).
		 */
		if (!is_zero(bootstrap.b + 512-2-64, 64)) {
			warnx("Data in mbr partition table of new bootstrap");
			return 0;
		}
		if (!is_zero(bootstrap.b + 512, 512)) {
			warnx("Data in label part of new bootstrap");
			return 0;
		}
		/* Copy mbr table and label from existing disk buffer */
		memcpy(bootstrap.b + 512-2-64, disk_buf.b + 512-2-64, 64);
		memcpy(bootstrap.b + 512, disk_buf.b + 512, 512);
	}

	/* Validate the 'magic number' that marks the parameter block */
	if (*magic != expected_magic) {
		warnx("Invalid magic in stage1 bootstrap %x != %x",
				*magic, expected_magic);
		return 0;
	}

	/*
	 * For FAT compatibility, the pbr code starts 'jmp xx; nop' followed
	 * by the BIOS Parameter Block (BPB).
	 * The 2nd byte (jump offset) is the size of the nop + BPB.
	 */
	if (bootstrap.b[0] != 0xeb || bootstrap.b[2] != 0x90) {
		warnx("No BPB in new bootstrap %02x:%02x:%02x",
			bootstrap.b[0], bootstrap.b[1], bootstrap.b[2]);
		return 0;
	}

	/* Find size of old BPB, and copy into new bootcode */
	if (!is_zero(disk_buf.b + 3 + 8, disk_buf.b[1] - 1 - 8)) {
		struct mbr_bpbFAT16 *bpb = (void *)(disk_buf.b + 3 + 8);
		/* Check enough space before first FAT for the bootcode */
		u = le16toh(bpb->bpbBytesPerSec) * le16toh(bpb->bpbResSectors);
		if (u != 0 && u < params->s1stat.st_size) {
			warnx("Insufficient reserved space (%u bytes)", u);
			return 0;
		}
		/* Check we have enough space for the old bpb */
		if (disk_buf.b[1] > bootstrap.b[1]) {
			/* old BPB is larger, allow if extra zeros */
			if (!is_zero(disk_buf.b + 2 + bootstrap.b[1],
			    disk_buf.b[1] - bootstrap.b[1])) {
				warnx("Old BPB too big");
				    return 0;
			}
			u = bootstrap.b[1];
		} else {
			/* Old BPB is shorter, leave zero filled */
			u = disk_buf.b[1];
		}
		memcpy(bootstrap.b + 2, disk_buf.b + 2, u);
	}

	/*
	 * Fill in any user-specified options into the
	 *      struct x86_boot_params
	 * that follows the magic number.
	 * See sys/arch/i386/stand/bootxx/bootxx.S for more information.
	 */
	if (update_i386_boot_params(params, (void *)(magic + 1)))
		return 0;

	if (params->flags & IB_NOWRITE) {
		return 1;
	}

	/* Copy new bootstrap data into disk buffer, ignoring label area */
	memcpy(&disk_buf, &bootstrap, 512);
	if (params->s1stat.st_size > 512 * 2) {
		memcpy(disk_buf.b + 2 * 512, bootstrap.b + 2 * 512,
		    params->s1stat.st_size - 2 * 512);
		/* Zero pad to 512 byte sector boundary */
		memset(disk_buf.b + params->s1stat.st_size, 0,
			(8192 - params->s1stat.st_size) & 511);
	}

	return write_boot_area(params, &disk_buf, sizeof disk_buf);
}

static int
i386_editboot(ib_params *params)
{
	int		retval;
	uint8_t		buf[512];
	ssize_t		rv;
	uint32_t	magic;
	uint32_t	offset;
	struct x86_boot_params	*bpp;

	assert(params != NULL);
	assert(params->fsfd != -1);
	assert(params->filesystem != NULL);

	retval = 0;

	/*
	 * Read in the existing bootstrap.
	 * Look in any of the first 4 sectors.
	 */

	bpp = NULL;
	for (offset = 0; offset < 4 * 512; offset += 512) {
		rv = pread(params->fsfd, &buf, sizeof buf, offset);
		if (rv == -1) {
			warn("Reading `%s'", params->filesystem);
			goto done;
		} else if (rv != sizeof buf) {
			warnx("Reading `%s': short read", params->filesystem);
			goto done;
		}

		/* Magic number is 4 bytes in (to allow for a jmps) */
		/* Also allow any of the magic numbers. */
		magic = le32toh(*(uint32_t *)(buf + 4)) | 0xf;
		if (magic != (X86_BOOT_MAGIC_1 | 0xf))
			continue;

		/* The parameters are just after the magic number */
		bpp = (void *)(buf + 8);
		break;
	}
	if (bpp == NULL) {
		warnx("Invalid magic in existing bootstrap");
		goto done;
	}

	/*
	 * Fill in any user-specified options into the
	 *      struct x86_boot_params
	 * that's 8 bytes in from the start of the third sector.
	 * See sys/arch/i386/stand/bootxx/bootxx.S for more information.
	 */
	if (update_i386_boot_params(params, bpp))
		goto done;

	if (params->flags & IB_NOWRITE) {
		retval = 1;
		goto done;
	}

	/*
	 * Write boot code back
	 */
	rv = pwrite(params->fsfd, buf, sizeof buf, offset);
	if (rv == -1) {
		warn("Writing `%s'", params->filesystem);
		goto done;
	} else if (rv != sizeof buf) {
		warnx("Writing `%s': short write", params->filesystem);
		goto done;
	}

	retval = 1;

 done:
	return retval;
}