diff options
| author | Michael Brown | 2023-03-06 17:28:48 +0100 |
|---|---|---|
| committer | Michael Brown | 2023-03-07 13:22:19 +0100 |
| commit | 9e1f7a3659071004f4b8c76f2593da6287f0d575 (patch) | |
| tree | bb1b966db2a1da2a3832250c574f7cf3e8a61a89 /src/core/image.c | |
| parent | [image] Consistently use for_each_image() to iterate over images (diff) | |
| download | ipxe-9e1f7a3659071004f4b8c76f2593da6287f0d575.tar.gz ipxe-9e1f7a3659071004f4b8c76f2593da6287f0d575.tar.xz ipxe-9e1f7a3659071004f4b8c76f2593da6287f0d575.zip | |
[image] Always unregister currently executing image
We unregister script images during their execution, to prevent a
"boot" command from re-executing the containing script. This also has
the side effect of preventing executing scripts from showing up within
the Linux magic initrd image (or the Multiboot module list).
Additional logic in bzimage.c and efi_file.c prevents a currently
executing kernel from showing up within the magic initrd image.
Similar logic in multiboot.c prevents the Multiboot kernel from
showing up as a Multiboot module.
This still leaves some corner cases that are not covered correctly.
For example: when using a gzip-compressed kernel image, nothing will
currently hide the original compressed image from the magic initrd.
Fix by moving the logic that temporarily unregisters the current image
from script_exec() to image_exec(), so that it applies to all image
types, and simplify the magic initrd and Multiboot module list
construction logic on the basis that no further filtering of the
registered image list is necessary.
This change has the side effect of hiding currently executing EFI
images from the virtual filesystem exposed by iPXE. For example, when
using iPXE to boot wimboot, the wimboot binary itself will no longer
be visible within the virtual filesystem.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/core/image.c')
| -rw-r--r-- | src/core/image.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/core/image.c b/src/core/image.c index 5a9aebc7..b280eb4d 100644 --- a/src/core/image.c +++ b/src/core/image.c @@ -349,9 +349,8 @@ int image_exec ( struct image *image ) { /* Preserve record of any currently-running image */ saved_current_image = current_image; - /* Take out a temporary reference to the image. This allows - * the image to unregister itself if necessary, without - * automatically freeing itself. + /* Take out a temporary reference to the image, so that it + * does not get freed when temporarily unregistered. */ current_image = image_get ( image ); @@ -371,6 +370,9 @@ int image_exec ( struct image *image ) { /* Record boot attempt */ syslog ( LOG_NOTICE, "Executing \"%s\"\n", image->name ); + /* Temporarily unregister the image during its execution */ + unregister_image ( image ); + /* Try executing the image */ if ( ( rc = image->type->exec ( image ) ) != 0 ) { DBGC ( image, "IMAGE %s could not execute: %s\n", @@ -387,6 +389,10 @@ int image_exec ( struct image *image ) { image->name, strerror ( rc ) ); } + /* Re-register image (unless due to be replaced) */ + if ( ! image->replacement ) + register_image ( image ); + /* Pick up replacement image before we drop the original * image's temporary reference. The replacement image must * already be registered, so we don't need to hold a temporary |