[edk2-devel] [patch v3 3/5] MdeModulePkg/UefiBootManager: Unload image on EFI_SECURITY_VIOLATION
Gao, Zhichao
zhichao.gao at intel.com
Tue Sep 24 13:42:14 UTC 2019
Nice catch. Moving the check into the if conditional section would avoid the additional check when the status is EFI_SUCCESS.
Reviewed-by: Zhichao Gao <zhichao.gao at intel.com>
Thanks,
Zhichao
> -----Original Message-----
> From: devel at edk2.groups.io [mailto:devel at edk2.groups.io] On Behalf Of
> Philippe Mathieu-Daudé
> Sent: Tuesday, September 24, 2019 9:22 PM
> To: devel at edk2.groups.io; Bi, Dandan <dandan.bi at intel.com>
> Cc: Wang, Jian J <jian.j.wang at intel.com>; Wu, Hao A <hao.a.wu at intel.com>;
> Ni, Ray <ray.ni at intel.com>; Gao, Zhichao <zhichao.gao at intel.com>; Gao,
> Liming <liming.gao at intel.com>; Laszlo Ersek <lersek at redhat.com>
> Subject: Re: [edk2-devel] [patch v3 3/5] MdeModulePkg/UefiBootManager:
> Unload image on EFI_SECURITY_VIOLATION
>
> On 9/24/19 3:16 PM, Dandan Bi wrote:
> > For the LoadImage() boot service, with EFI_SECURITY_VIOLATION retval,
> > the Image was loaded and an ImageHandle was created with a valid
> > EFI_LOADED_IMAGE_PROTOCOL, but the image can not be started right
> now.
> > This follows UEFI Spec.
> >
> > But if the caller of LoadImage() doesn't have the option to defer the
> > execution of an image, we can not treat EFI_SECURITY_VIOLATION like
> > any other LoadImage() error, we should unload image for the
> > EFI_SECURITY_VIOLATION to avoid resource leak.
> >
> > This patch is to do error handling for EFI_SECURITY_VIOLATION
> > explicitly for the callers in UefiBootManagerLib which don't have the
> > policy to defer the execution of the image.
> >
> > Cc: Jian J Wang <jian.j.wang at intel.com>
> > Cc: Hao A Wu <hao.a.wu at intel.com>
> > Cc: Ray Ni <ray.ni at intel.com>
> > Cc: Zhichao Gao <zhichao.gao at intel.com>
> > Cc: Liming Gao <liming.gao at intel.com>
> > Cc: Laszlo Ersek <lersek at redhat.com>
> > Cc: Philippe Mathieu-Daude <philmd at redhat.com>
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1992
> > Signed-off-by: Dandan Bi <dandan.bi at intel.com>
> > ---
> > V3: Enahnce the error handling logic in BmLoadOption.c and BmMisc.c.
> > MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c | 9 +++++++++
> > .../Library/UefiBootManagerLib/BmLoadOption.c | 14 ++++++++++++--
> > MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c | 14
> ++++++++++++--
> > 3 files changed, 33 insertions(+), 4 deletions(-)
> >
> > diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
> > b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
> > index 952033fc82..760d7647b8 100644
> > --- a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
> > +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
> > @@ -1859,10 +1859,19 @@ EfiBootManagerBoot (
> > if (FilePath != NULL) {
> > FreePool (FilePath);
> > }
> >
> > if (EFI_ERROR (Status)) {
> > + //
> > + // With EFI_SECURITY_VIOLATION retval, the Image was loaded and an
> ImageHandle was created
> > + // with a valid EFI_LOADED_IMAGE_PROTOCOL, but the image can not
> be started right now.
> > + // If the caller doesn't have the option to defer the execution of an
> image, we should
> > + // unload image for the EFI_SECURITY_VIOLATION to avoid resource
> leak.
> > + //
> > + if (Status == EFI_SECURITY_VIOLATION) {
> > + gBS->UnloadImage (ImageHandle);
> > + }
> > //
> > // Report Status Code with the failure status to indicate that the failure
> to load boot option
> > //
> > BmReportLoadFailure
> (EFI_SW_DXE_BS_EC_BOOT_OPTION_LOAD_ERROR, Status);
> > BootOption->Status = Status;
> > diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c
> > b/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c
> > index 07592f8ebd..89372b3b97 100644
> > --- a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c
> > +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c
> > @@ -1,9 +1,9 @@
> > /** @file
> > Load option library functions which relate with creating and processing
> load options.
> >
> > -Copyright (c) 2011 - 2018, Intel Corporation. All rights
> > reserved.<BR>
> > +Copyright (c) 2011 - 2019, Intel Corporation. All rights
> > +reserved.<BR>
> > (C) Copyright 2015-2018 Hewlett Packard Enterprise Development LP<BR>
> > SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > **/
> >
> > @@ -1409,11 +1409,21 @@ EfiBootManagerProcessLoadOption (
> > FileSize,
> > &ImageHandle
> > );
> > FreePool (FileBuffer);
> >
> > - if (!EFI_ERROR (Status)) {
> > + if (EFI_ERROR (Status)) {
> > + //
> > + // With EFI_SECURITY_VIOLATION retval, the Image was loaded and an
> ImageHandle was created
> > + // with a valid EFI_LOADED_IMAGE_PROTOCOL, but the image can not
> be started right now.
> > + // If the caller doesn't have the option to defer the execution of an
> image, we should
> > + // unload image for the EFI_SECURITY_VIOLATION to avoid resource
> leak.
> > + //
> > + if (Status == EFI_SECURITY_VIOLATION) {
> > + gBS->UnloadImage (ImageHandle);
> > + }
> > + } else {
>
> Thanks for changing this Dandan!
>
> > Status = gBS->HandleProtocol (ImageHandle,
> &gEfiLoadedImageProtocolGuid, (VOID **)&ImageInfo);
> > ASSERT_EFI_ERROR (Status);
> >
> > ImageInfo->LoadOptionsSize = LoadOption->OptionalDataSize;
> > ImageInfo->LoadOptions = LoadOption->OptionalData; diff --git
> > a/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c
> > b/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c
> > index 6b8fb4d924..89595747af 100644
> > --- a/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c
> > +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c
> > @@ -1,9 +1,9 @@
> > /** @file
> > Misc library functions.
> >
> > -Copyright (c) 2011 - 2018, Intel Corporation. All rights
> > reserved.<BR>
> > +Copyright (c) 2011 - 2019, Intel Corporation. All rights
> > +reserved.<BR>
> > (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> > SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > **/
> >
> > @@ -491,11 +491,21 @@ EfiBootManagerDispatchDeferredImages (
> > ImageDevicePath,
> > NULL,
> > 0,
> > &ImageHandle
> > );
> > - if (!EFI_ERROR (Status)) {
> > + if (EFI_ERROR (Status)) {
> > + //
> > + // With EFI_SECURITY_VIOLATION retval, the Image was loaded and
> an ImageHandle was created
> > + // with a valid EFI_LOADED_IMAGE_PROTOCOL, but the image can
> not be started right now.
> > + // If the caller doesn't have the option to defer the execution of an
> image, we should
> > + // unload image for the EFI_SECURITY_VIOLATION to avoid resource
> leak.
> > + //
> > + if (Status == EFI_SECURITY_VIOLATION) {
> > + gBS->UnloadImage (ImageHandle);
> > + }
> > + } else {
>
> Reviewed-by: Philippe Mathieu-Daude <philmd at redhat.com>
>
> > LoadCount++;
> > //
> > // Before calling the image, enable the Watchdog Timer for
> > // a 5 Minute period
> > //
> >
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#47951): https://edk2.groups.io/g/devel/message/47951
Mute This Topic: https://groups.io/mt/34275944/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list