From: "Dandan Bi" <dandan.bi@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"Wu, Hao A" <hao.a.wu@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
"Wang, Jian J" <jian.j.wang@intel.com>,
"Ni, Ray" <ray.ni@intel.com>,
"Gao, Liming" <liming.gao@intel.com>,
"Gao, Zhichao" <zhichao.gao@intel.com>,
Laszlo Ersek <lersek@redhat.com>,
"Philippe Mathieu-Daude" <philmd@redhat.com>,
"Bi, Dandan" <dandan.bi@intel.com>
Subject: Re: [edk2-devel] [patch v3 0/5] Unload image on EFI_SECURITY_VIOLATION
Date: Wed, 25 Sep 2019 01:56:01 +0000 [thread overview]
Message-ID: <3C0D5C461C9E904E8F62152F6274C0BB40C5F796@SHSMSX104.ccr.corp.intel.com> (raw)
In-Reply-To: <15C762418138FF70.23104@groups.io>
Hi Hao,
Could you help to push this V3 patch series?
Thanks,
Dandan
> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> Dandan Bi
> Sent: Tuesday, September 24, 2019 9:17 PM
> To: devel@edk2.groups.io
> Cc: Leif Lindholm <leif.lindholm@linaro.org>; Ard Biesheuvel
> <ard.biesheuvel@linaro.org>; Wang, Jian J <jian.j.wang@intel.com>; Wu,
> Hao A <hao.a.wu@intel.com>; Ni, Ray <ray.ni@intel.com>; Gao, Liming
> <liming.gao@intel.com>; Gao, Zhichao <zhichao.gao@intel.com>; Laszlo
> Ersek <lersek@redhat.com>; Philippe Mathieu-Daude <philmd@redhat.com>
> Subject: [edk2-devel] [patch v3 0/5] Unload image on
> EFI_SECURITY_VIOLATION
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1992
>
> v2:
> Just enahnce the code error handling logic in patch 3.
> Other patches are the same and pick up the Acked-by and Reviewed-by in
> other patches.
>
> v2:
> (1) Just separate the patch in MdeModulePkg into module level, the changes
> in EmbeddedPkg and ShellPkg are the same with V1.
> (2) Drop the update in PciBusDxe module in MdeModulePkg since with
> EFI_SECURITY_VIOLATION returned, the image may be used later.
>
>
> For the LoadImage() boot service, with EFI_SECURITY_VIOLATION retval, the
> Image was loaded and an ImageHandle was created with a valid
> EFI_LOADED_IMAGE_PROTOCOL, but the image can not be started right now.
> This follows UEFI Spec.
>
> But if the caller of LoadImage() doesn't have the option to defer the
> execution of an image, we can not treat EFI_SECURITY_VIOLATION like any
> other LoadImage() error, we should unload image for the
> EFI_SECURITY_VIOLATION to avoid resource leak.
>
> This patch is to do error handling for EFI_SECURITY_VIOLATION explicitly for
> the callers in edk2 which don't have the policy to defer the execution of the
> image.
>
> Cc: Leif Lindholm <leif.lindholm@linaro.org>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Zhichao Gao <zhichao.gao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Dandan Bi (3):
> EmbeddedPkg: Unload image on EFI_SECURITY_VIOLATION
> MdeModulePkg/DxeCapsuleLibFmp: Unload image on
> EFI_SECURITY_VIOLATION
> MdeModulePkg/UefiBootManager: Unload image on
> EFI_SECURITY_VIOLATION
> MdeModulePkg/PlatformDriOverride: Unload image on
> EFI_SECURITY_VIOLATION
> ShellPkg: Unload image on EFI_SECURITY_VIOLATION
>
> .../AndroidFastboot/Arm/BootAndroidBootImg.c | 9 +++++++++
> .../Library/AndroidBootImgLib/AndroidBootImgLib.c | 12 ++++++++++++
> .../Library/DxeCapsuleLibFmp/DxeCapsuleLib.c | 9 +++++++++
> MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c | 9 +++++++++
> .../Library/UefiBootManagerLib/BmLoadOption.c | 14 ++++++++++++--
> MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c | 14
> ++++++++++++--
> .../PlatformDriOverrideDxe/PlatDriOverrideLib.c | 11 ++++++++++-
> ShellPkg/Application/Shell/ShellManParser.c | 9 +++++++++
> .../Library/UefiShellDebug1CommandsLib/LoadPciRom.c | 11 ++++++++++-
> ShellPkg/Library/UefiShellLevel2CommandsLib/Load.c | 11 ++++++++++-
> 10 files changed, 98 insertions(+), 5 deletions(-)
>
> --
> 2.18.0.windows.1
>
>
>
next parent reply other threads:[~2019-09-25 1:56 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <15C762418138FF70.23104@groups.io>
2019-09-25 1:56 ` Dandan Bi [this message]
2019-09-25 2:05 ` [edk2-devel] [patch v3 0/5] Unload image on EFI_SECURITY_VIOLATION Wu, Hao A
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3C0D5C461C9E904E8F62152F6274C0BB40C5F796@SHSMSX104.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox