From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: zhichao.gao@intel.com) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by groups.io with SMTP; Wed, 04 Sep 2019 19:20:12 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Sep 2019 19:20:11 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,469,1559545200"; d="scan'208";a="334408597" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by orsmga004.jf.intel.com with ESMTP; 04 Sep 2019 19:20:11 -0700 Received: from fmsmsx113.amr.corp.intel.com (10.18.116.7) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 4 Sep 2019 19:20:09 -0700 Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by FMSMSX113.amr.corp.intel.com (10.18.116.7) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 4 Sep 2019 19:20:08 -0700 Received: from shsmsx101.ccr.corp.intel.com ([169.254.1.92]) by SHSMSX152.ccr.corp.intel.com ([169.254.6.132]) with mapi id 14.03.0439.000; Thu, 5 Sep 2019 10:20:06 +0800 From: "Gao, Zhichao" To: "Bi, Dandan" , "devel@edk2.groups.io" CC: "Ni, Ray" , Laszlo Ersek Subject: Re: [patch 3/3] ShellPkg: Unload image on EFI_SECURITY_VIOLATION Thread-Topic: [patch 3/3] ShellPkg: Unload image on EFI_SECURITY_VIOLATION Thread-Index: AQHVYvpw61Y+oegjKEO7KadOxO+rJKccWUZQ Date: Thu, 5 Sep 2019 02:20:06 +0000 Message-ID: <3CE959C139B4C44DBEA1810E3AA6F9000B836659@SHSMSX101.ccr.corp.intel.com> References: <20190904082555.35424-1-dandan.bi@intel.com> <20190904082555.35424-4-dandan.bi@intel.com> In-Reply-To: <20190904082555.35424-4-dandan.bi@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: zhichao.gao@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Zhichao Gao > -----Original Message----- > From: Bi, Dandan > Sent: Wednesday, September 4, 2019 4:26 PM > To: devel@edk2.groups.io > Cc: Ni, Ray ; Gao, Zhichao ; > Laszlo Ersek > Subject: [patch 3/3] ShellPkg: Unload image on EFI_SECURITY_VIOLATION >=20 > For the LoadImage() boot service, with EFI_SECURITY_VIOLATION retval, the > Image was loaded and an ImageHandle was created with a valid > EFI_LOADED_IMAGE_PROTOCOL, but the image can not be started right now. > This follows UEFI Spec. >=20 > But if the caller of LoadImage() doesn't have the option to defer the > execution of an image, we can not treat EFI_SECURITY_VIOLATION like any > other LoadImage() error, we should unload image for the > EFI_SECURITY_VIOLATION to avoid resource leak. >=20 > This patch is to do error handling for EFI_SECURITY_VIOLATION explicitly = for > the callers in ShellPkg which don't have the policy to defer the executio= n of > the image. >=20 > Cc: Ray Ni > Cc: Zhichao Gao > Cc: Laszlo Ersek > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1992 > Signed-off-by: Dandan Bi > --- > ShellPkg/Application/Shell/ShellManParser.c | 9 +++++++++ > .../Library/UefiShellDebug1CommandsLib/LoadPciRom.c | 11 ++++++++++- > ShellPkg/Library/UefiShellLevel2CommandsLib/Load.c | 11 ++++++++++- > 3 files changed, 29 insertions(+), 2 deletions(-) >=20 > diff --git a/ShellPkg/Application/Shell/ShellManParser.c > b/ShellPkg/Application/Shell/ShellManParser.c > index 6909f29441..e5f97bbb11 100644 > --- a/ShellPkg/Application/Shell/ShellManParser.c > +++ b/ShellPkg/Application/Shell/ShellManParser.c > @@ -643,10 +643,19 @@ ProcessManFile( > goto Done; > } > DevPath =3D ShellInfoObject.NewEfiShellProtocol- > >GetDevicePathFromFilePath(CmdFilePathName); > Status =3D gBS->LoadImage(FALSE, gImageHandle, DevPath, NULL, 0= , > &CmdFileImgHandle); > if(EFI_ERROR(Status)) { > + // > + // With EFI_SECURITY_VIOLATION retval, the Image was loaded and an > ImageHandle was created > + // with a valid EFI_LOADED_IMAGE_PROTOCOL, but the image can not > be started right now. > + // If the caller doesn't have the option to defer the execution of= an > image, we should > + // unload image for the EFI_SECURITY_VIOLATION to avoid the resour= ce > leak. > + // > + if (Status =3D=3D EFI_SECURITY_VIOLATION) { > + gBS->UnloadImage (CmdFileImgHandle); > + } > *HelpText =3D NULL; > goto Done; > } > Status =3D gBS->OpenProtocol( > CmdFileImgHandle, > diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/LoadPciRom.c > b/ShellPkg/Library/UefiShellDebug1CommandsLib/LoadPciRom.c > index 1b169d0d3c..f91e3eb6e7 100644 > --- a/ShellPkg/Library/UefiShellDebug1CommandsLib/LoadPciRom.c > +++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/LoadPciRom.c > @@ -1,10 +1,10 @@ > /** @file > Main file for LoadPciRom shell Debug1 function. >=20 > (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
> - Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
> + Copyright (c) 2005 - 2019, Intel Corporation. All rights > + reserved.
> SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > **/ >=20 > #include "UefiShellDebug1CommandsLib.h" > @@ -332,10 +332,19 @@ LoadEfiDriversFromRomImage ( > ImageBuffer, > ImageLength, > &ImageHandle > ); > if (EFI_ERROR (Status)) { > + // > + // With EFI_SECURITY_VIOLATION retval, the Image was loaded = and > an ImageHandle was created > + // with a valid EFI_LOADED_IMAGE_PROTOCOL, but the image can > not be started right now. > + // If the caller doesn't have the option to defer the execut= ion of an > image, we should > + // unload image for the EFI_SECURITY_VIOLATION to avoid reso= urce > leak. > + // > + if (Status =3D=3D EFI_SECURITY_VIOLATION) { > + gBS->UnloadImage (ImageHandle); > + } > ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN > (STR_LOADPCIROM_LOAD_FAIL), gShellDebug1HiiHandle, L"loadpcirom", > FileName, ImageIndex); > // PrintToken (STRING_TOKEN > (STR_LOADPCIROM_LOAD_IMAGE_ERROR), HiiHandle, ImageIndex, Status); > } else { > Status =3D gBS->StartImage (ImageHandle, NULL, NULL); > if (EFI_ERROR (Status)) { > diff --git a/ShellPkg/Library/UefiShellLevel2CommandsLib/Load.c > b/ShellPkg/Library/UefiShellLevel2CommandsLib/Load.c > index 6a94b48c86..a13e1bda2d 100644 > --- a/ShellPkg/Library/UefiShellLevel2CommandsLib/Load.c > +++ b/ShellPkg/Library/UefiShellLevel2CommandsLib/Load.c > @@ -1,10 +1,10 @@ > /** @file > Main file for attrib shell level 2 function. >=20 > (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
> - Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
> + Copyright (c) 2009 - 2019, Intel Corporation. All rights > + reserved.
> SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > **/ >=20 > #include "UefiShellLevel2CommandsLib.h" > @@ -110,10 +110,19 @@ LoadDriver( > NULL, > 0, > &LoadedDriverHandle); >=20 > if (EFI_ERROR(Status)) { > + // > + // With EFI_SECURITY_VIOLATION retval, the Image was loaded and an > ImageHandle was created > + // with a valid EFI_LOADED_IMAGE_PROTOCOL, but the image can not be > started right now. > + // If the caller doesn't have the option to defer the execution of a= n image, > we should > + // unload image for the EFI_SECURITY_VIOLATION to avoid resource lea= k. > + // > + if (Status =3D=3D EFI_SECURITY_VIOLATION) { > + gBS->UnloadImage (LoadedDriverHandle); > + } > ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_LOAD_NOT_IMAGE), > gShellLevel2HiiHandle, FileName, Status); > } else { > // > // Make sure it is a driver image > // > -- > 2.18.0.windows.1