From: "Gao, Zhichao" <zhichao.gao@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"'philmd@redhat.com'" <philmd@redhat.com>,
"Bi, Dandan" <dandan.bi@intel.com>
Cc: "Wang, Jian J" <jian.j.wang@intel.com>,
"Wu, Hao A" <hao.a.wu@intel.com>, "Ni, Ray" <ray.ni@intel.com>,
"Gao, Liming" <liming.gao@intel.com>,
"Laszlo Ersek" <lersek@redhat.com>
Subject: Re: [edk2-devel] [patch v3 3/5] MdeModulePkg/UefiBootManager: Unload image on EFI_SECURITY_VIOLATION
Date: Tue, 24 Sep 2019 13:42:14 +0000 [thread overview]
Message-ID: <3CE959C139B4C44DBEA1810E3AA6F9000B83D7DF@SHSMSX101.ccr.corp.intel.com> (raw)
In-Reply-To: <82949612-609a-27cf-2800-04ce8033ab9d@redhat.com>
Nice catch. Moving the check into the if conditional section would avoid the additional check when the status is EFI_SUCCESS.
Reviewed-by: Zhichao Gao <zhichao.gao@intel.com>
Thanks,
Zhichao
> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> Philippe Mathieu-Daudé
> Sent: Tuesday, September 24, 2019 9:22 PM
> To: devel@edk2.groups.io; Bi, Dandan <dandan.bi@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>;
> Ni, Ray <ray.ni@intel.com>; Gao, Zhichao <zhichao.gao@intel.com>; Gao,
> Liming <liming.gao@intel.com>; Laszlo Ersek <lersek@redhat.com>
> Subject: Re: [edk2-devel] [patch v3 3/5] MdeModulePkg/UefiBootManager:
> Unload image on EFI_SECURITY_VIOLATION
>
> On 9/24/19 3:16 PM, Dandan Bi wrote:
> > For the LoadImage() boot service, with EFI_SECURITY_VIOLATION retval,
> > the Image was loaded and an ImageHandle was created with a valid
> > EFI_LOADED_IMAGE_PROTOCOL, but the image can not be started right
> now.
> > This follows UEFI Spec.
> >
> > But if the caller of LoadImage() doesn't have the option to defer the
> > execution of an image, we can not treat EFI_SECURITY_VIOLATION like
> > any other LoadImage() error, we should unload image for the
> > EFI_SECURITY_VIOLATION to avoid resource leak.
> >
> > This patch is to do error handling for EFI_SECURITY_VIOLATION
> > explicitly for the callers in UefiBootManagerLib which don't have the
> > policy to defer the execution of the image.
> >
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Hao A Wu <hao.a.wu@intel.com>
> > Cc: Ray Ni <ray.ni@intel.com>
> > Cc: Zhichao Gao <zhichao.gao@intel.com>
> > Cc: Liming Gao <liming.gao@intel.com>
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Cc: Philippe Mathieu-Daude <philmd@redhat.com>
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1992
> > Signed-off-by: Dandan Bi <dandan.bi@intel.com>
> > ---
> > V3: Enahnce the error handling logic in BmLoadOption.c and BmMisc.c.
> > MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c | 9 +++++++++
> > .../Library/UefiBootManagerLib/BmLoadOption.c | 14 ++++++++++++--
> > MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c | 14
> ++++++++++++--
> > 3 files changed, 33 insertions(+), 4 deletions(-)
> >
> > diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
> > b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
> > index 952033fc82..760d7647b8 100644
> > --- a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
> > +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
> > @@ -1859,10 +1859,19 @@ EfiBootManagerBoot (
> > if (FilePath != NULL) {
> > FreePool (FilePath);
> > }
> >
> > if (EFI_ERROR (Status)) {
> > + //
> > + // With EFI_SECURITY_VIOLATION retval, the Image was loaded and an
> ImageHandle was created
> > + // with a valid EFI_LOADED_IMAGE_PROTOCOL, but the image can not
> be started right now.
> > + // If the caller doesn't have the option to defer the execution of an
> image, we should
> > + // unload image for the EFI_SECURITY_VIOLATION to avoid resource
> leak.
> > + //
> > + if (Status == EFI_SECURITY_VIOLATION) {
> > + gBS->UnloadImage (ImageHandle);
> > + }
> > //
> > // Report Status Code with the failure status to indicate that the failure
> to load boot option
> > //
> > BmReportLoadFailure
> (EFI_SW_DXE_BS_EC_BOOT_OPTION_LOAD_ERROR, Status);
> > BootOption->Status = Status;
> > diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c
> > b/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c
> > index 07592f8ebd..89372b3b97 100644
> > --- a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c
> > +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c
> > @@ -1,9 +1,9 @@
> > /** @file
> > Load option library functions which relate with creating and processing
> load options.
> >
> > -Copyright (c) 2011 - 2018, Intel Corporation. All rights
> > reserved.<BR>
> > +Copyright (c) 2011 - 2019, Intel Corporation. All rights
> > +reserved.<BR>
> > (C) Copyright 2015-2018 Hewlett Packard Enterprise Development LP<BR>
> > SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > **/
> >
> > @@ -1409,11 +1409,21 @@ EfiBootManagerProcessLoadOption (
> > FileSize,
> > &ImageHandle
> > );
> > FreePool (FileBuffer);
> >
> > - if (!EFI_ERROR (Status)) {
> > + if (EFI_ERROR (Status)) {
> > + //
> > + // With EFI_SECURITY_VIOLATION retval, the Image was loaded and an
> ImageHandle was created
> > + // with a valid EFI_LOADED_IMAGE_PROTOCOL, but the image can not
> be started right now.
> > + // If the caller doesn't have the option to defer the execution of an
> image, we should
> > + // unload image for the EFI_SECURITY_VIOLATION to avoid resource
> leak.
> > + //
> > + if (Status == EFI_SECURITY_VIOLATION) {
> > + gBS->UnloadImage (ImageHandle);
> > + }
> > + } else {
>
> Thanks for changing this Dandan!
>
> > Status = gBS->HandleProtocol (ImageHandle,
> &gEfiLoadedImageProtocolGuid, (VOID **)&ImageInfo);
> > ASSERT_EFI_ERROR (Status);
> >
> > ImageInfo->LoadOptionsSize = LoadOption->OptionalDataSize;
> > ImageInfo->LoadOptions = LoadOption->OptionalData; diff --git
> > a/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c
> > b/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c
> > index 6b8fb4d924..89595747af 100644
> > --- a/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c
> > +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c
> > @@ -1,9 +1,9 @@
> > /** @file
> > Misc library functions.
> >
> > -Copyright (c) 2011 - 2018, Intel Corporation. All rights
> > reserved.<BR>
> > +Copyright (c) 2011 - 2019, Intel Corporation. All rights
> > +reserved.<BR>
> > (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> > SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > **/
> >
> > @@ -491,11 +491,21 @@ EfiBootManagerDispatchDeferredImages (
> > ImageDevicePath,
> > NULL,
> > 0,
> > &ImageHandle
> > );
> > - if (!EFI_ERROR (Status)) {
> > + if (EFI_ERROR (Status)) {
> > + //
> > + // With EFI_SECURITY_VIOLATION retval, the Image was loaded and
> an ImageHandle was created
> > + // with a valid EFI_LOADED_IMAGE_PROTOCOL, but the image can
> not be started right now.
> > + // If the caller doesn't have the option to defer the execution of an
> image, we should
> > + // unload image for the EFI_SECURITY_VIOLATION to avoid resource
> leak.
> > + //
> > + if (Status == EFI_SECURITY_VIOLATION) {
> > + gBS->UnloadImage (ImageHandle);
> > + }
> > + } else {
>
> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
>
> > LoadCount++;
> > //
> > // Before calling the image, enable the Watchdog Timer for
> > // a 5 Minute period
> > //
> >
>
>
next prev parent reply other threads:[~2019-09-24 13:42 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-24 13:16 [patch v3 0/5] Unload image on EFI_SECURITY_VIOLATION Dandan Bi
2019-09-24 13:16 ` [patch v3 1/5] EmbeddedPkg: " Dandan Bi
2019-09-24 13:16 ` [patch v3 2/5] MdeModulePkg/DxeCapsuleLibFmp: " Dandan Bi
2019-09-24 13:16 ` [patch v3 3/5] MdeModulePkg/UefiBootManager: " Dandan Bi
2019-09-24 13:21 ` [edk2-devel] " Philippe Mathieu-Daudé
2019-09-24 13:42 ` Gao, Zhichao [this message]
2019-09-24 13:16 ` [patch v3 4/5] MdeModulePkg/PlatformDriOverride: " Dandan Bi
2019-09-24 13:16 ` [patch v3 5/5] ShellPkg: " Dandan Bi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3CE959C139B4C44DBEA1810E3AA6F9000B83D7DF@SHSMSX101.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox