From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.66]) by mx.groups.io with SMTP id smtpd.web11.6809.1623310233291611077 for ; Thu, 10 Jun 2021 00:30:34 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@posteo.de header.s=2017 header.b=rqYkEjYz; spf=pass (domain: posteo.de, ip: 185.67.36.66, mailfrom: mhaeuser@posteo.de) Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id 0D80E2400E5 for ; Thu, 10 Jun 2021 09:30:29 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1623310230; bh=9cNLY2aKMJLuj10IJ03NHwzeJo/MjxSGKZL+h3NwKRc=; h=Subject:To:Cc:From:Date:From; b=rqYkEjYz+KBCt7kIhk0PxGyzSVQOu4J0ETxuE4CDQvORuZZJgYyCoGo5MExLC0fSQ ot0eUpwtKI9+apennHU0pKf4h8XBD3QvNu6g3Xv7UsbB27fBEZq9BGT2+MNX39vFwb gGgiqhfGbGvigXzG7T1JO8ecWjRcZio5S3y0qwmV/zSfianVEaZOFetms5s26eihMf I57FARc5U6W1ClVNxZBSwNBVqyLA4NmgubhrG/yywpX7xz1hJ3DP1vlr34F40ooB5E sAvLSYycQiDO8SPkujTLhNoiFi4bfaytjLDeE8R8RryOz1RPUe+5n2o7XtL2HDD8PL OVlx7JchaIFBA== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4G0wcN5gzZz6tmM; Thu, 10 Jun 2021 09:30:28 +0200 (CEST) Subject: Re: [edk2-devel] [PATCH v2 2/3] UefiPayloadPkg: Add PayloadLoaderPeim which can load ELF payload To: "Ni, Ray" , "devel@edk2.groups.io" Cc: "Ma, Maurice" , "Dong, Guo" , "You, Benjamin" References: <20210603062259.1390-1-ray.ni@intel.com> <20210603062259.1390-3-ray.ni@intel.com> <812b8f13-e951-5d27-9bd1-61711e6dd840@posteo.de> <486c5ab8-240e-3ac5-5a4a-7f368cb68644@posteo.de> <8eb8db11-90c2-57e0-6868-3532c5af8073@posteo.de> From: =?UTF-8?B?TWFydmluIEjDpHVzZXI=?= Message-ID: <785b1d37-9314-4909-7d1f-efa343018238@posteo.de> Date: Thu, 10 Jun 2021 07:30:28 +0000 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: quoted-printable On 10.06.21 05:40, Ni, Ray wrote: >>> Without the ParseStatus field, callee cannot know whether ParseElfIma= ge() >> is called. >> >> It can by function contracts, the caller guarantees it. I.e. with the = PE >> library I linked, no other function must be called before the init fun= ction. >> Your "ParseElfImage" function is very similar. The context is >> initialized by it, i.e. it is trash if it is not called, i.e. it must = be >> called before other functions. >> If it is called, which we know, the caller has the return status. For >> PE, it means the caller must not proceed with any further PE processin= g >> and abort immediately. >> Is there any scenario where this does not work for ELF? Sorry if I >> missed something. > Caller might call LoadElfImage() without firstly calling ParseElfImage(= ) by mistake. > ParseStatus is added to catch such mistake. If ParseElfImage() is not called, nothing will initialize ParseStatus=20 and the load function will read random data. If AllocateZeroPool was=20 used for the context, a common pattern throughout the codebase to harden=20 against memory initialization bugs, it would even report success at all=20 times anyway. Sorry, but I think this is dead code. Maybe for some context, my main issue at first was that the checks are=20 all proper runtime checks with no ASSERTs at all, so I got confused how=20 this situation could happen in a realistic scenario. I needed to trace=20 the ParseStatus data flow to understand the idea is basically the same=20 as in the PE library. Code in a way is self-documenting, and this=20 personally gave me a hard time understanding why it is written this way.=20 But thanks for clarifying your intention! :) Best regards, Marvin > > I don't trust the caller would follow the contracts properly=F0=9F=98=8A= .