From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: hao.a.wu@intel.com) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by groups.io with SMTP; Tue, 16 Apr 2019 23:07:35 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Apr 2019 23:07:34 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,360,1549958400"; d="scan'208";a="132067627" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by orsmga007.jf.intel.com with ESMTP; 16 Apr 2019 23:07:34 -0700 Received: from fmsmsx157.amr.corp.intel.com (10.18.116.73) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 16 Apr 2019 23:07:34 -0700 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by FMSMSX157.amr.corp.intel.com (10.18.116.73) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 16 Apr 2019 23:07:34 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.92]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.39]) with mapi id 14.03.0415.000; Wed, 17 Apr 2019 14:07:32 +0800 From: "Wu, Hao A" To: "Ni, Ray" , Ard Biesheuvel , "devel@edk2.groups.io" CC: "Wang, Jian J" , "glin@suse.com" Subject: Re: [PATCH] MdeModulePkg/UefiBootManagerLib: fix crash on uninitialized ExitData Thread-Topic: [PATCH] MdeModulePkg/UefiBootManagerLib: fix crash on uninitialized ExitData Thread-Index: AQHU9JMjkXIYFSp5Q0iu+vcI944DUqY/3E1A Date: Wed, 17 Apr 2019 06:07:32 +0000 Message-ID: References: <20190416202935.32297-1-ard.biesheuvel@linaro.org> In-Reply-To: <20190416202935.32297-1-ard.biesheuvel@linaro.org> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: hao.a.wu@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable > -----Original Message----- > From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org] > Sent: Wednesday, April 17, 2019 4:30 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J; Wu, Hao A; Ni, Ray; glin@suse.com; Ard Biesheuvel > Subject: [PATCH] MdeModulePkg/UefiBootManagerLib: fix crash on > uninitialized ExitData >=20 > As reported by Gary, the recent LoadImage/StartImage changes to > accommodate dispatching PE/COFF images built for foreign architectures > may result in a crash when loading an IA32 option ROM into a X64 VM > running OVMF: >=20 > Loading driver at 0x0007E537000 EntryPoint=3D0x0007E53C06D 8086100e.efi > InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF > 7F003B98 > ProtectUefiImageCommon - 0x7F002BC0 > - 0x000000007E537000 - 0x000000000009F900 > Image type IA32 can't be started on X64 UEFI system. > ASSERT MdeModulePkg/Core/Dxe/Mem/Pool.c(698): Head->Signature =3D=3D > ((('p') | > ('h' << 8)) | ((('d') | ('0' << 8)) << 16)) || Head->Signat= ure > =3D=3D ((('p') | ('h' << 8)) | ((('d') | ('1' << 8)) << 16)= ) >=20 > This turns out to be caused by the deferred image loading code in BDS, > which doesn't check the result code of gBS->StartImage(), and ends up > trying to free an uninitialized pointer. So ensure ExitData is initialize= d > before the call. >=20 > Signed-off-by: Ard Biesheuvel > --- > MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c | 1 + > 1 file changed, 1 insertion(+) >=20 > diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c > b/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c > index fc8775dfa419..cf99de5b924a 100644 > --- a/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c > +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c > @@ -502,6 +502,7 @@ EfiBootManagerDispatchDeferredImages ( > // a 5 Minute period > // > gBS->SetWatchdogTimer (5 * 60, 0x0000, 0x00, NULL); > + ExitData =3D NULL; > Status =3D gBS->StartImage (ImageHandle, &ExitDataSize, &ExitDat= a); > if (ExitData !=3D NULL) { > FreePool (ExitData); Looks like the 'ExitData' is not being used at all here. Ray and Ard, Do you see any concern to just pass 'NULL' as the 3rd parameter (eliminates 'ExitData') here? Best Regards, Hao Wu > -- > 2.17.1