From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: hao.a.wu@intel.com)
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
 by groups.io with SMTP; Tue, 17 Sep 2019 20:50:03 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
  by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Sep 2019 20:50:02 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.64,519,1559545200"; 
   d="scan'208";a="387782608"
Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205])
  by fmsmga006.fm.intel.com with ESMTP; 17 Sep 2019 20:50:02 -0700
Received: from fmsmsx112.amr.corp.intel.com (10.18.116.6) by
 fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Tue, 17 Sep 2019 20:50:02 -0700
Received: from shsmsx108.ccr.corp.intel.com (10.239.4.97) by
 FMSMSX112.amr.corp.intel.com (10.18.116.6) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Tue, 17 Sep 2019 20:50:02 -0700
Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.32]) by
 SHSMSX108.ccr.corp.intel.com ([169.254.8.146]) with mapi id 14.03.0439.000;
 Wed, 18 Sep 2019 11:50:00 +0800
From: "Wu, Hao A" <hao.a.wu@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "Bi, Dandan"
	<dandan.bi@intel.com>
CC: "Wang, Jian J" <jian.j.wang@intel.com>, "Gao, Liming"
	<liming.gao@intel.com>, Laszlo Ersek <lersek@redhat.com>
Subject: Re: [edk2-devel] [patch v2 4/5] MdeModulePkg/PlatformDriOverride: Unload image on EFI_SECURITY_VIOLATION
Thread-Topic: [edk2-devel] [patch v2 4/5] MdeModulePkg/PlatformDriOverride:
 Unload image on EFI_SECURITY_VIOLATION
Thread-Index: AQHVbc4XWJ0Vt2k8fkegBt7JpVm896cwzIpw
Date: Wed, 18 Sep 2019 03:49:59 +0000
Message-ID: <B80AF82E9BFB8E4FBD8C89DA810C6A093C933446@SHSMSX104.ccr.corp.intel.com>
References: <20190918030557.55256-1-dandan.bi@intel.com>
 <20190918030557.55256-5-dandan.bi@intel.com>
In-Reply-To: <20190918030557.55256-5-dandan.bi@intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Return-Path: hao.a.wu@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> Dandan Bi
> Sent: Wednesday, September 18, 2019 11:06 AM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J; Wu, Hao A; Gao, Liming; Laszlo Ersek
> Subject: [edk2-devel] [patch v2 4/5] MdeModulePkg/PlatformDriOverride:
> Unload image on EFI_SECURITY_VIOLATION
>=20
> For the LoadImage() boot service, with EFI_SECURITY_VIOLATION retval,
> the Image was loaded and an ImageHandle was created with a valid
> EFI_LOADED_IMAGE_PROTOCOL, but the image can not be started right now.
> This follows UEFI Spec.
>=20
> But if the caller of LoadImage() doesn't have the option to defer
> the execution of an image, we can not treat EFI_SECURITY_VIOLATION
> like any other LoadImage() error, we should unload image for the
> EFI_SECURITY_VIOLATION to avoid resource leak.
>=20
> This patch is to do error handling for EFI_SECURITY_VIOLATION explicitly
> for the caller in PlatformDriOverrideDxe which don't have the policy to
> defer the execution of the image.
>=20
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1992
> Signed-off-by: Dandan Bi <dandan.bi@intel.com>
> ---
>  .../PlatformDriOverrideDxe/PlatDriOverrideLib.c       | 11 ++++++++++-
>  1 file changed, 10 insertions(+), 1 deletion(-)
>=20
> diff --git
> a/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c
> b/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c
> index 2d3736b468..f91f038b7a 100644
> ---
> a/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c
> +++
> b/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c
> @@ -1,9 +1,9 @@
>  /** @file
>    Implementation of the shared functions to do the platform driver vver=
ride
> mapping.
>=20
> -  Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR=
>
> +  Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.<BR=
>
>    SPDX-License-Identifier: BSD-2-Clause-Patent
>=20
>  **/
>=20
>  #include "InternalPlatDriOverrideDxe.h"
> @@ -1484,10 +1484,19 @@ GetDriverFromMapping (
>                                     );
>                  ASSERT (DriverBinding !=3D NULL);
>                  DriverImageInfo->ImageHandle =3D ImageHandle;
>                }
>              } else {
> +              //
> +              // With EFI_SECURITY_VIOLATION retval, the Image was load=
ed and
> an ImageHandle was created
> +              // with a valid EFI_LOADED_IMAGE_PROTOCOL, but the image =
can
> not be started right now.
> +              // If the caller doesn't have the option to defer the exe=
cution of an
> image, we should
> +              // unload image for the EFI_SECURITY_VIOLATION to avoid r=
esource
> leak.
> +              //
> +              if (Status =3D=3D EFI_SECURITY_VIOLATION) {
> +                gBS->UnloadImage (ImageHandle);
> +              }


Reviewed-by: Hao A Wu <hao.a.wu@intel.com>

Best Regards,
Hao Wu


>                DriverImageInfo->UnLoadable =3D TRUE;
>                DriverImageInfo->ImageHandle =3D NULL;
>              }
>            }
>          }
> --
> 2.18.0.windows.1
>=20
>=20
>=20