From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: Laszlo Ersek <lersek@redhat.com>
Cc: "Zeng, Star" <star.zeng@intel.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
"Ni, Ruiyu" <ruiyu.ni@intel.com>,
"Dong, Eric" <eric.dong@intel.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>,
"leif.lindholm@linaro.org" <leif.lindholm@linaro.org>
Subject: Re: [PATCH] MdeModulePkg/UefiBootManagerLib: don't ASSERT on 'BootNext' varname
Date: Thu, 5 Oct 2017 09:08:12 +0000 [thread overview]
Message-ID: <CA34C9E7-D64B-49AC-AE2E-7B7A4342790E@intel.com> (raw)
In-Reply-To: <74e4651f-f245-51fa-ee49-4f547a9a929d@redhat.com>
Thank you star.
I ack this update.
I recall we did a review for bds on variable usage and assert usage and fixed such issue. If this is a regression, we probable need review again.
thank you!
Yao, Jiewen
> 在 2017年10月5日,下午3:59,Laszlo Ersek <lersek@redhat.com> 写道:
>
>> On 10/05/17 09:31, Zeng, Star wrote:
>> I got your point.
>> From literal meaning of the API, I agree the ASSERT should be removed.
>> If the input parameter is assumed to be valid always, the API could be not called at all.
>> If the input parameter is not assumed to be valid always, the API should not assert.
>>
>> I just tried an experiment and can easily reproduce the assert.
>> 1. Boot NT32 to shell.
>> 2. Create L"BootNext" variable with shell command: setvar BootNext -NV -RT -BS =0000.
>> 3. Reboot and then ASSERT.
>> ASSERT!: [BdsDxe] i:\git\edk2git\edk2\MdeModulePkg\Library\UefiBootManagerLib\BmMisc.c (423): ((BOOLEAN)(0==1))
>>
>> The calling stack is:
>> BdsEntry(BdsEntry.c L844) ->
>> EfiBootManagerGetLoadOptions(BdsLoadOption.c L1092) ->
>> BmCollectLoadOptions() with L"BootNext" from the loop in BmForEachVariable() ->
>> EfiBootManagerIsValidLoadOptionVariableName() ->
>> BmCharToUint() ->
>> ASSERT(FALSE)
>>
>> The assert seems new caused by 0e6584e38650cef9a6b4579553679c0f12d897bc as L"BootNext" was deleted before calling EfiBootManagerGetLoadOptions() when no this commit.
>
> Ah, good point!
>
> OK, so let's wait until Ray acks the removal of the assert.
>
> Thanks!
> Laszlo
>
>> -----Original Message-----
>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>> Sent: Wednesday, October 4, 2017 11:06 PM
>> To: Zeng, Star <star.zeng@intel.com>; Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Cc: Ni, Ruiyu <ruiyu.ni@intel.com>; Dong, Eric <eric.dong@intel.com>; edk2-devel@lists.01.org; leif.lindholm@linaro.org; Yao, Jiewen <jiewen.yao@intel.com>
>> Subject: Re: [edk2] [PATCH] MdeModulePkg/UefiBootManagerLib: don't ASSERT on 'BootNext' varname
>>
>> Star,
>>
>>> On 10/04/17 16:09, Zeng, Star wrote:
>>> Thanks for confirming the urgency.
>>>
>>> I have no strong motivation to keep/remove the ASSERT, I would like Ruiyu to argue and make the decision.
>>> I mainly want the issue (the code ends up calling this function(EfiBootManagerIsValidLoadOptionVariableName) on L"BootNext") could be root caused.
>>
>> it might be interesting to find out about the exact call stack. However, I'd like to point out that the exact purpose of the
>> EfiBootManagerIsValidLoadOptionVariableName() function is to check
>> *whether* the variable name is a valid boot option name or not. If not
>> -- for whatever reason -- then it shouldn't ASSERT(); it should just return FALSE.
>>
>> Perhaps it's relevant: the function was made public in commit 3dc5c1ae5c757.
>>
>> Thanks
>> Laszlo
>>
>>> -----Original Message-----
>>> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
>>> Sent: Wednesday, October 4, 2017 9:54 PM
>>> To: Zeng, Star <star.zeng@intel.com>
>>> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Ni, Ruiyu
>>> <ruiyu.ni@intel.com>; edk2-devel@lists.01.org; Dong, Eric
>>> <eric.dong@intel.com>; leif.lindholm@linaro.org
>>> Subject: Re: [edk2] [PATCH] MdeModulePkg/UefiBootManagerLib: don't
>>> ASSERT on 'BootNext' varname
>>>
>>>> On 4 October 2017 at 14:49, Zeng, Star <star.zeng@intel.com> wrote:
>>>> Creating Boot000@ with gEfiGlobalVariableGuid can not succeed as it
>>>> will be rejected by
>>>> MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf that will check the VariableName against UEFI spec “Table 13. Global Variables”
>>>> if the VendorGuid is gEfiGlobalVariableGuid.
>>>>
>>>>
>>>>
>>>> I would suspect there is a bug at other place if the code ends up
>>>> calling this function(EfiBootManagerIsValidLoadOptionVariableName) on L"BootNext".
>>>>
>>>
>>> That still does not mean you should ASSERT() here. The state of the variable store != the internals of the code, and so it should be considered external input to some extent. ASSERTs are meant to catch programming errors, not errors in the varstore image.
>>>
>>>
>>>>
>>>> Ard,
>>>>
>>>> Is the fix urgent or not for you?
>>>>
>>>
>>> Not really. But fwupdate is shipping as part of many distros, so I guess others may run into it as well.
>>>
>>>> I may want to wait for Ruiyu’s back to take some look at the detail of it.
>>>>
>>>
>>> That is fine.
>>>
>>>> At the same time, you may help check the code flow in some detail if
>>>> you have free time, I think that will be helpful. J
>>>>
>>>
>>> OK.
>>> _______________________________________________
>>> edk2-devel mailing list
>>> edk2-devel@lists.01.org
>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>
>>
>
next prev parent reply other threads:[~2017-10-05 9:04 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-03 17:17 [PATCH] MdeModulePkg/UefiBootManagerLib: don't ASSERT on 'BootNext' varname Ard Biesheuvel
2017-10-03 23:56 ` Zeng, Star
2017-10-03 23:59 ` Ard Biesheuvel
2017-10-04 0:18 ` Yao, Jiewen
2017-10-04 13:49 ` Zeng, Star
2017-10-04 13:54 ` Ard Biesheuvel
2017-10-04 14:09 ` Zeng, Star
2017-10-04 15:06 ` Laszlo Ersek
2017-10-05 7:31 ` Zeng, Star
2017-10-05 7:59 ` Laszlo Ersek
2017-10-05 9:08 ` Yao, Jiewen [this message]
2017-10-10 9:12 ` Ni, Ruiyu
2017-10-04 14:40 ` Laszlo Ersek
2017-10-04 15:01 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA34C9E7-D64B-49AC-AE2E-7B7A4342790E@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox