From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id B6DA6D80A20 for ; Sun, 21 Apr 2024 04:17:44 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=tLi7cDbkrCgyLOIf5SZ5qeAkZ9YTsZzA9YC/Aukfzz8=; c=relaxed/simple; d=groups.io; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type; s=20240206; t=1713673063; v=1; b=kpCEyikOo8fexQeLacBwEKmOBg1B3Ahy5kDaHBikOuWwfWX9cgXXzBQoyhfMjkJ/MOFMz25T ITBCkLRBn/HbyRIcqeRYp4rjJ5QN7vI3O8ib49f3KTZ/BeeOWzwnjm0mLG6XnK9+lrZTWva5YEr AMblWVV8uTUEZCLYkhTuH7mpjIR+cpn+YTn2o0V4VkaH0b2R0vR8QyHNO+x9sB1kHZWAG810JGy 3RfUKhJ7wAyVysBHPuDmMSuxwbxxnPyVVAnwaRBfMy2Oe9SCery9YaB6EO92nEE599mEuKWJUXO sAmt8VYQN1LhywpFY35z9DndLizUHjwkfn0tFKMdsDU8w== X-Received: by 127.0.0.2 with SMTP id DlGSYY7687511xPwDbmrFWgo; Sat, 20 Apr 2024 21:17:43 -0700 X-Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mx.groups.io with SMTP id smtpd.web11.26370.1713673062219479249 for ; Sat, 20 Apr 2024 21:17:42 -0700 X-Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-417f5268b12so34870675e9.1 for ; Sat, 20 Apr 2024 21:17:41 -0700 (PDT) X-Gm-Message-State: aTs1tBo1GQrH3uS5s9g0c4gyx7686176AA= X-Google-Smtp-Source: AGHT+IHF2WJ4mxzBbvxJQlPm6IDq/04X4Hcwx4K/0U9rNTNbc1xL4+2KnnZypa2vFkxsIhAWSSrtw7/QN362x9GCmPk= X-Received: by 2002:a05:600c:3108:b0:418:b425:d7da with SMTP id g8-20020a05600c310800b00418b425d7damr5517073wmo.32.1713673060369; Sat, 20 Apr 2024 21:17:40 -0700 (PDT) MIME-Version: 1.0 References: <0102018eb46489d7-9d4baa6c-98e6-4ef5-a477-1beeb1980005-000000@eu-west-1.amazonses.com> <2759.1713520973467563953@groups.io> <0102018efc599893-f6eb6958-4674-49ce-9909-0a5e52b950d7-000000@eu-west-1.amazonses.com> In-Reply-To: <0102018efc599893-f6eb6958-4674-49ce-9909-0a5e52b950d7-000000@eu-west-1.amazonses.com> From: "Mike Beaton" Date: Sun, 21 Apr 2024 05:17:29 +0100 Message-ID: Subject: Re: [edk2-devel] [PATCH] NetworkPkg/HttpBootDxe: Correctly uninstall HttpBootCallbackProtocol To: Michael Brown Cc: devel@edk2.groups.io Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Sat, 20 Apr 2024 21:17:42 -0700 Resent-From: mjsbeaton@gmail.com Reply-To: devel@edk2.groups.io,mjsbeaton@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Type: text/plain; charset="UTF-8" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=kpCEyikO; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none) On Sat, 20 Apr 2024 at 17:31, Michael Brown wrote: > > On 19/04/2024 11:02, Mike Beaton wrote: > > Dear Michael, > > > > I don't know if you had time to answer one follow-up question. > > > > Obviously one thing that someone might want to do is to notify on > > protocol installs and trap installs of this protocol - e.g. so that > > something other than UefiBootManagerLib can manage and monitor HTTP > > boot, but still allowing the original callback to occur, by hooking it. > > Not sure if this counts as 'supported' or not (possibly not...) though I > > think it may count as 'quite likely to happen'. However, one could hook > > in such a way that the uninstall would succeed anyway, assuming that the > > function pointer within the original installed protocol is writeable. > > > > My question is: was the above is roughly what you were thinking of, that > > might cause the assert to fail, or, if not, if you had the time to give > > a very brief sketch of what else it might be (just a plausible, very > > rough example)? Certainly not saying you're wrong, just that it would be > > helpful (to me!) to understand what sort of thing you were thinking of! > > I don't have a specific use case in mind for why someone might want to > have opened this particular protocol in a way that would subsequently > cause UninstallMultipleProtocolInterfaces() to fail (e.g. opening with > BY_CHILD_CONTROLLER attributes). Just that, as a general rule, there > exists a design flaw in the UEFI specification that means that > operations that should have been chosen at the design stage to be > conceptually impossible to fail (such as freeing memory or uninstalling > protocols) are instead allowed to return a failure status. > > This design issue manifests itself as extremely unreliable behaviour on > the removal or shutdown paths of many UEFI drivers. For example: many > drivers will simply deadlock the system if disconnected from their > underlying controllers (e.g. via the UEFI shell "disconnect" command). > > In the case of UninstallMultipleProtocolInterfaces(), the failure mode > is particularly problematic since the specification dictates that the > firmware must do the absolutely worst thing possible by *reinstalling* > any protocol instances that it had managed to uninstall, and > consequently retriggering driver Start() method calls. This generally > leads to chaos and confusion (and use-after-free bugs that could > probably be fairly easily extended to obtain a Secure Boot exploit). > > There's nothing that you really need to do specifically in HttpBootDxe > to work around this design flaw. But it's definitely worth removing the > unjustified ASSERT(), since that ASSERT() may cause a crash in a system > that could otherwise continue to operate successfully. > > Hope that helps, > > Michael > It does help. Thank you for a useful and clear explanation - I was already aware of some (but certainly not all) of it. I have already posted a revised patch with the ASSERT removed - but am now more clear that I really had better stick with that, not try to argue against it. ;) Thanks again, Mike -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118052): https://edk2.groups.io/g/devel/message/118052 Mute This Topic: https://groups.io/mt/105368366/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-