From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=Tae0Lo7k; spf=pass (domain: linaro.org, ip: 209.85.221.45, mailfrom: ard.biesheuvel@linaro.org) Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com [209.85.221.45]) by groups.io with SMTP; Wed, 04 Sep 2019 10:24:58 -0700 Received: by mail-wr1-f45.google.com with SMTP id l16so3828318wrv.12 for ; Wed, 04 Sep 2019 10:24:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=96FEltLgZ5IiuiNQ1YvQEJctcT8mHakLS82Cz2s6CkM=; b=Tae0Lo7ky/Xq0uieFLOJSkfHcbRdvDQ1v7qXrBd0ps1N1QFgNQ3CMuFzNoGTvhk8kn sX4H7uyu2pKPabew9EZtUVJABEZyQK1nU4K13zlIgCneFYnEFjE4V7DhCu8SBH06Qg1u L/IY+Vgvr+AL86FRwL2h8wtkgDhj5UnWL0iXvS1kxKGPuQ6y6rIW2MgsJx4X8slHOuRg fQWvX5OfWhvQnjV1GI9pO/2zRpxYa1JbZGKaTMtPO4ssTDv2TgCxylBqeNP5NXt+vWGJ 0IqqaGCMdEgTnCg+6pFu7BCREo8zMyvoV2rDjem76MauaCDSbNm3+0PCaTzpM77w4TKy YnAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=96FEltLgZ5IiuiNQ1YvQEJctcT8mHakLS82Cz2s6CkM=; b=SKZrtre773LBuvRepVJtwXKH7Woy7TWD8iLvdKc38HQkzUaAEgzgLm0TR9NuTvpXNv lJWeG39q/EuaEaloYeZhjEh3D5o2iIDYIjbJScngd/6gDxm7snzNDWK7Hdioay7Uz2HZ Sd0eo6nZQ7g2dRJAKRi7mdB3mdN0Uu3AaxCBdD2qiIhoOLMaVd+nunBrzJugAQBs6g0e 7sYYSGMxsFwV+AEZ7y5aUz8fnklWvaIPioWPQZJmbAlI0SzQs1B3h4u82+4w4jUz0fWX TgSblzBtbKsXBXsc0BOprwDriN4VzbAVPa+CFUsgKuX/2E24XO1y1eP5xMB1Gvxml2je FkBg== X-Gm-Message-State: APjAAAWMgn4nYZTJ4fbrCUZHrjjiyk6s0b2L1G/5CdqghHiwr0/eqDax FtXJqD+fRfEsPu7gJOdNOWZI9ABX8SQqAGpmlxjeNzpOccNDGL0I X-Google-Smtp-Source: APXvYqxsoS2d9P6bmK51fKWMFCnEO7O2XWsjGqI1hU9KS+LuNC9h5bUjVEqkSMw4Lg4b5MoKGnUKXsiOzrOeOC52+Y8= X-Received: by 2002:adf:ec48:: with SMTP id w8mr2134886wrn.198.1567617896085; Wed, 04 Sep 2019 10:24:56 -0700 (PDT) MIME-Version: 1.0 References: <20190904082555.35424-1-dandan.bi@intel.com> <20190904082555.35424-2-dandan.bi@intel.com> In-Reply-To: <20190904082555.35424-2-dandan.bi@intel.com> From: "Ard Biesheuvel" Date: Wed, 4 Sep 2019 10:24:45 -0700 Message-ID: Subject: Re: [edk2-devel] [patch 1/3] EmbeddedPkg: Unload image on EFI_SECURITY_VIOLATION To: edk2-devel-groups-io , Dandan Bi Cc: Leif Lindholm , Laszlo Ersek Content-Type: text/plain; charset="UTF-8" On Wed, 4 Sep 2019 at 01:26, Dandan Bi wrote: > > For the LoadImage() boot service, with EFI_SECURITY_VIOLATION retval, > the Image was loaded and an ImageHandle was created with a valid > EFI_LOADED_IMAGE_PROTOCOL, but the image can not be started right now. > This follows UEFI Spec. > > But if the caller of LoadImage() doesn't have the option to defer > the execution of an image, we can not treat EFI_SECURITY_VIOLATION > like any other LoadImage() error, we should unload image for the > EFI_SECURITY_VIOLATION to avoid resource leak. > > This patch is to do error handling for EFI_SECURITY_VIOLATION explicitly > for the callers in EmbeddedPkg which don't have the policy to defer the > execution of the image. > > Cc: Leif Lindholm > Cc: Ard Biesheuvel > Cc: Laszlo Ersek > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1992 > Signed-off-by: Dandan Bi Acked-by: Ard Biesheuvel > --- > .../AndroidFastboot/Arm/BootAndroidBootImg.c | 9 +++++++++ > .../Library/AndroidBootImgLib/AndroidBootImgLib.c | 12 ++++++++++++ > 2 files changed, 21 insertions(+) > > diff --git a/EmbeddedPkg/Application/AndroidFastboot/Arm/BootAndroidBootImg.c b/EmbeddedPkg/Application/AndroidFastboot/Arm/BootAndroidBootImg.c > index 591afbe7cc..9fa28e3390 100644 > --- a/EmbeddedPkg/Application/AndroidFastboot/Arm/BootAndroidBootImg.c > +++ b/EmbeddedPkg/Application/AndroidFastboot/Arm/BootAndroidBootImg.c > @@ -71,10 +71,19 @@ StartEfiApplication ( > > // Load the image from the device path with Boot Services function > Status = gBS->LoadImage (TRUE, ParentImageHandle, DevicePath, NULL, 0, > &ImageHandle); > if (EFI_ERROR (Status)) { > + // > + // With EFI_SECURITY_VIOLATION retval, the Image was loaded and an ImageHandle was created > + // with a valid EFI_LOADED_IMAGE_PROTOCOL, but the image can not be started right now. > + // If the caller doesn't have the option to defer the execution of an image, we should > + // unload image for the EFI_SECURITY_VIOLATION to avoid resource leak. > + // > + if (Status == EFI_SECURITY_VIOLATION) { > + gBS->UnloadImage (ImageHandle); > + } > return Status; > } > > // Passed LoadOptions to the EFI Application > if (LoadOptionsSize != 0) { > diff --git a/EmbeddedPkg/Library/AndroidBootImgLib/AndroidBootImgLib.c b/EmbeddedPkg/Library/AndroidBootImgLib/AndroidBootImgLib.c > index d9e7aa7d2b..2e9e74db1d 100644 > --- a/EmbeddedPkg/Library/AndroidBootImgLib/AndroidBootImgLib.c > +++ b/EmbeddedPkg/Library/AndroidBootImgLib/AndroidBootImgLib.c > @@ -439,10 +439,22 @@ AndroidBootImgBoot ( > + KernelSize; > > Status = gBS->LoadImage (TRUE, gImageHandle, > (EFI_DEVICE_PATH *)&KernelDevicePath, > (VOID*)(UINTN)Kernel, KernelSize, &ImageHandle); > + if (EFI_ERROR (Status)) { > + // > + // With EFI_SECURITY_VIOLATION retval, the Image was loaded and an ImageHandle was created > + // with a valid EFI_LOADED_IMAGE_PROTOCOL, but the image can not be started right now. > + // If the caller doesn't have the option to defer the execution of an image, we should > + // unload image for the EFI_SECURITY_VIOLATION to avoid resource leak. > + // > + if (Status == EFI_SECURITY_VIOLATION) { > + gBS->UnloadImage (ImageHandle); > + } > + return Status; > + } > > // Set kernel arguments > Status = gBS->HandleProtocol (ImageHandle, &gEfiLoadedImageProtocolGuid, > (VOID **) &ImageInfo); > ImageInfo->LoadOptions = NewKernelArg; > -- > 2.18.0.windows.1 > > > >