On 9/18/19 5:05 AM, Dandan Bi wrote: > For the LoadImage() boot service, with EFI_SECURITY_VIOLATION retval, > the Image was loaded and an ImageHandle was created with a valid > EFI_LOADED_IMAGE_PROTOCOL, but the image can not be started right now. > This follows UEFI Spec. > > But if the caller of LoadImage() doesn't have the option to defer > the execution of an image, we can not treat EFI_SECURITY_VIOLATION > like any other LoadImage() error, we should unload image for the > EFI_SECURITY_VIOLATION to avoid resource leak. > > This patch is to do error handling for EFI_SECURITY_VIOLATION explicitly > for the callers in EmbeddedPkg which don't have the policy to defer the > execution of the image. > > Cc: Leif Lindholm <leif.lindh...@linaro.org> > Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> > Cc: Laszlo Ersek <ler...@redhat.com> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1992 > Signed-off-by: Dandan Bi <dandan...@intel.com> > Acked-by: Ard Biesheuvel <ard.biesheu...@linaro.org> > Acked-by: Laszlo Ersek <ler...@redhat.com> > --- > .../AndroidFastboot/Arm/BootAndroidBootImg.c | 9 +++++++++ > .../Library/AndroidBootImgLib/AndroidBootImgLib.c | 12 ++++++++++++ > 2 files changed, 21 insertions(+) > > diff --git a/EmbeddedPkg/Application/AndroidFastboot/Arm/BootAndroidBootImg.c > b/EmbeddedPkg/Application/AndroidFastboot/Arm/BootAndroidBootImg.c > index 591afbe7cc..fe05878b4b 100644 > --- a/EmbeddedPkg/Application/AndroidFastboot/Arm/BootAndroidBootImg.c > +++ b/EmbeddedPkg/Application/AndroidFastboot/Arm/BootAndroidBootImg.c > @@ -71,10 +71,19 @@ StartEfiApplication ( > > // Load the image from the device path with Boot Services function > Status = gBS->LoadImage (TRUE, ParentImageHandle, DevicePath, NULL, 0, > &ImageHandle); > if (EFI_ERROR (Status)) { > + // > + // With EFI_SECURITY_VIOLATION retval, the Image was loaded and an > ImageHandle was created > + // with a valid EFI_LOADED_IMAGE_PROTOCOL, but the image can not be > started right now. > + // If the caller doesn't have the option to defer the execution of an > image, we should > + // unload image for the EFI_SECURITY_VIOLATION to avoid resource leak. > + // > + if (Status == EFI_SECURITY_VIOLATION) { > + gBS->UnloadImage (ImageHandle); > + } > return Status; > } > > // Passed LoadOptions to the EFI Application > if (LoadOptionsSize != 0) { > diff --git a/EmbeddedPkg/Library/AndroidBootImgLib/AndroidBootImgLib.c > b/EmbeddedPkg/Library/AndroidBootImgLib/AndroidBootImgLib.c > index d9e7aa7d2b..e1036954ee 100644 > --- a/EmbeddedPkg/Library/AndroidBootImgLib/AndroidBootImgLib.c > +++ b/EmbeddedPkg/Library/AndroidBootImgLib/AndroidBootImgLib.c > @@ -439,10 +439,22 @@ AndroidBootImgBoot ( > + KernelSize; > > Status = gBS->LoadImage (TRUE, gImageHandle, > (EFI_DEVICE_PATH *)&KernelDevicePath, > (VOID*)(UINTN)Kernel, KernelSize, &ImageHandle); > + if (EFI_ERROR (Status)) { > + // > + // With EFI_SECURITY_VIOLATION retval, the Image was loaded and an > ImageHandle was created > + // with a valid EFI_LOADED_IMAGE_PROTOCOL, but the image can not be > started right now. > + // If the caller doesn't have the option to defer the execution of an > image, we should > + // unload image for the EFI_SECURITY_VIOLATION to avoid resource leak. > + // > + if (Status == EFI_SECURITY_VIOLATION) { > + gBS->UnloadImage (ImageHandle); > + } > + return Status; > + } > > // Set kernel arguments > Status = gBS->HandleProtocol (ImageHandle, &gEfiLoadedImageProtocolGuid, > (VOID **) &ImageInfo); > ImageInfo->LoadOptions = NewKernelArg; >
Reviewed-by: Philippe Mathieu-Daude <phi...@redhat.com> -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#47911): https://edk2.groups.io/g/devel/message/47911 Mute This Topic: https://groups.io/mt/34184004/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-