[v1] Unload image on EFI_SECURITY_VIOLATION

[edk2-devel] [patch 0/3] Unload image on EFI_SECURITY_VIOLATION

Dandan Bi posted 3 patches 4 years, 7 months ago

Diff against v1 v2 v3
Download series mbox

Failed in applying to current master (apply log)

There is a newer version of this series

.../AndroidFastboot/Arm/BootAndroidBootImg.c         |  9 +++++++++
.../Library/AndroidBootImgLib/AndroidBootImgLib.c    | 12 ++++++++++++
MdeModulePkg/Bus/Pci/PciBusDxe/PciOptionRomSupport.c |  9 +++++++++
.../Library/DxeCapsuleLibFmp/DxeCapsuleLib.c         |  9 +++++++++
MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c     |  9 +++++++++
.../Library/UefiBootManagerLib/BmLoadOption.c        | 11 ++++++++++-
MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c     | 11 ++++++++++-
.../PlatformDriOverrideDxe/PlatDriOverrideLib.c      | 11 ++++++++++-
ShellPkg/Application/Shell/ShellManParser.c          |  9 +++++++++
.../Library/UefiShellDebug1CommandsLib/LoadPciRom.c  | 11 ++++++++++-
ShellPkg/Library/UefiShellLevel2CommandsLib/Load.c   | 11 ++++++++++-
11 files changed, 107 insertions(+), 5 deletions(-)

Expand all Fold all

[edk2-devel] [patch 0/3] Unload image on EFI_SECURITY_VIOLATION

Posted by Dandan Bi 4 years, 7 months ago

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1992

For the LoadImage() boot service, with EFI_SECURITY_VIOLATION retval,
the Image was loaded and an ImageHandle was created with a valid
EFI_LOADED_IMAGE_PROTOCOL, but the image can not be started right now.
This follows UEFI Spec.

But if the caller of LoadImage() doesn't have the option to defer
the execution of an image, we can not treat EFI_SECURITY_VIOLATION
like any other LoadImage() error, we should unload image for the
EFI_SECURITY_VIOLATION to avoid resource leak.

This patch is to do error handling for EFI_SECURITY_VIOLATION explicitly
for the callers in edk2 which don't have the policy to defer the
execution of the image.

Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Dandan Bi (3):
  EmbeddedPkg: Unload image on EFI_SECURITY_VIOLATION
  MdeModulePkg: Unload image on EFI_SECURITY_VIOLATION
  ShellPkg: Unload image on EFI_SECURITY_VIOLATION

 .../AndroidFastboot/Arm/BootAndroidBootImg.c         |  9 +++++++++
 .../Library/AndroidBootImgLib/AndroidBootImgLib.c    | 12 ++++++++++++
 MdeModulePkg/Bus/Pci/PciBusDxe/PciOptionRomSupport.c |  9 +++++++++
 .../Library/DxeCapsuleLibFmp/DxeCapsuleLib.c         |  9 +++++++++
 MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c     |  9 +++++++++
 .../Library/UefiBootManagerLib/BmLoadOption.c        | 11 ++++++++++-
 MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c     | 11 ++++++++++-
 .../PlatformDriOverrideDxe/PlatDriOverrideLib.c      | 11 ++++++++++-
 ShellPkg/Application/Shell/ShellManParser.c          |  9 +++++++++
 .../Library/UefiShellDebug1CommandsLib/LoadPciRom.c  | 11 ++++++++++-
 ShellPkg/Library/UefiShellLevel2CommandsLib/Load.c   | 11 ++++++++++-
 11 files changed, 107 insertions(+), 5 deletions(-)

-- 
2.18.0.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#46765): https://edk2.groups.io/g/devel/message/46765
Mute This Topic: https://groups.io/mt/33136034/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-