On 09/04/19 16:16, Philippe Mathieu-Daudé wrote: > On 9/3/19 6:38 PM, Laszlo Ersek wrote: >> The LoadImage() boot service is a bit unusual in that it allocates >> resources in a particular failure case; namely, it produces a valid >> "ImageHandle" when it returns EFI_SECURITY_VIOLATION. This is supposed to >> happen e.g. when Secure Boot verification fails for the image, but the >> platform policy for the particular image origin (such as "fixed media" or >> "removable media") is DEFER_EXECUTE_ON_SECURITY_VIOLATION. The return code >> allows platform logic to selectively override the verification failure, >> and launch the image nonetheless. >> >> ArmVirtPkg/PlatformBootManagerLib does not override EFI_SECURITY_VIOLATION >> for the kernel image loaded from fw_cfg -- any LoadImage() error is >> considered fatal. When we simply treat EFI_SECURITY_VIOLATION like any >> other LoadImage() error, we leak the resources associated with >> "KernelImageHandle". From a resource usage perspective, >> EFI_SECURITY_VIOLATION must be considered "success", and rolled back. >> >> Implement this rollback, without breaking the proper "nesting" of error >> handling jumps and labels. >> >> Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> >> Cc: Dandan Bi <dandan...@intel.com> >> Cc: Leif Lindholm <leif.lindh...@linaro.org> >> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1992 >> Fixes: 23d04b58e27b382bbd3f9b16ba9adb1cb203dad5 >> Signed-off-by: Laszlo Ersek <ler...@redhat.com> > > Reviewed-by: Philippe Mathieu-Daude <phi...@redhat.com>
Thank you all, pushed as commit ae9f12058d71. Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46930): https://edk2.groups.io/g/devel/message/46930 Mute This Topic: https://groups.io/mt/33128626/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
