> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Dandan Bi > Sent: Wednesday, September 18, 2019 11:06 AM > To: [email protected] > Cc: Wang, Jian J; Wu, Hao A; Gao, Liming; Laszlo Ersek > Subject: [edk2-devel] [patch v2 2/5] MdeModulePkg/DxeCapsuleLibFmp: > Unload image on EFI_SECURITY_VIOLATION > > For the LoadImage() boot service, with EFI_SECURITY_VIOLATION retval, > the Image was loaded and an ImageHandle was created with a valid > EFI_LOADED_IMAGE_PROTOCOL, but the image can not be started right now. > This follows UEFI Spec. > > But if the caller of LoadImage() doesn't have the option to defer > the execution of an image, we can not treat EFI_SECURITY_VIOLATION > like any other LoadImage() error, we should unload image for the > EFI_SECURITY_VIOLATION to avoid resource leak. > > This patch is to do error handling for EFI_SECURITY_VIOLATION explicitly > for the callers in DxeCapsuleLibFmp which don't have the policy to defer > the execution of the image. > > Cc: Jian J Wang <[email protected]> > Cc: Hao A Wu <[email protected]> > Cc: Liming Gao <[email protected]> > Cc: Laszlo Ersek <[email protected]> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1992 > Signed-off-by: Dandan Bi <[email protected]> > --- > MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c > b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c > index 95aa9de087..5dda561a04 100644 > --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c > +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c > @@ -1028,10 +1028,19 @@ StartFmpImage ( > ImageSize, > &ImageHandle > ); > DEBUG((DEBUG_INFO, "FmpCapsule: LoadImage - %r\n", Status)); > if (EFI_ERROR(Status)) { > + // > + // With EFI_SECURITY_VIOLATION retval, the Image was loaded and an > ImageHandle was created > + // with a valid EFI_LOADED_IMAGE_PROTOCOL, but the image can not be > started right now. > + // If the caller doesn't have the option to defer the execution of an > image, we should > + // unload image for the EFI_SECURITY_VIOLATION to avoid resource leak. > + // > + if (Status == EFI_SECURITY_VIOLATION) { > + gBS->UnloadImage (ImageHandle); > + }
Reviewed-by: Hao A Wu <[email protected]> Best Regards, Hao Wu > FreePool(DriverDevicePath); > return Status; > } > > DEBUG((DEBUG_INFO, "FmpCapsule: StartImage ...\n")); > -- > 2.18.0.windows.1 > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#47451): https://edk2.groups.io/g/devel/message/47451 Mute This Topic: https://groups.io/mt/34184007/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
