tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-24 14:14:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

ArmVirtPkg/PlatformBootManagerLib: unload image on EFI_SECURITY_VIOLATION

Browse Source 
The LoadImage() boot service is a bit unusual in that it allocates
resources in a particular failure case; namely, it produces a valid
"ImageHandle" when it returns EFI_SECURITY_VIOLATION. This is supposed to
happen e.g. when Secure Boot verification fails for the image, but the
platform policy for the particular image origin (such as "fixed media" or
"removable media") is DEFER_EXECUTE_ON_SECURITY_VIOLATION. The return code
allows platform logic to selectively override the verification failure,
and launch the image nonetheless.

ArmVirtPkg/PlatformBootManagerLib does not override EFI_SECURITY_VIOLATION
for the kernel image loaded from fw_cfg -- any LoadImage() error is
considered fatal. When we simply treat EFI_SECURITY_VIOLATION like any
other LoadImage() error, we leak the resources associated with
"KernelImageHandle". From a resource usage perspective,
EFI_SECURITY_VIOLATION must be considered "success", and rolled back.

Implement this rollback, without breaking the proper "nesting" of error
handling jumps and labels.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1992
Fixes: 23d04b58e27b382bbd3f9b16ba9adb1cb203dad5
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
This commit is contained in:
Laszlo Ersek 2019-09-03 17:08:45 +02:00
parent 23908d0f5c
commit ae9f12058d
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ArmVirtPkg/Library/PlatformBootManagerLib/QemuKernel.c
View File

@ -991,7 +991,14 @@ TryRunningQemuKernel (
);
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "%a: LoadImage(): %r\n", __FUNCTION__, Status));
goto FreeKernelDevicePath;
if (Status != EFI_SECURITY_VIOLATION) {
goto FreeKernelDevicePath;
}
//
// From the resource allocation perspective, EFI_SECURITY_VIOLATION means
// "success", so we must roll back the image loading.
//
goto UnloadKernelImage;
}
//