For the LoadImage() boot service, with EFI_SECURITY_VIOLATION retval,
the Image was loaded and an ImageHandle was created with a valid
EFI_LOADED_IMAGE_PROTOCOL, but the image can not be started right now.
This follows UEFI Spec.
But if the caller of LoadImage() doesn't have the option to defer
the execution of an image, we can not treat EFI_SECURITY_VIOLATION
like any other LoadImage() error, we should unload image for the
EFI_SECURITY_VIOLATION to avoid resource leak.
This patch is to do error handling for EFI_SECURITY_VIOLATION explicitly
for the callers in UefiBootManagerLib which don't have the policy to defer
the execution of the image.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1992
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
As reported by Gary, the recent LoadImage/StartImage changes to
accommodate dispatching PE/COFF images built for foreign architectures
may result in a crash when loading an IA32 option ROM into a X64 VM
running OVMF:
Loading driver at 0x0007E537000 EntryPoint=0x0007E53C06D 8086100e.efi
InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF 7F003B98
ProtectUefiImageCommon - 0x7F002BC0
- 0x000000007E537000 - 0x000000000009F900
Image type IA32 can't be started on X64 UEFI system.
ASSERT MdeModulePkg/Core/Dxe/Mem/Pool.c(698): Head->Signature == ((('p') |
('h' << 8)) | ((('d') | ('0' << 8)) << 16)) || Head->Signature
== ((('p') | ('h' << 8)) | ((('d') | ('1' << 8)) << 16))
This turns out to be caused by the deferred image loading code in BDS,
which ends up trying to free an uninitialized 'ExitData' pointer.
Given that ExitData is never actually used, let's just get rid of it
entirely. While we're at it, drop the pointless assignment of Status
as well.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Gary Lin <glin@suse.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
1. Do not use tab characters
2. No trailing white space in one line
3. All files must end with CRLF
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Mark EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS as deprecated.
1. Make SetVariable/QueryVariableInfo return EFI_UNSUPPORTED with this
attribute
2. No change to GetVariable/GetNextVariableName
Also update several function descriptors accordingly
Cc: Long Qin <qin.long@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
BmCharToUint() could be called using external data and it
already contains logic to return -1 when data is invalid,
so removing unnecessary assertion to avoid system hang.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
There are cases that the operands of an expression are all with rank less
than UINT64/INT64 and the result of the expression is explicitly cast to
UINT64/INT64 to fit the target size.
An example will be:
UINT32 a,b;
// a and b can be any unsigned int type with rank less than UINT64, like
// UINT8, UINT16, etc.
UINT64 c;
c = (UINT64) (a + b);
Some static code checkers may warn that the expression result might
overflow within the rank of "int" (integer promotions) and the result is
then cast to a bigger size.
The commit refines codes by the following rules:
1). When the expression is possible to overflow the range of unsigned int/
int:
c = (UINT64)a + b;
2). When the expression will not overflow within the rank of "int", remove
the explicit type casts:
c = a + b;
3). When the expression will be cast to pointer of possible greater size:
UINT32 a,b;
VOID *c;
c = (VOID *)(UINTN)(a + b); --> c = (VOID *)((UINTN)a + b);
4). When one side of a comparison expression contains only operands with
rank less than UINT32:
UINT8 a;
UINT16 b;
UINTN c;
if ((UINTN)(a + b) > c) {...} --> if (((UINT32)a + b) > c) {...}
For rule 4), if we remove the 'UINTN' type cast like:
if (a + b > c) {...}
The VS compiler will complain with warning C4018 (signed/unsigned
mismatch, level 3 warning) due to promoting 'a + b' to type 'int'.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
When firmware boots to UiApp, the memory type information settings
are saved to NV storage and the settings in HOB are changed as well.
Because UiApp is an APPLICATION type of boot option, system doesn't
reset when settings change.
But when user selects OS to boot in UiApp, because the settings in HOB
was updated when booting to UiApp, the BDS doesn't think the settings
change, expected reset doesn't happen.
The patch fixes this issue to not update the settings in HOB.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Sunny Wang <sunnywang@hpe.com>
The API dispatches the deferred images that are returned from all
DeferredImageLoad instances.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Chao B Zhang <chao.b.zhang@intel.com>
Reviewed-by: Sunny Wang <sunnywang@hpe.com>
The patch re-orders the sequences by putting updating memory type
information before loading the boot option so that the reserved
memory usage by HTTP RAM disk boot can be excluded by the memory
type information updating.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Sunny Wang <sunnywang@hpe.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
After booting a large-size ISO RAM disk (HTTP boot option pointing to
a ISO file) and reboot system, system will possibly run into the
following ASSERT because the BDS core code doesn't consider the
case that Memory page management (Page.c) would possibly NOT update
current memory usage statistics(CurrentMemoryTypeInformation) if
system allocates a memory buffer with a large number of pages.
ASSERT [DxeCore] u:\MdeModulePkg\Core\Dxe\Gcd\Gcd.c(2273):
Length >= MinimalMemorySizeNeeded
The BDS code block for skipping counting reserved memory occupied
by RAM Disk didn't consider the Memory page management's behavior
mentioned above, which caused that the
CurrentMemoryTypeInformation[Index1].NumberOfPages will be updated
to a "very big value" because RamDiskSizeInPages is bigger than
CurrentMemoryTypeInformation[Index1].NumberOfPages. For example,
NumberOfPages is 0x9000 (current use) and RamDiskSizeInPages is
0xC0000 (ISO image size). The result will become a very big value
0xFFF49000.
Therefore, we need to add a check to prevent BDS core code updating
wrong data (very big value) to MemoryTypeInformation variable. This
code change is a improvement for fixing this issue for most cases.
There is still a corner case even when the memory bins don't include
the RAM disk memory, the memory used by all other modules exceeds
RamDiskSizeInPages. Ray will send the other patch to fix this corner
case.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Sunny Wang <sunnywang@hpe.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Ruiyu Ni <Ruiyu.ni@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
MemoryTypeInformation don't count the reserved memory used by RAM Disk,
but it still check all types of memory and do reset when any type
of memory size changes.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Align to old BDS behavior (IntelFrameworkModulePkg/BDS) to always create
MemoryTypeInfo variable regardless of the PcdResetOnMemoryTypeInformationChange
value.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18926 6f19259b-4bc3-4df7-8a09-765794883524
The patch also moves the BmCharToUint to BmMisc.c because it
belongs to misc functions.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Sunny Wang <sunnywang@hpe.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18855 6f19259b-4bc3-4df7-8a09-765794883524