audk/ArmVirtPkg
Laszlo Ersek ae9f12058d ArmVirtPkg/PlatformBootManagerLib: unload image on EFI_SECURITY_VIOLATION
The LoadImage() boot service is a bit unusual in that it allocates
resources in a particular failure case; namely, it produces a valid
"ImageHandle" when it returns EFI_SECURITY_VIOLATION. This is supposed to
happen e.g. when Secure Boot verification fails for the image, but the
platform policy for the particular image origin (such as "fixed media" or
"removable media") is DEFER_EXECUTE_ON_SECURITY_VIOLATION. The return code
allows platform logic to selectively override the verification failure,
and launch the image nonetheless.

ArmVirtPkg/PlatformBootManagerLib does not override EFI_SECURITY_VIOLATION
for the kernel image loaded from fw_cfg -- any LoadImage() error is
considered fatal. When we simply treat EFI_SECURITY_VIOLATION like any
other LoadImage() error, we leak the resources associated with
"KernelImageHandle". From a resource usage perspective,
EFI_SECURITY_VIOLATION must be considered "success", and rolled back.

Implement this rollback, without breaking the proper "nesting" of error
handling jumps and labels.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1992
Fixes: 23d04b58e2
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
2019-09-05 19:22:43 +02:00
..
FdtClientDxe ArmVirtPkg: Replace BSD License with BSD+Patent License 2019-04-09 09:10:21 -07:00
HighMemDxe ArmVirtPkg: Replace BSD License with BSD+Patent License 2019-04-09 09:10:21 -07:00
Include ArmVirtPkg: Replace BSD License with BSD+Patent License 2019-04-09 09:10:21 -07:00
Library ArmVirtPkg/PlatformBootManagerLib: unload image on EFI_SECURITY_VIOLATION 2019-09-05 19:22:43 +02:00
PlatformHasAcpiDtDxe ArmVirtPkg: Replace BSD License with BSD+Patent License 2019-04-09 09:10:21 -07:00
PrePi ArmVirtPkg/ArmVirtPrePiUniCoreRelocatable: revert to PIE linking 2019-09-05 10:05:08 -07:00
VirtioFdtDxe ArmVirtPkg: Replace BSD License with BSD+Patent License 2019-04-09 09:10:21 -07:00
XenAcpiPlatformDxe ArmVirtPkg: Replace BSD License with BSD+Patent License 2019-04-09 09:10:21 -07:00
XenPlatformHasAcpiDtDxe ArmVirtPkg: Replace BSD License with BSD+Patent License 2019-04-09 09:10:21 -07:00
XenioFdtDxe ArmVirtPkg: Replace BSD License with BSD+Patent License 2019-04-09 09:10:21 -07:00
ArmVirt.dsc.inc ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu* 2019-06-28 18:07:54 +02:00
ArmVirtPkg.dec ArmVirtPkg: Replace BSD License with BSD+Patent License 2019-04-09 09:10:21 -07:00
ArmVirtQemu.dsc ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu* 2019-06-28 18:07:54 +02:00
ArmVirtQemu.fdf ArmVirtPkg: Replace BSD License with BSD+Patent License 2019-04-09 09:10:21 -07:00
ArmVirtQemuFvMain.fdf.inc ArmVirtPkg: Update DSC/FDF to use NetworkPkg's include fragment file. 2019-05-16 16:45:37 +02:00
ArmVirtQemuKernel.dsc ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu* 2019-06-28 18:07:54 +02:00
ArmVirtQemuKernel.fdf ArmVirtPkg: Replace BSD License with BSD+Patent License 2019-04-09 09:10:21 -07:00
ArmVirtRules.fdf.inc ArmVirtPkg: Update UefiDecompressLib instance 2019-04-10 14:11:48 +08:00
ArmVirtXen.dsc OvmfPkg: Move XenRealTimeClockLib from ArmVirtPkg 2019-08-21 18:03:50 +02:00
ArmVirtXen.fdf ArmVirtPkg: Replace BSD License with BSD+Patent License 2019-04-09 09:10:21 -07:00
VarStore.fdf.inc ArmVirtPkg: Replace BSD License with BSD+Patent License 2019-04-09 09:10:21 -07:00