[U-Boot] [PATCH v2 1/1] efi_loader: LoadImage() parameter checks

Heinrich Schuchardt xypron.glpk at gmx.de
Mon May 6 07:52:08 UTC 2019 

On 5/6/19 9:24 AM, Graf, Alexander wrote:
> 
> On 06.05.19 07:42, Heinrich Schuchardt wrote:
>> If the file path is NULL, return EFI_INVALID_PARAMETER.
>> If the file path is invalid, return EFI_NOT_FOUND.
> 
> 
> These 2 are a documented inEFI_LOAD_FILE_PROTOCOL.LoadFile(). It might
> be a good idea to indicate that for later reference.
> 

See the last sentence of the commit message.

> 
>> If the size of the source buffer is 0, return EFI_LOAD_ERROR.
> 
> 
> The spec says this should be EFI_INVALID_PARAMETER, no? Is this a spec
> or an SCT bug?

According to the UEFI 2.7A spec:
EFI_LOAD_IMAGE should be returned if the image is corrupt.

UEFI SCT II Case Specification (June 2017), 3.4.1 LoadImage, Number
5.1.4.1.6

> 
> 
>> If the parent image handle does not refer to a loaded image return
>> EFI_INVALID_PARAMETER.
> 
> 
> I agree that this is a good change, but where is the spec reference? I
> couldn't find anything.
>

UEFI SCT II Case Specification (June 2017), 3.4.1 LoadImage, Number
5.1.4.1.1

> 
>>
>> The change is required to reach UEFI SCT conformance.
>>
>> Signed-off-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
> 
> 
> IMHO this really should be a patch set with multiple individual changes,
> each changing one piece of spec conformance at a time.
> 
> 
> That way if we happen to break anything along the way, bisecting would
> point us to exactly the right point where things fell apart.
> 
> 
>> ---
>> v2
>>     efi_load_image_from_path() must initalize *buffer even in case of
>>     an error
>> ---
>>   include/efi_loader.h           |  1 +
>>   lib/efi_loader/efi_boottime.c  | 17 ++++++++----
>>   lib/efi_loader/efi_root_node.c | 48 ++++++++++++++++++----------------
>>   3 files changed, 39 insertions(+), 27 deletions(-)
>>
>> diff --git a/include/efi_loader.h b/include/efi_loader.h
>> index d3a1d4c465..07ef14ba1c 100644
>> --- a/include/efi_loader.h
>> +++ b/include/efi_loader.h
>> @@ -187,6 +187,7 @@ struct efi_handler {
>>    */
>>   enum efi_object_type {
>>       EFI_OBJECT_TYPE_UNDEFINED = 0,
>> +    EFI_OBJECT_TYPE_U_BOOT_FIRMWARE,
> 
> 
> This looks like an unrelated change?

No. We use efi_root as parent_image. We test if parent_image is an image
in LoadImage. So efi_root must be marked as image.

> 
> 
>>       EFI_OBJECT_TYPE_LOADED_IMAGE,
>>       EFI_OBJECT_TYPE_STARTED_IMAGE,
>>   };
>> diff --git a/lib/efi_loader/efi_boottime.c
>> b/lib/efi_loader/efi_boottime.c
>> index 78a4063949..f75e6c0169 100644
>> --- a/lib/efi_loader/efi_boottime.c
>> +++ b/lib/efi_loader/efi_boottime.c
>> @@ -1680,10 +1680,13 @@ efi_status_t efi_load_image_from_path(struct
>> efi_device_path *file_path,
>>       *buffer = NULL;
>>       *size = 0;
>>
>> +    if (!file_path)
>> +        return EFI_INVALID_PARAMETER;
>> +
>>       /* Open file */
>>       f = efi_file_from_path(file_path);
>>       if (!f)
>> -        return EFI_DEVICE_ERROR;
>> +        return EFI_NOT_FOUND;
>>
>>       /* Get file size */
>>       bs = 0;
>> @@ -1760,13 +1763,13 @@ efi_status_t EFIAPI efi_load_image(bool
>> boot_policy,
>>       EFI_ENTRY("%d, %p, %pD, %p, %zd, %p", boot_policy, parent_image,
>>             file_path, source_buffer, source_size, image_handle);
>>
>> -    if (!image_handle || !parent_image) {
>> +    if (!image_handle || !efi_search_obj(parent_image)) {
>>           ret = EFI_INVALID_PARAMETER;
>>           goto error;
>>       }
>> -
>> -    if (!source_buffer && !file_path) {
>> -        ret = EFI_NOT_FOUND;
>> +    /* The parent image handle must refer to a loaded image */
>> +    if (!parent_image->type) {
>> +        ret = EFI_INVALID_PARAMETER;
>>           goto error;
>>       }
>>
>> @@ -1776,6 +1779,10 @@ efi_status_t EFIAPI efi_load_image(bool
>> boot_policy,
>>           if (ret != EFI_SUCCESS)
>>               goto error;
>>       } else {
>> +        if (!source_size) {
>> +            ret = EFI_LOAD_ERROR;
>> +            goto error;
>> +        }
>>           dest_buffer = source_buffer;
>>       }
>>       /* split file_path which contains both the device and file parts */
>> diff --git a/lib/efi_loader/efi_root_node.c
>> b/lib/efi_loader/efi_root_node.c
>> index e0fcbb85a4..38514e0820 100644
>> --- a/lib/efi_loader/efi_root_node.c
>> +++ b/lib/efi_loader/efi_root_node.c
>> @@ -28,6 +28,7 @@ struct efi_root_dp {
>>    */
>>   efi_status_t efi_root_node_register(void)
>>   {
>> +    efi_status_t ret;
>>       struct efi_root_dp *dp;
>>
>>       /* Create device path protocol */
>> @@ -47,28 +48,31 @@ efi_status_t efi_root_node_register(void)
>>       dp->end.length = sizeof(struct efi_device_path);
>>
>>       /* Create root node and install protocols */
>> -    return EFI_CALL(efi_install_multiple_protocol_interfaces(&efi_root,
>> -               /* Device path protocol */
>> -               &efi_guid_device_path, dp,
>> -               /* Device path to text protocol */
>> -               &efi_guid_device_path_to_text_protocol,
>> -               (void *)&efi_device_path_to_text,
>> -               /* Device path utilities protocol */
>> -               &efi_guid_device_path_utilities_protocol,
>> -               (void *)&efi_device_path_utilities,
>> -               /* Unicode collation protocol */
>> -               &efi_guid_unicode_collation_protocol,
>> -               (void *)&efi_unicode_collation_protocol,
>> +    ret = EFI_CALL(efi_install_multiple_protocol_interfaces
>> +            (&efi_root,
>> +             /* Device path protocol */
>> +             &efi_guid_device_path, dp,
>> +             /* Device path to text protocol */
>> +             &efi_guid_device_path_to_text_protocol,
>> +             (void *)&efi_device_path_to_text,
>> +             /* Device path utilities protocol */
>> +             &efi_guid_device_path_utilities_protocol,
>> +             (void *)&efi_device_path_utilities,
>> +             /* Unicode collation protocol */
>> +             &efi_guid_unicode_collation_protocol,
>> +             (void *)&efi_unicode_collation_protocol,
>>   #if CONFIG_IS_ENABLED(EFI_LOADER_HII)
>> -               /* HII string protocol */
>> -               &efi_guid_hii_string_protocol,
>> -               (void *)&efi_hii_string,
>> -               /* HII database protocol */
>> -               &efi_guid_hii_database_protocol,
>> -               (void *)&efi_hii_database,
>> -               /* HII configuration routing protocol */
>> -               &efi_guid_hii_config_routing_protocol,
>> -               (void *)&efi_hii_config_routing,
>> +             /* HII string protocol */
>> +             &efi_guid_hii_string_protocol,
>> +             (void *)&efi_hii_string,
>> +             /* HII database protocol */
>> +             &efi_guid_hii_database_protocol,
>> +             (void *)&efi_hii_database,
>> +             /* HII configuration routing protocol */
>> +             &efi_guid_hii_config_routing_protocol,
>> +             (void *)&efi_hii_config_routing,
>>   #endif
>> -               NULL));
>> +             NULL));
>> +    efi_root->type = EFI_OBJECT_TYPE_U_BOOT_FIRMWARE;
>> +    return ret;
> 
> 
> I guess this is part of the unrelated change?

No. We use efi_root as parent_image. We test if parent_image is an image
in LoadImage. So efi_root must be marked as image.

Best regards

Heinrich

> 
> 
> 
> Alex
> 
> 
> 
>>   }
>> -- 
>> 2.20.1
>>
>

More information about the U-Boot mailing list