From db6288de85dce4482712ac5ed59d78ef22cd9ab6 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sun, 27 Dec 2020 15:33:09 +0100 Subject: efi_loader: missing parentheses after if IS_ENABLED() contains parentheses. But we should still put extra parentheses around it in an if statement for readability. Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_boottime.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/efi_loader/efi_boottime.c') diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c index 03053e8660..3ab5eb5ccc 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c @@ -2161,7 +2161,7 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, } if (!efi_st_keep_devices) { - if IS_ENABLED(CONFIG_USB_DEVICE) + if (IS_ENABLED(CONFIG_USB_DEVICE)) udc_disconnect(); board_quiesce_devices(); dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL); -- cgit v1.2.3 From 2a0f80f058a7ebc65cfdf863801d5ac26ad68d4e Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Mon, 28 Dec 2020 00:59:09 +0100 Subject: efi_loader: efi_signal_event() fix comment typos Add missing commas. Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_boottime.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/efi_loader/efi_boottime.c') diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c index 3ab5eb5ccc..a08630eef9 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c @@ -274,8 +274,8 @@ efi_status_t is_valid_tpl(efi_uintn_t tpl) * efi_signal_event() - signal an EFI event * @event: event to signal * - * This function signals an event. If the event belongs to an event group all - * events of the group are signaled. If they are of type EVT_NOTIFY_SIGNAL + * This function signals an event. If the event belongs to an event group, all + * events of the group are signaled. If they are of type EVT_NOTIFY_SIGNAL, * their notification function is queued. * * For the SignalEvent service see efi_signal_event_ext. -- cgit v1.2.3 From f8212f09702f802ffab42769133e3114bd6e5e77 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Mon, 28 Dec 2020 23:24:40 +0100 Subject: efi_loader: use after free in efi_exit() Do not use data from the loaded image object after deleting it. Fixes: 126a43f15b36 ("efi_loader: unload applications upon Exit()") Signed-off-by: Heinrich Schuchardt --- include/efi_loader.h | 4 ++-- lib/efi_loader/efi_boottime.c | 17 ++++++++++++----- 2 files changed, 14 insertions(+), 7 deletions(-) (limited to 'lib/efi_loader/efi_boottime.c') diff --git a/include/efi_loader.h b/include/efi_loader.h index 280225a7c1..62a6c3de5a 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -311,10 +311,10 @@ enum efi_image_auth_status { */ struct efi_loaded_image_obj { struct efi_object header; - efi_status_t exit_status; + efi_status_t *exit_status; efi_uintn_t *exit_data_size; u16 **exit_data; - struct jmp_buf_data exit_jmp; + struct jmp_buf_data *exit_jmp; EFIAPI efi_status_t (*entry)(efi_handle_t image_handle, struct efi_system_table *st); u16 image_type; diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c index a08630eef9..b799fcf1f2 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c @@ -2978,6 +2978,8 @@ efi_status_t EFIAPI efi_start_image(efi_handle_t image_handle, efi_status_t ret; void *info; efi_handle_t parent_image = current_image; + efi_status_t exit_status; + struct jmp_buf_data exit_jmp; EFI_ENTRY("%p, %p, %p", image_handle, exit_data_size, exit_data); @@ -2999,9 +3001,11 @@ efi_status_t EFIAPI efi_start_image(efi_handle_t image_handle, image_obj->exit_data_size = exit_data_size; image_obj->exit_data = exit_data; + image_obj->exit_status = &exit_status; + image_obj->exit_jmp = &exit_jmp; /* call the image! */ - if (setjmp(&image_obj->exit_jmp)) { + if (setjmp(&exit_jmp)) { /* * We called the entry point of the child image with EFI_CALL * in the lines below. The child image called the Exit() boot @@ -3023,10 +3027,10 @@ efi_status_t EFIAPI efi_start_image(efi_handle_t image_handle, */ assert(__efi_entry_check()); EFI_PRINT("%lu returned by started image\n", - (unsigned long)((uintptr_t)image_obj->exit_status & + (unsigned long)((uintptr_t)exit_status & ~EFI_ERROR_MASK)); current_image = parent_image; - return EFI_EXIT(image_obj->exit_status); + return EFI_EXIT(exit_status); } current_image = image_handle; @@ -3209,6 +3213,7 @@ static efi_status_t EFIAPI efi_exit(efi_handle_t image_handle, struct efi_loaded_image *loaded_image_protocol; struct efi_loaded_image_obj *image_obj = (struct efi_loaded_image_obj *)image_handle; + struct jmp_buf_data *exit_jmp; EFI_ENTRY("%p, %ld, %zu, %p", image_handle, exit_status, exit_data_size, exit_data); @@ -3250,6 +3255,9 @@ static efi_status_t EFIAPI efi_exit(efi_handle_t image_handle, if (ret != EFI_SUCCESS) EFI_PRINT("%s: out of memory\n", __func__); } + /* efi_delete_image() frees image_obj. Copy before the call. */ + exit_jmp = image_obj->exit_jmp; + *image_obj->exit_status = exit_status; if (image_obj->image_type == IMAGE_SUBSYSTEM_EFI_APPLICATION || exit_status != EFI_SUCCESS) efi_delete_image(image_obj, loaded_image_protocol); @@ -3263,8 +3271,7 @@ static efi_status_t EFIAPI efi_exit(efi_handle_t image_handle, */ efi_restore_gd(); - image_obj->exit_status = exit_status; - longjmp(&image_obj->exit_jmp, 1); + longjmp(exit_jmp, 1); panic("EFI application exited"); out: -- cgit v1.2.3 From b7d186f07168eca28ca0719a0fc13fb21a97b6e7 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Mon, 28 Dec 2020 00:25:34 +0100 Subject: efi_loader: event queueing When a new event is queued we have to process the event queue by calling efi_process_event_queue(). But there is not reason to call the function when the event is not queueable. Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_boottime.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/efi_loader/efi_boottime.c') diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c index b799fcf1f2..b2cb0160c0 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c @@ -247,8 +247,8 @@ static void efi_queue_event(struct efi_event *event) } if (event) list_add_tail(&event->queue_link, &efi_event_queue); + efi_process_event_queue(); } - efi_process_event_queue(); } /** -- cgit v1.2.3