From patchwork Wed Jan 17 09:44:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 763287 Delivered-To: patch@linaro.org Received: by 2002:a5d:6e5d:0:b0:337:62d3:c6d5 with SMTP id j29csp185596wrz; Wed, 17 Jan 2024 01:46:57 -0800 (PST) X-Google-Smtp-Source: AGHT+IHO+ClXIokTK0Mk6Xv8uC54m2OP0AQ1yDETyblvLtCJZsAXH4woQxIMkuw0mHeyHx7hgBJj X-Received: by 2002:a05:600c:418b:b0:40e:53f8:5242 with SMTP id p11-20020a05600c418b00b0040e53f85242mr4806988wmh.72.1705484817267; Wed, 17 Jan 2024 01:46:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705484817; cv=none; d=google.com; s=arc-20160816; b=D4mpsMjOCuht1WH3xSPB6xoiULJIkB2rKDHPvOW+2OkErmm2zRzES1qwyxMhKRZdGI NkQfi6ZkLfbbvIV0UXZO7Dmx1/qnlj7ysoAHdzhZkU9JJRbqck1D89Q0j74DQfvmggNZ Z4E64J5iPdjmfnVkVf6eDXYSyX63jt6x82ecj6laGLE1YiN9+wYx9GnxJ1bMiYMeCWAr yRLraPi3cjQdNFgy6zL14vS/8rDPYKG+R4PiRgLqy3smnx+TCHXIQyk9SjUw1H4lKACw MknQO7MZFuYbUzvV99efl1yss/GO/m5xfHlQSQ7puhC35SAw0LkqxNdUGzJDQEw+TXNC qjIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=H/mGCQb8aGXFjbqqblC/NhK7evpYwFCorbUPtKhDUy8=; fh=90lSBw+wRfsPn+xaW0S3z+mfIwOpjwfjrVWi6OXSKN0=; b=qUpYIAOutfkSepRbLCk0/5OjZpeezd2Vw8FqT6uiYs7TmTmeXmVg0F7liadKDCM5Pp /Vt3JjJ80qFDBzag8WWyTUZH1Sc21mWG+j5WneXTqFrWKI2c1tUMjGj9CWjrVaPmF8YJ LVNq9a3B9maFiMBKmbp5FL2rVFoz8XKO/gFi4OkeUllQrNKsFLM7neo2l5I1Fv795dNj ngCb1LQ52LBwcUylU8TTdcleu7HrT67zO7e3xxWIeCNN/5vF7Xn4T1qB9RE8DcZoL/vv OTuvDBE30nt48o6im36INJed/W5lJvvcqTnXwMCxs0RwnByzdPUjdI/LuS9TAjrxHzSJ 0q5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=GDAYTqFe; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id fc12-20020a05600c524c00b0040e598c7c03si7641637wmb.108.2024.01.17.01.46.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Jan 2024 01:46:57 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=GDAYTqFe; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 206C187B42; Wed, 17 Jan 2024 10:46:50 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="GDAYTqFe"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 9D45E87B41; Wed, 17 Jan 2024 10:46:47 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id C4BC587B12 for ; Wed, 17 Jan 2024 10:46:44 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pl1-x630.google.com with SMTP id d9443c01a7336-1d5dfda4319so13019835ad.0 for ; Wed, 17 Jan 2024 01:46:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1705484802; x=1706089602; darn=lists.denx.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=H/mGCQb8aGXFjbqqblC/NhK7evpYwFCorbUPtKhDUy8=; b=GDAYTqFeR14oAwpvHDRTwPvMXqFuWj3SygUcCD8T2O+C1mykOBcOAHCQ1GI/Ew9N9w qNFrunp71jcY9aopSXsZoNJzqboSo1go5g04by71lvokWddAx/QoYULisrhCDjFyOYwD IVSPNntkC7/J/X/ZNiVOxqbZ55g0H9PhOb1zV/E39rNQ0nOvmrUPSB7Uqb6GB4ZP5z3c Nd+ozlay6gh9NJRcLH8M/neFSaM8/t8OWpg6RP4zY9247pXSC8b3HzHgikKvmeKQPnoP GiXjLsUiGSVmXk1e3uL4CO9RCSyTQKPhdlovztaFvpg0u8PyfOiDefcd14zQddoRNjt5 hW0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705484802; x=1706089602; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=H/mGCQb8aGXFjbqqblC/NhK7evpYwFCorbUPtKhDUy8=; b=k9VxAhRBeqnkfGFJV6pgxW0wSqRh0HzUs+LV+d8K62FBS0vz0prUO5Mq2yhTN4u+lA s6Pj/UMTSz9foJwiAbMfFD3e4YBBikwE5KjxhnF8XxlBkMJasNrGZcebA36Gxh5zDHPZ Aqqkfb+tig48GSaRnP1yTu9ukSt+SmQs3D0XQS7G+59V/X6j+3jqI8KmUcXxFfi/fYSt jJYuTF2TuICS6YWzQs+HYtphjZDEX/F+AQ0HCl9W29XAVf+wuh+qqAsOORcz9HKe/yIo wf3nkQ/Ugj3H3fFWmz+HbPM6VyUGl4YofWBgEycJyD1P5HEtM9l1ssusg7oEpuiFE1Ma aNlw== X-Gm-Message-State: AOJu0YzLgC6LzbZ99ZdfCitci54ALyuQjUIJmJvvi3neFeHkB1PYFAo0 wXpkAiNMUImooGgEBtK/wV7uxe7ymHZE2xgndftjvneqb3Y= X-Received: by 2002:a17:903:2986:b0:1d6:f3be:aad0 with SMTP id lm6-20020a170903298600b001d6f3beaad0mr366119plb.32.1705484802372; Wed, 17 Jan 2024 01:46:42 -0800 (PST) Received: from localhost ([164.70.16.189]) by smtp.gmail.com with ESMTPSA id e23-20020a170902ed9700b001d5eb912f8fsm2371267plj.15.2024.01.17.01.46.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Jan 2024 01:46:41 -0800 (PST) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , AKASHI Takahiro , Masahisa Kojima Subject: [PATCH v2 1/3] efi_loader: avoid pointer access after calling efi_delete_handle Date: Wed, 17 Jan 2024 18:44:30 +0900 Message-Id: <20240117094432.1049168-2-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240117094432.1049168-1-masahisa.kojima@linaro.org> References: <20240117094432.1049168-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean efi_delete_handle() calls efi_purge_handle(), then it finally frees the EFI handle. Both diskobj and handle variables in efi_disk_remove() have the same pointer, we can not access diskobj->dp after calling efi_delete_handle(). This commit saves the struct efi_device_path pointer before calling efi_delete_handle(). This commit also fixes the missing free for volume member in struct efi_disk_obj. This commit also removes the container_of() calls, and adds the TODO comment of missing efi_close_protocol() call for the parent EFI_BLOCK_IO_PROTOCOL. Signed-off-by: Masahisa Kojima Reviewed-by: Ilias Apalodimas --- lib/efi_loader/efi_disk.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/lib/efi_loader/efi_disk.c b/lib/efi_loader/efi_disk.c index 013842f077..ce46c1092a 100644 --- a/lib/efi_loader/efi_disk.c +++ b/lib/efi_loader/efi_disk.c @@ -707,35 +707,46 @@ int efi_disk_remove(void *ctx, struct event *event) struct udevice *dev = event->data.dm.dev; efi_handle_t handle; struct blk_desc *desc; + struct efi_device_path *dp = NULL; struct efi_disk_obj *diskobj = NULL; + struct efi_simple_file_system_protocol *volume = NULL; efi_status_t ret; if (dev_tag_get_ptr(dev, DM_TAG_EFI, (void **)&handle)) return 0; + if (!handle) + return 0; + id = device_get_uclass_id(dev); switch (id) { case UCLASS_BLK: desc = dev_get_uclass_plat(dev); if (desc && desc->uclass_id != UCLASS_EFI_LOADER) - diskobj = container_of(handle, struct efi_disk_obj, - header); + diskobj = (struct efi_disk_obj *)handle; break; case UCLASS_PARTITION: - diskobj = container_of(handle, struct efi_disk_obj, header); + diskobj = (struct efi_disk_obj *)handle; + + /* TODO: closing the parent EFI_BLOCK_IO_PROTOCOL is missing. */ + break; default: return 0; } + if (diskobj) { + dp = diskobj->dp; + volume = diskobj->volume; + } + ret = efi_delete_handle(handle); /* Do not delete DM device if there are still EFI drivers attached. */ if (ret != EFI_SUCCESS) return -1; - if (diskobj) - efi_free_pool(diskobj->dp); - + efi_free_pool(dp); + free(volume); dev_tag_del(dev, DM_TAG_EFI); return 0;