[PATCH v2] EFI loader: remove redundant code

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH v2] EFI loader: remove redundant code
@ 2016-11-02  4:18 Eugene Korenevsky
  2016-11-02  9:25 ` Ard Biesheuvel
  0 siblings, 1 reply; 4+ messages in thread
From: Eugene Korenevsky @ 2016-11-02  4:18 UTC (permalink / raw)
  To: linux-kernel, linux-efi
  Cc: Matt Fleming, Linn Crosetto, Ard Biesheuvel, H. Peter Anvin,
	Thomas Gleixner, Ingo Molnar

*e820ext is always NULL in 'alloc_e820ext()' (see the code of 'exit_boot()').
Without loss of generality we can replace freeing with returning
EFI_INVALID_PARAMETER. So if the caller would ever incorrectly pass non-NULL
*e820ext, he will obtain a returned error code.

---
 arch/x86/boot/compressed/eboot.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index cc69e37..6cc66c7 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -956,11 +956,8 @@ static efi_status_t alloc_e820ext(u32 nr_desc, struct setup_data **e820ext,
 	size = sizeof(struct setup_data) +
 		sizeof(struct e820entry) * nr_desc;
 
-	if (*e820ext) {
-		efi_call_early(free_pool, *e820ext);
-		*e820ext = NULL;
-		*e820ext_size = 0;
-	}
+	if (*e820ext)
+		return EFI_INVALID_PARAMETER;
 
 	status = efi_call_early(allocate_pool, EFI_LOADER_DATA,
 				size, (void **)e820ext);
-- 
2.10.2

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] EFI loader: remove redundant code
  2016-11-02  4:18 [PATCH v2] EFI loader: remove redundant code Eugene Korenevsky
@ 2016-11-02  9:25 ` Ard Biesheuvel
  2016-11-02 13:56   ` Eugene Korenevsky
  0 siblings, 1 reply; 4+ messages in thread
From: Ard Biesheuvel @ 2016-11-02  9:25 UTC (permalink / raw)
  To: Eugene Korenevsky
  Cc: linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org,
	Matt Fleming, Linn Crosetto, H. Peter Anvin, Thomas Gleixner,
	Ingo Molnar

Hello Eugene,

On 2 November 2016 at 04:18, Eugene Korenevsky <ekorenevsky@gmail.com> wrote:
> *e820ext is always NULL in 'alloc_e820ext()' (see the code of 'exit_boot()').
> Without loss of generality we can replace freeing with returning
> EFI_INVALID_PARAMETER. So if the caller would ever incorrectly pass non-NULL
> *e820ext, he will obtain a returned error code.
>

What exactly are you trying to fix here? Adding new artificial failure
modes is hardly worth it when all you are doing is cleaning up code
that by itself is correct to begin with, but is simply never called.


> ---
>  arch/x86/boot/compressed/eboot.c | 7 ++-----
>  1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
> index cc69e37..6cc66c7 100644
> --- a/arch/x86/boot/compressed/eboot.c
> +++ b/arch/x86/boot/compressed/eboot.c
> @@ -956,11 +956,8 @@ static efi_status_t alloc_e820ext(u32 nr_desc, struct setup_data **e820ext,
>         size = sizeof(struct setup_data) +
>                 sizeof(struct e820entry) * nr_desc;
>
> -       if (*e820ext) {
> -               efi_call_early(free_pool, *e820ext);
> -               *e820ext = NULL;
> -               *e820ext_size = 0;
> -       }
> +       if (*e820ext)
> +               return EFI_INVALID_PARAMETER;
>
>         status = efi_call_early(allocate_pool, EFI_LOADER_DATA,
>                                 size, (void **)e820ext);
> --
> 2.10.2
>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] EFI loader: remove redundant code
  2016-11-02  9:25 ` Ard Biesheuvel
@ 2016-11-02 13:56   ` Eugene Korenevsky
  2016-11-02 13:57     ` Ard Biesheuvel
  0 siblings, 1 reply; 4+ messages in thread
From: Eugene Korenevsky @ 2016-11-02 13:56 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org,
	Matt Fleming, Linn Crosetto, H. Peter Anvin, Thomas Gleixner,
	Ingo Molnar

> > *e820ext is always NULL in 'alloc_e820ext()' (see the code of 'exit_boot()').
> > Without loss of generality we can replace freeing with returning
> > EFI_INVALID_PARAMETER. So if the caller would ever incorrectly pass non-NULL
> > *e820ext, he will obtain a returned error code.
> >
> 
> What exactly are you trying to fix here? Adding new artificial failure
> modes is hardly worth it when all you are doing is cleaning up code
> that by itself is correct to begin with, but is simply never called.

This code (free_pool, assignments) is dead whether it is correct or
not. So it is to be removed.
The check gives some assurance that memory is not leaked if the calling
code is changed.


> > @@ -956,11 +956,8 @@ static efi_status_t alloc_e820ext(u32 nr_desc, struct setup_data **e820ext,
> >         size = sizeof(struct setup_data) +
> >                 sizeof(struct e820entry) * nr_desc;
> >
> > -       if (*e820ext) {
> > -               efi_call_early(free_pool, *e820ext);
> > -               *e820ext = NULL;
> > -               *e820ext_size = 0;
> > -       }
> > +       if (*e820ext)
> > +               return EFI_INVALID_PARAMETER;
> >
> >         status = efi_call_early(allocate_pool, EFI_LOADER_DATA,
> >                                 size, (void **)e820ext);
> > --


-- 
Eugene

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] EFI loader: remove redundant code
  2016-11-02 13:56   ` Eugene Korenevsky
@ 2016-11-02 13:57     ` Ard Biesheuvel
  0 siblings, 0 replies; 4+ messages in thread
From: Ard Biesheuvel @ 2016-11-02 13:57 UTC (permalink / raw)
  To: Eugene Korenevsky
  Cc: linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org,
	Matt Fleming, Linn Crosetto, H. Peter Anvin, Thomas Gleixner,
	Ingo Molnar

On 2 November 2016 at 13:56, Eugene Korenevsky <ekorenevsky@gmail.com> wrote:
>> > *e820ext is always NULL in 'alloc_e820ext()' (see the code of 'exit_boot()').
>> > Without loss of generality we can replace freeing with returning
>> > EFI_INVALID_PARAMETER. So if the caller would ever incorrectly pass non-NULL
>> > *e820ext, he will obtain a returned error code.
>> >
>>
>> What exactly are you trying to fix here? Adding new artificial failure
>> modes is hardly worth it when all you are doing is cleaning up code
>> that by itself is correct to begin with, but is simply never called.
>
> This code (free_pool, assignments) is dead whether it is correct or
> not. So it is to be removed.
> The check gives some assurance that memory is not leaked if the calling
> code is changed.
>

No, it doesn't. This code executes in the context of the UEFI
firmware, which is riddled with bugs on older x86 platforms (as well
as non newer non-x86 platforms). By returning an error at runtime, you
may be breaking the boot for someone who wil have *no* idea whatsoever
what is going on.

If you want to clean this up in a way that prevents future issues,
please use something like BUILD_BUG()

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2016-11-02 13:58 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-11-02  4:18 [PATCH v2] EFI loader: remove redundant code Eugene Korenevsky
2016-11-02  9:25 ` Ard Biesheuvel
2016-11-02 13:56   ` Eugene Korenevsky
2016-11-02 13:57     ` Ard Biesheuvel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox