[PATCH master] efi: loader: avoid NULL image file paths

mail archive of the barebox mailing list
 help / color / mirror / Atom feed

* [PATCH master] efi: loader: avoid NULL image file paths
@ 2026-06-15 13:37 Ahmad Fatoum
  2026-06-15 13:46 ` Sascha Hauer
  0 siblings, 1 reply; 2+ messages in thread
From: Ahmad Fatoum @ 2026-06-15 13:37 UTC (permalink / raw)
  To: barebox; +Cc: Ahmad Fatoum

Booting an EFI application directly from a raw block device creates
a device path without a file path node. efi_dp_split_file_path()
propagated this as a NULL file path, which was then exposed through
the Loaded Image Protocol.

The EDK2 shell dereferences LoadedImage->FilePath while looking
for startup.nsh and crashed barebox after the countdown.

Return an allocated empty device path for device-only images instead,
and make LoadImage() handle split failures explicitly.

Assisted-by: Codex:gpt-5.5
Fixes: ba9c4217b8ea ("efi: loader: boot: implement LoadImage BootService")
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 efi/loader/boot.c       | 16 ++++++++++------
 efi/loader/devicepath.c | 11 ++++++++++-
 2 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/efi/loader/boot.c b/efi/loader/boot.c
index adcfd96b4648..b92e6bb33093 100644
--- a/efi/loader/boot.c
+++ b/efi/loader/boot.c
@@ -1983,7 +1983,7 @@ efi_status_t EFIAPI efiloader_load_image(bool boot_policy,
 	struct efi_loaded_image_obj **image_obj =
 		(struct efi_loaded_image_obj **)image_handle;
 	efi_status_t ret;
-	void *dest_buffer;
+	void *dest_buffer = NULL;
 
 	EFI_ENTRY("%d, %p, %pD, %p, %zu, %p", boot_policy, parent_image,
 		  file_path, source_buffer, source_size, image_handle);
@@ -1996,6 +1996,7 @@ efi_status_t EFIAPI efiloader_load_image(bool boot_policy,
 		goto error;
 	}
 
+	*image_handle = NULL;
 	if (!source_buffer) {
 		ret = efi_load_image_from_path(boot_policy, file_path,
 					       &dest_buffer, &source_size);
@@ -2005,10 +2006,13 @@ efi_status_t EFIAPI efiloader_load_image(bool boot_policy,
 		dest_buffer = source_buffer;
 	}
 	/* split file_path which contains both the device and file parts */
-	efi_dp_split_file_path(file_path, &dp, &fp);
-	ret = efi_setup_loaded_image(dp, fp, image_obj, &info);
-	if (ret == EFI_SUCCESS)
-		ret = efi_load_pe(*image_obj, dest_buffer, source_size, info);
+	ret = efi_dp_split_file_path(file_path, &dp, &fp);
+	if (ret == EFI_SUCCESS) {
+		ret = efi_setup_loaded_image(dp, fp, image_obj, &info);
+		if (ret == EFI_SUCCESS)
+			ret = efi_load_pe(*image_obj, dest_buffer, source_size, info);
+	}
+
 	if (!source_buffer)
 		/* Release buffer to which file was loaded */
 		efi_free_pages((uintptr_t)dest_buffer,
@@ -2016,7 +2020,7 @@ efi_status_t EFIAPI efiloader_load_image(bool boot_policy,
 	if (ret == EFI_SUCCESS || ret == EFI_SECURITY_VIOLATION) {
 		info->system_table = &systab;
 		info->parent_handle = parent_image;
-	} else {
+	} else if (*image_handle) {
 		/* The image is invalid. Release all associated resources. */
 		efi_delete_handle(*image_handle);
 		*image_handle = NULL;
diff --git a/efi/loader/devicepath.c b/efi/loader/devicepath.c
index a12ab24caaa1..b181bf6993be 100644
--- a/efi/loader/devicepath.c
+++ b/efi/loader/devicepath.c
@@ -444,7 +444,8 @@ struct efi_device_path *efi_dp_append_node(const struct efi_device_path *dp,
  *
  * @full_path:      device path including device and file path
  * @device_path:    path of the device
- * @file_path:      relative path of the file or NULL if there is none
+ * @file_path:      relative path of the file or an empty device path if there
+ *                  is none
  * Return:      status code
  */
 efi_status_t efi_dp_split_file_path(struct efi_device_path *full_path,
@@ -474,6 +475,14 @@ efi_status_t efi_dp_split_file_path(struct efi_device_path *full_path,
 	p->length = sizeof(*p);
 
 out:
+	if (!fp) {
+		fp = efi_dp_append_node(NULL, NULL);
+		if (!fp) {
+			free(dp);
+			return EFI_OUT_OF_RESOURCES;
+		}
+	}
+
 	*device_path = dp;
 	*file_path = fp;
 	return EFI_SUCCESS;
-- 
2.47.3




^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH master] efi: loader: avoid NULL image file paths
  2026-06-15 13:37 [PATCH master] efi: loader: avoid NULL image file paths Ahmad Fatoum
@ 2026-06-15 13:46 ` Sascha Hauer
  0 siblings, 0 replies; 2+ messages in thread
From: Sascha Hauer @ 2026-06-15 13:46 UTC (permalink / raw)
  To: barebox, Ahmad Fatoum


On Mon, 15 Jun 2026 15:37:37 +0200, Ahmad Fatoum wrote:
> Booting an EFI application directly from a raw block device creates
> a device path without a file path node. efi_dp_split_file_path()
> propagated this as a NULL file path, which was then exposed through
> the Loaded Image Protocol.
> 
> The EDK2 shell dereferences LoadedImage->FilePath while looking
> for startup.nsh and crashed barebox after the countdown.
> 
> [...]

Applied, thanks!

[1/1] efi: loader: avoid NULL image file paths
      https://git.pengutronix.de/cgit/barebox/commit/?id=b9e581c97389 (link may not be stable)

Best regards,
-- 
Sascha Hauer <s.hauer@pengutronix.de>




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-06-15 13:48 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-15 13:37 [PATCH master] efi: loader: avoid NULL image file paths Ahmad Fatoum
2026-06-15 13:46 ` Sascha Hauer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox