Don't unhook ExitBootServices when EBS protection is disabled #378
Conversation
There was a problem hiding this comment.
Is there one more place similar to this that is not taken care of in hook_exit() and unhook_exit()?
It looks like hook_exit replaces system_exit, but unhook_exit never restores the original one when DISABLE_EBS_PROTENCTION is on. It feels like unhook_exit should be unhooking things even with DISABLE_EBS_PROTECTION on.
Yeah, looking again you are probably right that the mistake was putting the ifdef around the code around unhooking Exit() instead of ExitBootServices(). I'll update the patch. |
When EBS protection is disabled the code which hooks into EBS is complied out, but on unhook it's the code which restores Exit() that is disabled. This appears to be a mistake, and it can result in writing NULL to EBS in the boot services table. Fix this by moving the ifdefs to compile out the code to unhook EBS instead of the code to unhook Exit(). Also ifdef the definition of system_exit_boot_services to safeguard against its accidental use. Fixes: 4b0a61d ("shim: compile time option to bypass the ExitBootServices() check") Signed-off-by: Seth Forshee <[email protected]>
sforshee
force-pushed
the
fix-ebs-protection-unhook
branch
from
e7ece65 to
c5928d5
Compare
When EBS protection is disabled unhook_system_services() still
"restores" EBS in the boot services table. However, EBS was not
replaced and the original value not saved, so NULL is written. Then
when the OS tries to call EBS it ends up jumping to NULL.
Fix this by also compiling out the code to unhook EBS when
DISABLE_EBS_PROTECTION is defined.
Fixes: 4b0a61d ("shim: compile time option to bypass the ExitBootServices() check")
Signed-off-by: Seth Forshee [email protected]