- 
 
- 
  Notifications
 You must be signed in to change notification settings 
- Fork 181
Description
In ScopedProtocol::drop, we currently panic if close_protocol returns something other than Status::SUCCESS.
I've observed that on some firmware, this can cause a problem if the same protocol is opened twice in non-exclusive mode via OpenProtocolAttributes::GetProtocol. In general you shouldn't open the same protocol twice, but with a read-only protocol like DevicePath it should be fine to do so. However, this can lead to the following situation:
fn do_something(h1: Handle, h2: Handle2) { { let dp1 = boot::open_protocol::<DevicePath>(OpenProtocolParams { handle: h1, agent: boot::image_handle(), controller: None }).unwrap(); let dp2 = boot::open_protocol::<DevicePath>(OpenProtocolParams { handle: h2, agent: boot::image_handle(), controller: None }).unwrap(); // Do stuff with dp1/dp2... } // Now dp1 and dp2 are dropped. // If dp1 happens to be the same as dp2, the first drop will succeed, // but the second will fail (at least on some firmware), with `Status::NOT_FOUND`. }
I ran into this with real code, where I didn't expect dp1 == dp2. Fortunately I noticed the issue in testing; it would have been bad if the code started panicking in production.
Although my code is fixed, I don't think we should panic here, as it's not a particularly harmful error if close_protocol fails in this case. Some potential changes:
- Remove the panic, or change it to a verbose log (debug! or trace! perhaps)
- Keep the panic, but don't call close_protocol if GetProtocolis used to open the protocol. The spec says "The caller is also not required to close the protocol interface with close_protocol" when GET_PROTOCOL is used.
- Keep the panic, but allow either SUCCESS or NOT_FOUND when GetProtocolis used to open the protocol.