uefi-rs icon indicating copy to clipboard operation
uefi-rs copied to clipboard

Published 20 hours ago verified publisher icon rust-osdev

Exploration on implementation of `RFC #893`.

Open JarlEvanson opened this issue 1 year ago • 2 comments

  • The system table implementation is similar to pull request #905.
  • The boot services will have access to a BootHandle, which allows for reference counting accesses to boot services. This means that the safety of exit_boot_services, and other data structures relying on the current lifetime safety can switch to relying on the lifetime of a BootHandle.

JarlEvanson avatar Oct 28 '23 03:10 JarlEvanson

Thanks for putting this up! The reference count approach is interesting and definitely worth exploring.

I'm curious, do you have a project that makes use of the exit_boot_services transition? Something I've been struggling with in this design space is that the project I work on that makes use of uefi-rs is a bootloader that does not invoke exit_boot_services. For my project, that's handled by the OS it boots into (specifically the Linux kernel's EFI stub). So part of me can't help but think "let's just make exit_boot_services unsafe and leave it up to the caller to make sure it's not hanging on to any resources that aren't valid after exiting boot services". But of course that just shifts the safety burden away from this library, which is not a very satisfying answer. I'd love to see real code that calls exit_boot_services to get a better idea of how various API choices will impact things in the real world.

(Incidentally, just mentioning this for reference, there was an issue filed a bit ago that also explored an approach involving reference counting: https://github.com/rust-osdev/uefi-rs/issues/655.)

nicholasbishop avatar Oct 28 '23 22:10 nicholasbishop

I have a project currently in the works that will exit_boot_services, but it is not to the point where it actually does as such.

The concept doesn't seem to work in combination with the multiprocessor APIs. In particular, I've been running into issues with the two startup function when the timeout is non-null. Termination of the application processors messes up the reference count if they have a BootHandle when terminated. It doesn't seem actually unsafe, but it means that anyone using such a thing would have to forgo the safety provided by using reference counting BootHandles to provide a safe exit_boot_services.

Briefly looking over #655, I think it would run into the same issues as I am currently running into.

JarlEvanson avatar Oct 30 '23 15:10 JarlEvanson