From 8796d2fb0672865c27a7837dedf72a3ab1ac71d4 Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Mon, 6 Apr 2026 22:17:58 +0100 Subject: [PATCH] [efi] Drop to external TPL when unloading vetoed images As of commit c3376f8 ("[efi] Drop to external TPL for calls to ConnectController()"), the veto mechanism will drop to TPL_APPLICATION for calls to DisconnectController(). Match this behaviour for calls to UnloadImage(), since that is likely to result in calls to DisconnectController(). For example, any EDK2 driver using NetLibDefaultUnload() as its unload handler will call DisconnectController() to disconnect itself from all handles. Signed-off-by: Michael Brown --- src/interface/efi/efi_veto.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/interface/efi/efi_veto.c b/src/interface/efi/efi_veto.c index 788515dd1..688eb4fba 100644 --- a/src/interface/efi/efi_veto.c +++ b/src/interface/efi/efi_veto.c @@ -79,11 +79,15 @@ static int efi_veto_unload ( struct efi_veto *veto ) { EFI_BOOT_SERVICES *bs = efi_systab->BootServices; EFI_HANDLE driver = veto->driver; EFI_HANDLE image = veto->image; + struct efi_dropped_tpl tpl; EFI_STATUS efirc; int rc; - /* Unload the driver */ - if ( ( efirc = bs->UnloadImage ( image ) ) != 0 ) { + /* Unload the driver at external TPL */ + efi_drop_tpl ( &tpl ); + efirc = bs->UnloadImage ( image ); + efi_undrop_tpl ( &tpl ); + if ( efirc != 0 ) { rc = -EEFI ( efirc ); DBGC ( driver, "EFIVETO %s could not unload", efi_handle_name ( driver ) );