From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=pass header.i=@virtuozzo.com header.s=selector2 header.b=o/Stbsrj; spf=pass (domain: virtuozzo.com, ip: 52.101.133.48, mailfrom: rkagan@virtuozzo.com) Received: from EUR02-VE1-obe.outbound.protection.outlook.com (EUR02-VE1-obe.outbound.protection.outlook.com [52.101.133.48]) by groups.io with SMTP; Mon, 12 Aug 2019 11:43:16 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VDevnnJbNV9RnR1Tl+A7g0FnK3Y3woutuoNFJ+Xmniq31fQY2kfgC6HOFzICCVaVGlvAhEkxPLjSuuq/hS9FawPkNY1XwrG/4lb40Cv6eMFnlf/tpW4tQL9d+Qtf/J8YvVz6iDmkzAfNoZ9xAuhSzhyeo2FRy+/0fWeuw+U8zkgKb9mZeXAbewSWVhKymEo2FAGceu8L7Z+u45RccTlIEpnjsW9QaxVZjbVYx25rZi3Kzh0xdK/zspVAYZHpEg9uGUrA1mCxy4jbFpKyHQxkd2SO67QQcj96KMTnARl70y7cQDn1NStQ4Z25u+UhPKK19TmArVURdf7V0sEbFanGcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4uC/egF+iUjZ9b6uDSH2n4uzRuf4DVYck/Zc2vgutWo=; b=HabBql6Uv9JKdSGgmJynhLCxe7uiigJbGZbCis40nHTs0SaPpRfcQiA8PYQCJm/ohdIz03VtCEmMJRb31QT5RmGgMUKz/t4nXbbh4BZwWAriqAP2unU7Z/7N3y9LIpJQJ/0ttk9m4W7S8x9qjDhyPBSur071nZpE315494IHF8Z7n2bQsD0sCH8atXCdodKiAeDgyYiAs63fi95nAzOgsmDmYVW3ZXN5uhpDL1h7WgAW+dVmup9Wh+fOp/dPspxM3VpvF8DR2kY15VGHaXmKmUWMLkLzgvV2g/e67pjIaMIPmNgKsF6MJ9XTrRO4tfM/0pcJTOSB9FMBZTwFWnD0kQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=virtuozzo.com; dmarc=pass action=none header.from=virtuozzo.com; dkim=pass header.d=virtuozzo.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4uC/egF+iUjZ9b6uDSH2n4uzRuf4DVYck/Zc2vgutWo=; b=o/StbsrjedD7a26o3+G5PdzNHFLWCR7QMiAqHlrRzNg6NjNTxoD768olfptyIp+D3G8z3ApSox3+ONJ1J2A2ccvVBkH+sU85Et+yPM0gWHq+TbwA7sSjkTokGyLN24UkCVY6oo52CUuL0duVaugwzOt7LhtJFOwhEaIRSyQm9go= Received: from AM6PR08MB3160.eurprd08.prod.outlook.com (52.135.163.161) by AM6PR08MB5078.eurprd08.prod.outlook.com (10.255.121.212) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.20; Mon, 12 Aug 2019 18:43:06 +0000 Received: from AM6PR08MB3160.eurprd08.prod.outlook.com ([fe80::2c2c:c46e:bdfd:b872]) by AM6PR08MB3160.eurprd08.prod.outlook.com ([fe80::2c2c:c46e:bdfd:b872%6]) with mapi id 15.20.2157.022; Mon, 12 Aug 2019 18:43:06 +0000 From: "Roman Kagan" To: "devel@edk2.groups.io" CC: Laszlo Ersek , Andrew Fish , David Woodhouse Subject: Re: [edk2-devel] static data in dxe_runtime modules Thread-Topic: [edk2-devel] static data in dxe_runtime modules Thread-Index: AQHVSJ2bQrdLTZ7e0UaPDsZ6ZQsRb6borfAAgAOvAoCAA50IAIAAA28AgAGRvwCAAXiMgIAE4pyA Date: Mon, 12 Aug 2019 18:43:06 +0000 Message-ID: <20190812184303.GA4212@rkaganb.sw.ru> References: <20190801191621.GB14235@rkaganb.sw.ru> <8d18d4f6-5f33-44e9-2758-46350b43c5ec@redhat.com> <20190805101813.GA27171@rkaganb.sw.ru> <406f2250-41e2-9925-b570-38b99a5f6e41@redhat.com> <0A900AFC-C9A0-4A4C-8EBA-9A6F75B3EE25@apple.com> <5d03c05d-24c2-f825-c42e-4371a87d76a1@redhat.com> <15B94CD6CF07DEE2.13696@groups.io> In-Reply-To: <15B94CD6CF07DEE2.13696@groups.io> Accept-Language: en-US, ru-RU X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mutt/1.12.1 (2019-06-15) mail-followup-to: Roman Kagan , devel@edk2.groups.io, Laszlo Ersek , Andrew Fish , David Woodhouse x-originating-ip: [185.231.240.5] x-clientproxiedby: HE1PR09CA0043.eurprd09.prod.outlook.com (2603:10a6:7:3c::11) To AM6PR08MB3160.eurprd08.prod.outlook.com (2603:10a6:209:45::33) authentication-results: spf=none (sender IP is ) smtp.mailfrom=rkagan@virtuozzo.com; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 09037913-4640-4c10-87f8-08d71f54ea3e x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020);SRVR:AM6PR08MB5078; x-ms-traffictypediagnostic: AM6PR08MB5078:|AM6PR08MB5078: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 012792EC17 x-forefront-antispam-report: SFV:SPM;SFS:(10019020)(366004)(39840400004)(376002)(346002)(396003)(136003)(199004)(189003)(6486002)(256004)(229853002)(486006)(2906002)(66946007)(66476007)(478600001)(66446008)(64756008)(66556008)(102836004)(33656002)(1076003)(6246003)(26005)(6916009)(4326008)(53936002)(66066001)(2351001)(186003)(5660300002)(446003)(6506007)(53546011)(476003)(11346002)(2501003)(386003)(52116002)(76176011)(25786009)(58126008)(6512007)(9686003)(54906003)(316002)(305945005)(86362001)(81166006)(1730700003)(71200400001)(81156014)(71190400001)(5640700003)(8936002)(36756003)(3846002)(14454004)(7736002)(6116002)(99286004)(8676002)(6436002)(30126002);DIR:OUT;SFP:1501;SCL:5;SRVR:AM6PR08MB5078;H:AM6PR08MB3160.eurprd08.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: virtuozzo.com does not designate permitted sender hosts) x-ms-exchange-transport-forked: True x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 3NMn/HOp0lx8KhfyPv7HW55j5gqWcKzNyYwXsAE5B7osFqBSQmF0YeKOOvXOL/wolMkUTalXNvnKwgVULoat5TXXQ3/Tt+THP9xP0tjoxrTf25PXWrwYPS0oiNVwfvGmLM9f47hlyB7VMSli9GIPxuA7miydeSzxiUBztmrIaeofaTQxm76II5GAdShVt/UM4AyFL/Y0qlvGfHlQeG+EqmeGlRJ7ryThtk9pCq+rskmVDa4xLbi8aQR8m2RdEn51BU5Nhwit36mo3+W9nNWVmnC79b7CERlkO3X2SrQ5bm+Wk3mT12Fp/5Vu+BnYZ5QDSJ7/rG28EuKbIA3BVAMy1Py5c6yk2u064RMyv03M9wA5xXLkpZcOe4FXpKTpSOg9bYUPH6Z7+Zr5qxyOOy93xBQdmWqp6sPlAnaXwkkdLIjq/G5+P5tVZZVRh2IKOFZQ4++LspG1GpsSLsmcas64yuhq/b9FE+uIVaf/L8bpb0dceckq+ndi9thdGD9NcPoM MIME-Version: 1.0 X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-Network-Message-Id: 09037913-4640-4c10-87f8-08d71f54ea3e X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Aug 2019 18:43:06.5743 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: yfffEeU1O6iuJHnzAsWD7cn33d7Lov1exbnlMtFy1FlyfOUb+6z7afW/z4oD7gtzqd2AGJDFDLBGPqwoUjL/1A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB5078 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-ID: On Fri, Aug 09, 2019 at 04:07:00PM +0000, Roman Kagan via Groups.Io wrote: > On Thu, Aug 08, 2019 at 07:39:14PM +0200, Laszlo Ersek wrote: > > On 08/07/19 19:41, Andrew Fish wrote: > > >> On Aug 7, 2019, at 10:29 AM, Laszlo Ersek wrote: > > >> On 08/05/19 12:18, Roman Kagan wrote: > > >>> On Sat, Aug 03, 2019 at 04:03:04AM +0200, Laszlo Ersek via Groups.Io wrote: > > >>>> On 08/01/19 21:16, Roman Kagan wrote: > > >> I'm convinced that OpenSSL needs to expose a new API for this particular > > >> problem. > > Since, as you point out below, the problem only affects the essentially > broken configuration (SECURE_BOOT_ENABLE && !SMM_REQUIRE), I'm fine with > saving time and effort and sticking to the hack-ish approach proposed in > the bugzilla issue, which is to iterate over "thread-local" pointers and > EfiConvertPointer() on each. (As long as it fixes the problem of > course; I'll test and report back.) It doesn't :( It just gets slightly further and hits another static pointer variable which is not part of the thread-local array: ... Pkcs7Verify EVP_add_digest OBJ_NAME_add this one uses a few static pointer variables that are also initialized on demand and become stale upon SetVirtualAddressMap(). > So we should be good without a new API from OpenSSL. > > In other words, the problem doesn't exist when OpenSSL (with the rest of > > the variable driver stack) is protected with SMM, as pointers into SMRAM > > remain valid "forever", after the initial SMM driver dispatch. > > Makes perfect sense. We happen to build this broken configuration for > some historical reasons, I'm failing to recall exactly which. Will try > to get rid of it. We appear to have some i440fx-based VMs with SecureBoot in the field (dunno about their origin) and those don't allow SMM. Thanks, Roman.