From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A1A9A1A1E3E for ; Thu, 29 Sep 2016 18:06:23 -0700 (PDT) Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga102.fm.intel.com with ESMTP; 29 Sep 2016 18:06:23 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,417,1473145200"; d="scan'208";a="14749927" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by fmsmga006.fm.intel.com with ESMTP; 29 Sep 2016 18:06:23 -0700 Received: from fmsmsx157.amr.corp.intel.com (10.18.116.73) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 29 Sep 2016 18:06:23 -0700 Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by FMSMSX157.amr.corp.intel.com (10.18.116.73) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 29 Sep 2016 18:06:22 -0700 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.234]) by shsmsx102.ccr.corp.intel.com ([169.254.2.15]) with mapi id 14.03.0248.002; Fri, 30 Sep 2016 09:06:18 +0800 From: "Long, Qin" To: "Kinney, Michael D" , Peter Jones , "edk2-devel@ml01.01.org" , "Zhang, Chao B" , "Kinney, Michael D" Thread-Topic: [edk2] [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to install protocols twice. Thread-Index: AQHSGmqoJvXSaQtUxkqHQXaFYzoxSaCQI1+AgAAUF4CAAA7hgIAAAgkAgAAAtgCAAO+IwA== Date: Fri, 30 Sep 2016 01:06:18 +0000 Message-ID: References: <20160929184534.13871-1-pjones@redhat.com> In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to install protocols twice. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Sep 2016 01:06:23 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable The update looks good to me.=20 Reviewed-by: Qin Long > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Kinney, Michael D > Sent: Friday, September 30, 2016 2:48 AM > To: Peter Jones ; edk2-devel@ml01.01.org; Zhang, > Chao B ; Kinney, Michael D > > Subject: Re: [edk2] [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to > install protocols twice. >=20 > Reviewed-by: Michael Kinney >=20 > > -----Original Message----- > > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > > Peter Jones > > Sent: Thursday, September 29, 2016 11:46 AM > > To: edk2-devel@ml01.01.org > > Cc: Peter Jones > > Subject: [edk2] [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to > > install protocols twice. > > > > This patch makes Pkcs7VerifyDxe check that it has not already been > > installed before installing its protocols. This prevents the case > > where loading it as an external driver (either manually, through > > Driver#### variables, etc.) will refuse to add a second provider of the= API. > > > > v2 - return EFI_ABORTED as per Michael Kinney's feedback. > > > > Contributed-under: TianoCore Contribution Agreement 1.0 > > Signed-off-by: Peter Jones > > --- > > SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c | 13 > > +++++++++++-- > > 1 file changed, 11 insertions(+), 2 deletions(-) > > > > diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c > > b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c > > index 07fdf55..e5ec1b4 100644 > > --- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c > > +++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c > > @@ -1030,8 +1030,17 @@ Pkcs7VerifyDriverEntry ( > > IN EFI_SYSTEM_TABLE *SystemTable > > ) > > { > > - EFI_STATUS Status; > > - EFI_HANDLE Handle; > > + EFI_STATUS Status; > > + EFI_HANDLE Handle; > > + EFI_PKCS7_VERIFY_PROTOCOL Useless; > > + > > + // > > + // Avoid loading a second copy if this is built as an external modul= e. > > + // > > + Status =3D gBS->LocateProtocol (&gEfiPkcs7VerifyProtocolGuid, NULL, > > + (VOID **) > > &Useless); > > + if (!EFI_ERROR (Status)) { > > + return EFI_ABORTED; > > + } > > > > // > > // Install UEFI Pkcs7 Verification Protocol > > -- > > 2.10.0 > > > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org > > https://lists.01.org/mailman/listinfo/edk2-devel > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel