From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 547061A1E3E for ; Thu, 29 Sep 2016 11:38:18 -0700 (PDT) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga104.jf.intel.com with ESMTP; 29 Sep 2016 11:38:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,268,1473145200"; d="scan'208";a="1038288171" Received: from orsmsx104.amr.corp.intel.com ([10.22.225.131]) by orsmga001.jf.intel.com with ESMTP; 29 Sep 2016 11:38:18 -0700 Received: from orsmsx153.amr.corp.intel.com (10.22.226.247) by ORSMSX104.amr.corp.intel.com (10.22.225.131) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 29 Sep 2016 11:38:17 -0700 Received: from orsmsx113.amr.corp.intel.com ([169.254.9.161]) by ORSMSX153.amr.corp.intel.com ([10.22.226.247]) with mapi id 14.03.0248.002; Thu, 29 Sep 2016 11:38:17 -0700 From: "Kinney, Michael D" To: Peter Jones , "edk2-devel@ml01.01.org" , "Kinney, Michael D" Thread-Topic: [edk2] [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to install protocols twice. Thread-Index: AQHSGmqk92OjLgQPeUmZfJPkvQKoWKCQpp5QgACMTYD//5iREA== Date: Thu, 29 Sep 2016 18:38:17 +0000 Message-ID: References: <20160929174501.12323-1-pjones@redhat.com> In-Reply-To: <20160929174501.12323-1-pjones@redhat.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_IC x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMzk5M2ZjYzUtZWFlMy00MzMzLTg5MTQtM2U0YTVmYjBmM2ZjIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6IlV2blNleGQxMzlEeXh5SEg1UmpCOWI3VGdFdkUwVG1qZVc2RXBTYlZLYUE9In0= x-originating-ip: [10.22.254.140] MIME-Version: 1.0 Subject: Re: [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to install protocols twice. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Sep 2016 18:38:18 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Peter, Please use this form in your patch. The UEFI Spec does allow other error c= odes than those listed in the API to be returned. Using !EFI_ERROR (Status) is safer= . EDK II Coding Style also requires {} for if statements. Status =3D gBS->LocateProtocol (&gEfiPkcs7VerifyProtocolGuid, NULL, (VOID= **)&Useless); if (!EFI_ERROR (Status)) { return EFI_ABORTED; } Mike > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Pe= ter Jones > Sent: Thursday, September 29, 2016 10:45 AM > To: edk2-devel@ml01.01.org > Cc: Peter Jones > Subject: [edk2] [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to instal= l protocols > twice. >=20 > This patch makes Pkcs7VerifyDxe check that it has not already been > installed before installing its protocols. This prevents the case where > loading it as an external driver (either manually, through Driver#### > variables, etc.) will refuse to add a second provider of the API. >=20 > v2 - return EFI_ABORTED as per Michael Kinney's feedback. >=20 > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Peter Jones > --- > SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c | 12 ++++++++++-= - > 1 file changed, 10 insertions(+), 2 deletions(-) >=20 > diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c > b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c > index 07fdf55..7927c58 100644 > --- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c > +++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c > @@ -1030,8 +1030,16 @@ Pkcs7VerifyDriverEntry ( > IN EFI_SYSTEM_TABLE *SystemTable > ) > { > - EFI_STATUS Status; > - EFI_HANDLE Handle; > + EFI_STATUS Status; > + EFI_HANDLE Handle; > + EFI_PKCS7_VERIFY_PROTOCOL Useless; > + > + // > + // Avoid loading a second copy if this is built as an external module. > + // > + Status =3D gBS->LocateProtocol (&gEfiPkcs7VerifyProtocolGuid, NULL, (V= OID **) > &Useless); > + if (Status !=3D EFI_NOT_FOUND) > + return EFI_ABORTED; >=20 > // > // Install UEFI Pkcs7 Verification Protocol > -- > 2.10.0 >=20 > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel