From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <michael.d.kinney@intel.com>
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 547061A1E3E
 for <edk2-devel@ml01.01.org>; Thu, 29 Sep 2016 11:38:18 -0700 (PDT)
Received: from orsmga001.jf.intel.com ([10.7.209.18])
 by orsmga104.jf.intel.com with ESMTP; 29 Sep 2016 11:38:18 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.31,268,1473145200"; d="scan'208";a="1038288171"
Received: from orsmsx104.amr.corp.intel.com ([10.22.225.131])
 by orsmga001.jf.intel.com with ESMTP; 29 Sep 2016 11:38:18 -0700
Received: from orsmsx153.amr.corp.intel.com (10.22.226.247) by
 ORSMSX104.amr.corp.intel.com (10.22.225.131) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Thu, 29 Sep 2016 11:38:17 -0700
Received: from orsmsx113.amr.corp.intel.com ([169.254.9.161]) by
 ORSMSX153.amr.corp.intel.com ([10.22.226.247]) with mapi id 14.03.0248.002;
 Thu, 29 Sep 2016 11:38:17 -0700
From: "Kinney, Michael D" <michael.d.kinney@intel.com>
To: Peter Jones <pjones@redhat.com>, "edk2-devel@ml01.01.org"
 <edk2-devel@ml01.01.org>, "Kinney, Michael D" <michael.d.kinney@intel.com>
Thread-Topic: [edk2] [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to
 install protocols twice.
Thread-Index: AQHSGmqk92OjLgQPeUmZfJPkvQKoWKCQpp5QgACMTYD//5iREA==
Date: Thu, 29 Sep 2016 18:38:17 +0000
Message-ID: <E92EE9817A31E24EB0585FDF735412F56481DCC7@ORSMSX113.amr.corp.intel.com>
References: <E92EE9817A31E24EB0585FDF735412F56481DC1E@ORSMSX113.amr.corp.intel.com>
 <20160929174501.12323-1-pjones@redhat.com>
In-Reply-To: <20160929174501.12323-1-pjones@redhat.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ctpclassification: CTP_IC
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMzk5M2ZjYzUtZWFlMy00MzMzLTg5MTQtM2U0YTVmYjBmM2ZjIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6IlV2blNleGQxMzlEeXh5SEg1UmpCOWI3VGdFdkUwVG1qZVc2RXBTYlZLYUE9In0=
x-originating-ip: [10.22.254.140]
MIME-Version: 1.0
Subject: Re: [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to install protocols twice.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2016 18:38:18 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Peter,

Please use this form in your patch.  The UEFI Spec does allow other error c=
odes than
those listed in the API to be returned.  Using !EFI_ERROR (Status) is safer=
.  EDK II
Coding Style also requires {} for if statements.

  Status =3D gBS->LocateProtocol (&gEfiPkcs7VerifyProtocolGuid, NULL, (VOID=
 **)&Useless);
  if (!EFI_ERROR (Status)) {
    return EFI_ABORTED;
  }

Mike

> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Pe=
ter Jones
> Sent: Thursday, September 29, 2016 10:45 AM
> To: edk2-devel@ml01.01.org
> Cc: Peter Jones <pjones@redhat.com>
> Subject: [edk2] [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to instal=
l protocols
> twice.
>=20
> This patch makes Pkcs7VerifyDxe check that it has not already been
> installed before installing its protocols.  This prevents the case where
> loading it as an external driver (either manually, through Driver####
> variables, etc.) will refuse to add a second provider of the API.
>=20
> v2 - return EFI_ABORTED as per Michael Kinney's feedback.
>=20
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Peter Jones <pjones@redhat.com>
> ---
>  SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c | 12 ++++++++++-=
-
>  1 file changed, 10 insertions(+), 2 deletions(-)
>=20
> diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
> b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
> index 07fdf55..7927c58 100644
> --- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
> +++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
> @@ -1030,8 +1030,16 @@ Pkcs7VerifyDriverEntry (
>    IN EFI_SYSTEM_TABLE    *SystemTable
>    )
>  {
> -  EFI_STATUS    Status;
> -  EFI_HANDLE    Handle;
> +  EFI_STATUS                Status;
> +  EFI_HANDLE                Handle;
> +  EFI_PKCS7_VERIFY_PROTOCOL Useless;
> +
> +  //
> +  // Avoid loading a second copy if this is built as an external module.
> +  //
> +  Status =3D gBS->LocateProtocol (&gEfiPkcs7VerifyProtocolGuid, NULL, (V=
OID **)
> &Useless);
> +  if (Status !=3D EFI_NOT_FOUND)
> +	  return EFI_ABORTED;
>=20
>    //
>    // Install UEFI Pkcs7 Verification Protocol
> --
> 2.10.0
>=20
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel