From: "Laszlo Ersek" <lersek@redhat.com>
To: Roman Kagan <rkagan@virtuozzo.com>,
devel@edk2.groups.io, Andrew Fish <afish@apple.com>,
David Woodhouse <dwmw2@infradead.org>
Subject: Re: [edk2-devel] static data in dxe_runtime modules
Date: Wed, 14 Aug 2019 17:16:32 +0200 [thread overview]
Message-ID: <dd25b02d-906b-ea08-27da-59923ab3f0e7@redhat.com> (raw)
In-Reply-To: <20190813112308.GB4212@rkaganb.sw.ru>
On 08/13/19 13:23, Roman Kagan wrote:
> On Tue, Aug 13, 2019 at 11:10:27AM +0200, Laszlo Ersek wrote:
>> On 08/12/19 20:43, Roman Kagan wrote:
>>> On Fri, Aug 09, 2019 at 04:07:00PM +0000, Roman Kagan via Groups.Io wrote:
>>>> On Thu, Aug 08, 2019 at 07:39:14PM +0200, Laszlo Ersek wrote:
>>>>> On 08/07/19 19:41, Andrew Fish wrote:
>>>>>>> On Aug 7, 2019, at 10:29 AM, Laszlo Ersek <lersek@redhat.com> wrote:
>>>>>>> On 08/05/19 12:18, Roman Kagan wrote:
>>>>>>>> On Sat, Aug 03, 2019 at 04:03:04AM +0200, Laszlo Ersek via Groups.Io wrote:
>>>>>>>>> On 08/01/19 21:16, Roman Kagan wrote:
>>>>>>> I'm convinced that OpenSSL needs to expose a new API for this particular
>>>>>>> problem.
>>>>
>>>> Since, as you point out below, the problem only affects the essentially
>>>> broken configuration (SECURE_BOOT_ENABLE && !SMM_REQUIRE), I'm fine with
>>>> saving time and effort and sticking to the hack-ish approach proposed in
>>>> the bugzilla issue, which is to iterate over "thread-local" pointers and
>>>> EfiConvertPointer() on each. (As long as it fixes the problem of
>>>> course; I'll test and report back.)
>>>
>>> It doesn't :( It just gets slightly further and hits another static
>>> pointer variable which is not part of the thread-local array:
>>>
>>> ...
>>> Pkcs7Verify
>>> EVP_add_digest
>>> OBJ_NAME_add
>>>
>>> this one uses a few static pointer variables that are also initialized
>>> on demand and become stale upon SetVirtualAddressMap().
>>
>> So it looks like the issue can't be solved without making OpenSSL aware
>> of this use case.
>
> Is reloading the module from scratch ruled out completely?
Not my place to say authoritatively, but:
- it would be a first, as much as I can say,
- it would duplicate (in purpose) an existing facility.
Personally I'd expect it to be rejected, but it's not up to me. If
you're willing to "build one to (possibly) throw away", that could be
the most direct way to get authoritative (= maintainer) feedback.
Thanks
Laszlo
> I'd try to cook up a patch for that unless there's a strong no-go.
>
> Thanks,
> Roman.
>
next prev parent reply other threads:[~2019-08-14 15:16 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-01 19:16 static data in dxe_runtime modules Roman Kagan
2019-08-02 23:54 ` [edk2-devel] " Andrew Fish
2019-08-03 2:03 ` Laszlo Ersek
2019-08-05 10:18 ` Roman Kagan
2019-08-07 17:29 ` Laszlo Ersek
2019-08-07 17:41 ` Andrew Fish
2019-08-08 17:39 ` Laszlo Ersek
2019-08-09 16:07 ` Roman Kagan
[not found] ` <15B94CD6CF07DEE2.13696@groups.io>
2019-08-12 18:43 ` Roman Kagan
2019-08-13 9:10 ` Laszlo Ersek
2019-08-13 11:23 ` Roman Kagan
2019-08-14 15:16 ` Laszlo Ersek [this message]
2019-08-14 16:26 ` Andrew Fish
2019-08-16 15:22 ` Laszlo Ersek
2019-08-16 17:00 ` Roman Kagan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dd25b02d-906b-ea08-27da-59923ab3f0e7@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox