From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Wed, 14 Aug 2019 08:16:35 -0700 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 08E26C08E2BB; Wed, 14 Aug 2019 15:16:35 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-158.ams2.redhat.com [10.36.116.158]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9DA8F80A31; Wed, 14 Aug 2019 15:16:33 +0000 (UTC) Subject: Re: [edk2-devel] static data in dxe_runtime modules To: Roman Kagan , devel@edk2.groups.io, Andrew Fish , David Woodhouse References: <20190801191621.GB14235@rkaganb.sw.ru> <8d18d4f6-5f33-44e9-2758-46350b43c5ec@redhat.com> <20190805101813.GA27171@rkaganb.sw.ru> <406f2250-41e2-9925-b570-38b99a5f6e41@redhat.com> <0A900AFC-C9A0-4A4C-8EBA-9A6F75B3EE25@apple.com> <5d03c05d-24c2-f825-c42e-4371a87d76a1@redhat.com> <15B94CD6CF07DEE2.13696@groups.io> <20190812184303.GA4212@rkaganb.sw.ru> <62712b07-31c1-a19f-1660-12da0d7bac50@redhat.com> <20190813112308.GB4212@rkaganb.sw.ru> From: "Laszlo Ersek" Message-ID: Date: Wed, 14 Aug 2019 17:16:32 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20190813112308.GB4212@rkaganb.sw.ru> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 14 Aug 2019 15:16:35 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 08/13/19 13:23, Roman Kagan wrote: > On Tue, Aug 13, 2019 at 11:10:27AM +0200, Laszlo Ersek wrote: >> On 08/12/19 20:43, Roman Kagan wrote: >>> On Fri, Aug 09, 2019 at 04:07:00PM +0000, Roman Kagan via Groups.Io wrote: >>>> On Thu, Aug 08, 2019 at 07:39:14PM +0200, Laszlo Ersek wrote: >>>>> On 08/07/19 19:41, Andrew Fish wrote: >>>>>>> On Aug 7, 2019, at 10:29 AM, Laszlo Ersek wrote: >>>>>>> On 08/05/19 12:18, Roman Kagan wrote: >>>>>>>> On Sat, Aug 03, 2019 at 04:03:04AM +0200, Laszlo Ersek via Groups.Io wrote: >>>>>>>>> On 08/01/19 21:16, Roman Kagan wrote: >>>>>>> I'm convinced that OpenSSL needs to expose a new API for this particular >>>>>>> problem. >>>> >>>> Since, as you point out below, the problem only affects the essentially >>>> broken configuration (SECURE_BOOT_ENABLE && !SMM_REQUIRE), I'm fine with >>>> saving time and effort and sticking to the hack-ish approach proposed in >>>> the bugzilla issue, which is to iterate over "thread-local" pointers and >>>> EfiConvertPointer() on each. (As long as it fixes the problem of >>>> course; I'll test and report back.) >>> >>> It doesn't :( It just gets slightly further and hits another static >>> pointer variable which is not part of the thread-local array: >>> >>> ... >>> Pkcs7Verify >>> EVP_add_digest >>> OBJ_NAME_add >>> >>> this one uses a few static pointer variables that are also initialized >>> on demand and become stale upon SetVirtualAddressMap(). >> >> So it looks like the issue can't be solved without making OpenSSL aware >> of this use case. > > Is reloading the module from scratch ruled out completely? Not my place to say authoritatively, but: - it would be a first, as much as I can say, - it would duplicate (in purpose) an existing facility. Personally I'd expect it to be rejected, but it's not up to me. If you're willing to "build one to (possibly) throw away", that could be the most direct way to get authoritative (= maintainer) feedback. Thanks Laszlo > I'd try to cook up a patch for that unless there's a strong no-go. > > Thanks, > Roman. >