From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A1DEEC4320E for ; Fri, 27 Aug 2021 02:26:40 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A304A600CD for ; Fri, 27 Aug 2021 02:26:39 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org A304A600CD Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1C7CA83213; Fri, 27 Aug 2021 04:26:36 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="KvcmE7qK"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 956D483217; Fri, 27 Aug 2021 04:26:33 +0200 (CEST) Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com [IPv6:2607:f8b0:4864:20::62c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 3952783210 for ; Fri, 27 Aug 2021 04:26:28 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pl1-x62c.google.com with SMTP id c4so2981259plh.7 for ; Thu, 26 Aug 2021 19:26:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to; bh=taBCqAHrxL8v+CveAMankwdbZGTrHoFI+wYZtdo0ICw=; b=KvcmE7qKx3FylQJAjryNCyOhCim0aq4ofSAUvee0f5OUqcdnhOzX8XcpofB0zFJQ9w 4izx1dJhI6aURb01oDFM4rnP/Vza9hZ9wGYJNlxPwjuFDqe9RSagbOnrt3h0xQ2xCqDG ju1lA0p0jL97QoPZ+835i+2PiCIVBVjspU7RuckcSyJTCyn/DYq3dw2BJhPCsxDO38kW w/1+J852Cs/IyL+86zwZC1bQZ66qSXe0Q5KNwAL9sdjuekfLDxXFgUcKlUNeWyjtwx24 0Hqs4ryEMqI8UPo/ALsS5Qv4MMLMUE+mhTr/piM2+VSrrYJh1eNrErGvqN/fpNxLF4mf Ftdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :in-reply-to; bh=taBCqAHrxL8v+CveAMankwdbZGTrHoFI+wYZtdo0ICw=; b=JeHJzpSOHbdBBM5NSMiN1vt/NtyRBV1j77Fk3s574oC2EmhVYmZwfLZXxZaj2j4W6L x8TceoiuspFn7QGMUHm545D1g8B2xUEhDqp6MAc8BWm/U8QmLIcmIP+zUJCopZuiahJB 5vViC0ynziwkYkkXA5UQEUWK3aUF/tUMTmWYyeu6ZSmSZngcdWEv/VtAo/5yzkGpB/Tm io4LCO5yaeqNovL+P0JlCMpr/nhCxudTs/1rpg9gUrYF8n7+v2fPt2Dm4lv9DXSWWbRY 9mr5ym9qnOZyS2SQazw7Agd8nfN/gCQSMWphWdSlzUbjJ+JuGyaY1cj8xolmSaRU7gk+ rQIg== X-Gm-Message-State: AOAM530k3LciTa+RJZfi5ZBAXwDuzJc2ttVQZjYJxd2qsUxC8kLDbWuH 5swPMw7sitMw0E+pl5jcgK7i+Q== X-Google-Smtp-Source: ABdhPJyhOKH2EzAsP4K3BrPn+FSZH64K8PK689V1MxIO23hgY6hgz/csH+t8xlGUISNGJUAQiocmrA== X-Received: by 2002:a17:90a:9912:: with SMTP id b18mr20229215pjp.46.1630031186163; Thu, 26 Aug 2021 19:26:26 -0700 (PDT) Received: from laputa (p784a6698.tkyea130.ap.so-net.ne.jp. [120.74.102.152]) by smtp.gmail.com with ESMTPSA id v15sm4182894pff.105.2021.08.26.19.26.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Aug 2021 19:26:25 -0700 (PDT) Date: Fri, 27 Aug 2021 11:26:21 +0900 From: AKASHI Takahiro To: Heinrich Schuchardt Cc: u-boot@lists.denx.de, Alexander Graf , Ilias Apalodimas , Heinrich Schuchardt Subject: Re: [PATCH v2 1/6] efi_loader: stop recursion in efi_init_secure_state Message-ID: <20210827022621.GA52912@laputa> Mail-Followup-To: AKASHI Takahiro , Heinrich Schuchardt , u-boot@lists.denx.de, Alexander Graf , Ilias Apalodimas , Heinrich Schuchardt References: <20210826134805.148975-1-heinrich.schuchardt@canonical.com> <20210826134805.148975-2-heinrich.schuchardt@canonical.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210826134805.148975-2-heinrich.schuchardt@canonical.com> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Heinrich, On Thu, Aug 26, 2021 at 03:48:00PM +0200, Heinrich Schuchardt wrote: > efi_init_secure_state() calls efi_transfer_secure_state() which may delete > variable "PK" which will result in calling efi_init_secure_state() again. I don't think it is a right thing to do. So I would say nak to this version. When I first implemented those functions, I intended to call efi_init_secure_state() only at the system initialization. Later on, all the transitions should be managed by efi_transfer_secure_state() as well as its callers. Calling efi_init_secure_state() in efi_set_variable_int() is a bad idea. (then you see 'recursion'.) I will explain more in your patch#5. -Takahiro Akashi > Signed-off-by: Heinrich Schuchardt > --- > v2: > no change > --- > lib/efi_loader/efi_var_common.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c > index 3d92afe2eb..654ce81f9d 100644 > --- a/lib/efi_loader/efi_var_common.c > +++ b/lib/efi_loader/efi_var_common.c > @@ -314,11 +314,15 @@ err: > > efi_status_t efi_init_secure_state(void) > { > + static bool lock; > enum efi_secure_mode mode = EFI_MODE_SETUP; > u8 efi_vendor_keys = 0; > efi_uintn_t size = 0; > efi_status_t ret; > > + if (lock) > + return EFI_SUCCESS; > + > ret = efi_get_variable_int(L"PK", &efi_global_variable_guid, > NULL, &size, NULL, NULL); > if (ret == EFI_BUFFER_TOO_SMALL) { > @@ -326,7 +330,9 @@ efi_status_t efi_init_secure_state(void) > mode = EFI_MODE_USER; > } > > + lock = true; > ret = efi_transfer_secure_state(mode); > + lock = false; > if (ret != EFI_SUCCESS) > return ret; > > -- > 2.30.2 >