> +static ssize_t efivarfs_file_write(struct file *file,
> + const char __user *userbuf, size_t count, loff_t *ppos)
> +{
> + struct efivar_entry *var = file->private_data;
> + struct efivars *efivars;
> + efi_status_t status;
> + void *data;
> + u32 attributes;
> + struct inode *inode = file->f_mapping->host;
> + int datasize = count - sizeof(attributes);
> +
> + if (count < sizeof(attributes))
> + return -EINVAL;
> +
> + data = kmalloc(datasize, GFP_KERNEL);
This still attempts to allocate arbitary user provided values of memory.
This is still broken. Even in the extreme case of 'root only, right thing
to do' then this is broken as you don't pass __GFP_NOWARN. However if you
can have very large strings remember that big values handled this way are
actually effectively implemented as
"maybe set the value or randomly return -ENOMEM possibly until a
reboot"
so if your real upper limit is huge then this isn't good. If on the other
hand its things like 32K or so then you just want NOWARN.
Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
