於 五,2012-12-21 於 19:05 +0800,Lingzhu Xiang 提到: > The following reproducer triggers certain bugs in efivarfs_file_write. > > #!/bin/bash > p=/sys/firmware/efi/efivars > mount -t efivarfs - $p > cat $p/Lang-* >$p/test-12341234-1234-1234-1234-123412341234 > umount $p > mount -t efivarfs - $p > echo -en "\0\0\0\0" >$p/test-12341234-1234-1234-1234-123412341234 The problem is check EFI_VARIABLE_MASK in efivars.c that is not enough for deny use 0x00000000 attributes. Per UEFI spec, runtime variable at least need has attributes EFI_VARIABLE_BOOTSERVICE_ACCESS and EFI_VARIABLE_RUNTIME_ACCESS. Otherwise UEFI BIOS will occur unexpected error. Please try the following patch. Thanks a lot! Joey Lee >From cb0775a36f4d80f9fe2f9afee40c8b7310cbac8a Mon Sep 17 00:00:00 2001 From: Lee, Chun-Yi <jlee@xxxxxxxx> Date: Mon, 24 Dec 2012 18:33:52 +0800 Subject: [PATCH] efivars: Check attributes of variable whan writing at least need to define bootservice and runtime access The EFI variable filesystem used when system in runtime. The variable that wes wrote by user space application at least need to define EFI_VARIABLE_BOOTSERVICE_ACCESS and EFI_VARIABLE_RUNTIME_ACCESS in attributes. Cc: Gary Lin <glin@xxxxxxxx> Signed-off-by: Lee, Chun-Yi <jlee@xxxxxxxx> --- drivers/firmware/efivars.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c index 7b1c374..7aeb4a5 100644 --- a/drivers/firmware/efivars.c +++ b/drivers/firmware/efivars.c @@ -706,6 +706,10 @@ static ssize_t efivarfs_file_write(struct file *file, if (attributes & ~(EFI_VARIABLE_MASK)) return -EINVAL; + if (!((attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) && + (attributes & EFI_VARIABLE_RUNTIME_ACCESS))) + return -EINVAL; + efivars = var->efivars; /* -- 1.6.4.2 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
