On Mon, 2012-12-24 at 19:00 +0800, joeyli wrote: > 於 五,2012-12-21 於 19:05 +0800,Lingzhu Xiang 提到: > > The following reproducer triggers certain bugs in efivarfs_file_write. > > > > #!/bin/bash > > p=/sys/firmware/efi/efivars > > mount -t efivarfs - $p > > cat $p/Lang-* >$p/test-12341234-1234-1234-1234-123412341234 > > umount $p > > mount -t efivarfs - $p > > echo -en "\0\0\0\0" >$p/test-12341234-1234-1234-1234-123412341234 Thanks for the report! > The problem is check EFI_VARIABLE_MASK in efivars.c that is not enough > for deny use 0x00000000 attributes. Not quite, see below. > Per UEFI spec, runtime variable at least need has attributes > EFI_VARIABLE_BOOTSERVICE_ACCESS and EFI_VARIABLE_RUNTIME_ACCESS. > Otherwise UEFI BIOS will occur unexpected error. > > Please try the following patch. > > > Thanks a lot! > Joey Lee > > > >From cb0775a36f4d80f9fe2f9afee40c8b7310cbac8a Mon Sep 17 00:00:00 2001 > From: Lee, Chun-Yi <jlee@xxxxxxxx> > Date: Mon, 24 Dec 2012 18:33:52 +0800 > Subject: [PATCH] efivars: Check attributes of variable whan writing at least need to define bootservice and runtime access > > The EFI variable filesystem used when system in runtime. The variable > that wes wrote by user space application at least need to define > EFI_VARIABLE_BOOTSERVICE_ACCESS and EFI_VARIABLE_RUNTIME_ACCESS in > attributes. > > Cc: Gary Lin <glin@xxxxxxxx> > Signed-off-by: Lee, Chun-Yi <jlee@xxxxxxxx> > --- > drivers/firmware/efivars.c | 4 ++++ > 1 files changed, 4 insertions(+), 0 deletions(-) > > diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c > index 7b1c374..7aeb4a5 100644 > --- a/drivers/firmware/efivars.c > +++ b/drivers/firmware/efivars.c > @@ -706,6 +706,10 @@ static ssize_t efivarfs_file_write(struct file *file, > if (attributes & ~(EFI_VARIABLE_MASK)) > return -EINVAL; > > + if (!((attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) && > + (attributes & EFI_VARIABLE_RUNTIME_ACCESS))) > + return -EINVAL; > + > efivars = var->efivars; > > /* This breaks the case where we want to create a variable that only has boot time access. It's not inconceivable that someone may want to do this from Linux. What you should be enforcing is that if EFI_VARIABLE_RUNTIME_ACCESS is set, then EFI_VARIABLE_BOOTSERVICE_ACCESS must be also. Can you re-work your patch to handle this case? Preferably with a comment above the check as for why we have this check, i.e. it's in the spec. Regarding zero attributes: if user tools want to delete a variable by using the zero attribute method, that's fine - we should handle that. The real problem here is that if we try to delete a non-existent variable or even if *creating* a variable fails, we don't delete the file in the file system. Thanks for the report guys, I'll cook up a patch. -- Matt Fleming, Intel Open Source Technology Center -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
