The use of simple_setattr in efivarfs means that anyone who can write to the variable (which is usually only root) can set the cached inode size to an arbitrary value (including truncating it to zero). This value, while not transmitted on to the underlying variable, does show up on stat and means that anyone who can write to the variable file can also make any variable mimic an uncommitted one (a variable with zero size) which is checked by certain programmes that use EFI variables, like systemd. This problem can be fixed by not allowing anything except a successful variable update to change the inode size. I also added a regression test to make sure the problem behaviour isn't reintroduced. James --- James Bottomley (2): efivarfs: prevent setting of zero size on the inodes in the cache selftests/efivarfs: add check for disallowing file truncation fs/efivarfs/inode.c | 17 +++++++++++++++ tools/testing/selftests/efivarfs/efivarfs.sh | 23 ++++++++++++++++++++ 2 files changed, 40 insertions(+) -- 2.35.3
