From bafc84d539c0ffa916037840df54428623abc3e6 Mon Sep 17 00:00:00 2001 From: Matt Fleming Date: Sun, 16 Mar 2014 12:14:49 +0000 Subject: efivars: Use local variables instead of a pointer dereference In order to support a compat interface we need to stop passing pointers to structures around, since the type of structure is going to depend on whether the current task is a compat task. Cc: Mike Waychison Signed-off-by: Matt Fleming --- drivers/firmware/efi/efivars.c | 48 ++++++++++++++++++++++++++++++------------ 1 file changed, 35 insertions(+), 13 deletions(-) (limited to 'drivers/firmware/efi/efivars.c') diff --git a/drivers/firmware/efi/efivars.c b/drivers/firmware/efi/efivars.c index 50ea412a25e6..06ec6ee1c58a 100644 --- a/drivers/firmware/efi/efivars.c +++ b/drivers/firmware/efi/efivars.c @@ -197,37 +197,48 @@ static ssize_t efivar_store_raw(struct efivar_entry *entry, const char *buf, size_t count) { struct efi_variable *new_var, *var = &entry->var; + efi_char16_t *name; + unsigned long size; + efi_guid_t vendor; + u32 attributes; + u8 *data; int err; if (count != sizeof(struct efi_variable)) return -EINVAL; new_var = (struct efi_variable *)buf; + + attributes = new_var->Attributes; + vendor = new_var->VendorGuid; + name = new_var->VariableName; + size = new_var->DataSize; + data = new_var->Data; + /* * If only updating the variable data, then the name * and guid should remain the same */ - if (memcmp(new_var->VariableName, var->VariableName, sizeof(var->VariableName)) || - efi_guidcmp(new_var->VendorGuid, var->VendorGuid)) { + if (memcmp(name, var->VariableName, sizeof(var->VariableName)) || + efi_guidcmp(vendor, var->VendorGuid)) { printk(KERN_ERR "efivars: Cannot edit the wrong variable!\n"); return -EINVAL; } - if ((new_var->DataSize <= 0) || (new_var->Attributes == 0)){ + if ((size <= 0) || (attributes == 0)){ printk(KERN_ERR "efivars: DataSize & Attributes must be valid!\n"); return -EINVAL; } - if ((new_var->Attributes & ~EFI_VARIABLE_MASK) != 0 || - efivar_validate(new_var, new_var->Data, new_var->DataSize) == false) { + if ((attributes & ~EFI_VARIABLE_MASK) != 0 || + efivar_validate(new_var, data, size) == false) { printk(KERN_ERR "efivars: Malformed variable content\n"); return -EINVAL; } memcpy(&entry->var, new_var, count); - err = efivar_entry_set(entry, new_var->Attributes, - new_var->DataSize, new_var->Data, NULL); + err = efivar_entry_set(entry, attributes, size, data, NULL); if (err) { printk(KERN_WARNING "efivars: set_variable() failed: status=%d\n", err); return -EIO; @@ -328,13 +339,20 @@ static ssize_t efivar_create(struct file *filp, struct kobject *kobj, { struct efi_variable *new_var = (struct efi_variable *)buf; struct efivar_entry *new_entry; + unsigned long size; + u32 attributes; + u8 *data; int err; if (!capable(CAP_SYS_ADMIN)) return -EACCES; - if ((new_var->Attributes & ~EFI_VARIABLE_MASK) != 0 || - efivar_validate(new_var, new_var->Data, new_var->DataSize) == false) { + attributes = new_var->Attributes; + size = new_var->DataSize; + data = new_var->Data; + + if ((attributes & ~EFI_VARIABLE_MASK) != 0 || + efivar_validate(new_var, data, size) == false) { printk(KERN_ERR "efivars: Malformed variable content\n"); return -EINVAL; } @@ -345,8 +363,8 @@ static ssize_t efivar_create(struct file *filp, struct kobject *kobj, memcpy(&new_entry->var, new_var, sizeof(*new_var)); - err = efivar_entry_set(new_entry, new_var->Attributes, new_var->DataSize, - new_var->Data, &efivar_sysfs_list); + err = efivar_entry_set(new_entry, attributes, size, + data, &efivar_sysfs_list); if (err) { if (err == -EEXIST) err = -EINVAL; @@ -370,14 +388,18 @@ static ssize_t efivar_delete(struct file *filp, struct kobject *kobj, { struct efi_variable *del_var = (struct efi_variable *)buf; struct efivar_entry *entry; + efi_char16_t *name; + efi_guid_t vendor; int err = 0; if (!capable(CAP_SYS_ADMIN)) return -EACCES; + name = del_var->VariableName; + vendor = del_var->VendorGuid; + efivar_entry_iter_begin(); - entry = efivar_entry_find(del_var->VariableName, del_var->VendorGuid, - &efivar_sysfs_list, true); + entry = efivar_entry_find(name, vendor, &efivar_sysfs_list, true); if (!entry) err = -EINVAL; else if (__efivar_entry_delete(entry)) -- cgit From e003bbee2a6a19a4c733335989284caf1b179e0d Mon Sep 17 00:00:00 2001 From: Matt Fleming Date: Mon, 17 Mar 2014 09:17:28 +0000 Subject: efivars: Check size of user object Unbelieavably there are no checks to see whether the data structure passed to 'new_var' and 'del_var' is the size that we expect. Let's add some for better robustness. Cc: Mike Waychison Signed-off-by: Matt Fleming --- drivers/firmware/efi/efivars.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'drivers/firmware/efi/efivars.c') diff --git a/drivers/firmware/efi/efivars.c b/drivers/firmware/efi/efivars.c index 06ec6ee1c58a..2c21cccc2572 100644 --- a/drivers/firmware/efi/efivars.c +++ b/drivers/firmware/efi/efivars.c @@ -347,6 +347,9 @@ static ssize_t efivar_create(struct file *filp, struct kobject *kobj, if (!capable(CAP_SYS_ADMIN)) return -EACCES; + if (count != sizeof(*new_var)) + return -EINVAL; + attributes = new_var->Attributes; size = new_var->DataSize; data = new_var->Data; @@ -395,6 +398,9 @@ static ssize_t efivar_delete(struct file *filp, struct kobject *kobj, if (!capable(CAP_SYS_ADMIN)) return -EACCES; + if (count != sizeof(*del_var)) + return -EINVAL; + name = del_var->VariableName; vendor = del_var->VendorGuid; -- cgit From a5d92ad32dad94fd8f3f61778561d532bb3a2f77 Mon Sep 17 00:00:00 2001 From: Matt Fleming Date: Mon, 17 Mar 2014 10:57:00 +0000 Subject: efivars: Stop passing a struct argument to efivar_validate() In preparation for compat support, we can't assume that user variable object is represented by a 'struct efi_variable'. Convert the validation functions to take the variable name as an argument, which is the only piece of the struct that was ever used anyway. Cc: Mike Waychison Signed-off-by: Matt Fleming --- drivers/firmware/efi/efivars.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'drivers/firmware/efi/efivars.c') diff --git a/drivers/firmware/efi/efivars.c b/drivers/firmware/efi/efivars.c index 2c21cccc2572..5ee2cfb96698 100644 --- a/drivers/firmware/efi/efivars.c +++ b/drivers/firmware/efi/efivars.c @@ -231,7 +231,7 @@ efivar_store_raw(struct efivar_entry *entry, const char *buf, size_t count) } if ((attributes & ~EFI_VARIABLE_MASK) != 0 || - efivar_validate(new_var, data, size) == false) { + efivar_validate(name, data, size) == false) { printk(KERN_ERR "efivars: Malformed variable content\n"); return -EINVAL; } @@ -339,6 +339,7 @@ static ssize_t efivar_create(struct file *filp, struct kobject *kobj, { struct efi_variable *new_var = (struct efi_variable *)buf; struct efivar_entry *new_entry; + efi_char16_t *name; unsigned long size; u32 attributes; u8 *data; @@ -351,11 +352,12 @@ static ssize_t efivar_create(struct file *filp, struct kobject *kobj, return -EINVAL; attributes = new_var->Attributes; + name = new_var->VariableName; size = new_var->DataSize; data = new_var->Data; if ((attributes & ~EFI_VARIABLE_MASK) != 0 || - efivar_validate(new_var, data, size) == false) { + efivar_validate(name, data, size) == false) { printk(KERN_ERR "efivars: Malformed variable content\n"); return -EINVAL; } -- cgit From 54d2fbfb0c9d341c891926100ed0e5d4c4b0c987 Mon Sep 17 00:00:00 2001 From: Matt Fleming Date: Mon, 17 Mar 2014 15:08:34 +0000 Subject: efivars: Refactor sanity checking code into separate function Move a large chunk of code that checks the validity of efi_variable into a new function, because we'll also need to use it for the compat code. Cc: Mike Waychison Signed-off-by: Matt Fleming --- drivers/firmware/efi/efivars.c | 52 ++++++++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 20 deletions(-) (limited to 'drivers/firmware/efi/efivars.c') diff --git a/drivers/firmware/efi/efivars.c b/drivers/firmware/efi/efivars.c index 5ee2cfb96698..a44310c6a8ba 100644 --- a/drivers/firmware/efi/efivars.c +++ b/drivers/firmware/efi/efivars.c @@ -189,6 +189,35 @@ efivar_data_read(struct efivar_entry *entry, char *buf) memcpy(buf, var->Data, var->DataSize); return var->DataSize; } + +static inline int +sanity_check(struct efi_variable *var, efi_char16_t *name, efi_guid_t vendor, + unsigned long size, u32 attributes, u8 *data) +{ + /* + * If only updating the variable data, then the name + * and guid should remain the same + */ + if (memcmp(name, var->VariableName, sizeof(var->VariableName)) || + efi_guidcmp(vendor, var->VendorGuid)) { + printk(KERN_ERR "efivars: Cannot edit the wrong variable!\n"); + return -EINVAL; + } + + if ((size <= 0) || (attributes == 0)){ + printk(KERN_ERR "efivars: DataSize & Attributes must be valid!\n"); + return -EINVAL; + } + + if ((attributes & ~EFI_VARIABLE_MASK) != 0 || + efivar_validate(name, data, size) == false) { + printk(KERN_ERR "efivars: Malformed variable content\n"); + return -EINVAL; + } + + return 0; +} + /* * We allow each variable to be edited via rewriting the * entire efi variable structure. @@ -215,26 +244,9 @@ efivar_store_raw(struct efivar_entry *entry, const char *buf, size_t count) size = new_var->DataSize; data = new_var->Data; - /* - * If only updating the variable data, then the name - * and guid should remain the same - */ - if (memcmp(name, var->VariableName, sizeof(var->VariableName)) || - efi_guidcmp(vendor, var->VendorGuid)) { - printk(KERN_ERR "efivars: Cannot edit the wrong variable!\n"); - return -EINVAL; - } - - if ((size <= 0) || (attributes == 0)){ - printk(KERN_ERR "efivars: DataSize & Attributes must be valid!\n"); - return -EINVAL; - } - - if ((attributes & ~EFI_VARIABLE_MASK) != 0 || - efivar_validate(name, data, size) == false) { - printk(KERN_ERR "efivars: Malformed variable content\n"); - return -EINVAL; - } + err = sanity_check(var, name, vendor, size, attributes, data); + if (err) + return err; memcpy(&entry->var, new_var, count); -- cgit From e33655a386ed3b26ad36fb97a47ebb1c2ca1e928 Mon Sep 17 00:00:00 2001 From: Matt Fleming Date: Mon, 17 Mar 2014 15:36:37 +0000 Subject: efivars: Add compatibility code for compat tasks It seems people are using 32-bit efibootmgr on top of 64-bit kernels, which will currently fail horribly when using the efivars interface, which is the traditional efibootmgr backend (the other being efivarfs). Since there is no versioning info in the data structure, figure out when we need to munge the structure data via judicious use of is_compat_task(). Cc: Mike Waychison Signed-off-by: Matt Fleming --- drivers/firmware/efi/efivars.c | 142 +++++++++++++++++++++++++++++++++-------- 1 file changed, 116 insertions(+), 26 deletions(-) (limited to 'drivers/firmware/efi/efivars.c') diff --git a/drivers/firmware/efi/efivars.c b/drivers/firmware/efi/efivars.c index a44310c6a8ba..463c56545ae8 100644 --- a/drivers/firmware/efi/efivars.c +++ b/drivers/firmware/efi/efivars.c @@ -69,6 +69,7 @@ #include #include #include +#include #define EFIVARS_VERSION "0.08" #define EFIVARS_DATE "2004-May-17" @@ -86,6 +87,15 @@ static struct kset *efivars_kset; static struct bin_attribute *efivars_new_var; static struct bin_attribute *efivars_del_var; +struct compat_efi_variable { + efi_char16_t VariableName[EFI_VAR_NAME_LEN/sizeof(efi_char16_t)]; + efi_guid_t VendorGuid; + __u32 DataSize; + __u8 Data[1024]; + __u32 Status; + __u32 Attributes; +} __packed; + struct efivar_attribute { struct attribute attr; ssize_t (*show) (struct efivar_entry *entry, char *buf); @@ -218,6 +228,25 @@ sanity_check(struct efi_variable *var, efi_char16_t *name, efi_guid_t vendor, return 0; } +static inline bool is_compat(void) +{ + if (IS_ENABLED(CONFIG_COMPAT) && is_compat_task()) + return true; + + return false; +} + +static void +copy_out_compat(struct efi_variable *dst, struct compat_efi_variable *src) +{ + memcpy(dst->VariableName, src->VariableName, EFI_VAR_NAME_LEN); + memcpy(dst->Data, src->Data, sizeof(src->Data)); + + dst->VendorGuid = src->VendorGuid; + dst->DataSize = src->DataSize; + dst->Attributes = src->Attributes; +} + /* * We allow each variable to be edited via rewriting the * entire efi variable structure. @@ -233,22 +262,42 @@ efivar_store_raw(struct efivar_entry *entry, const char *buf, size_t count) u8 *data; int err; - if (count != sizeof(struct efi_variable)) - return -EINVAL; + if (is_compat()) { + struct compat_efi_variable *compat; - new_var = (struct efi_variable *)buf; + if (count != sizeof(*compat)) + return -EINVAL; - attributes = new_var->Attributes; - vendor = new_var->VendorGuid; - name = new_var->VariableName; - size = new_var->DataSize; - data = new_var->Data; + compat = (struct compat_efi_variable *)buf; + attributes = compat->Attributes; + vendor = compat->VendorGuid; + name = compat->VariableName; + size = compat->DataSize; + data = compat->Data; - err = sanity_check(var, name, vendor, size, attributes, data); - if (err) - return err; + err = sanity_check(var, name, vendor, size, attributes, data); + if (err) + return err; + + copy_out_compat(&entry->var, compat); + } else { + if (count != sizeof(struct efi_variable)) + return -EINVAL; + + new_var = (struct efi_variable *)buf; - memcpy(&entry->var, new_var, count); + attributes = new_var->Attributes; + vendor = new_var->VendorGuid; + name = new_var->VariableName; + size = new_var->DataSize; + data = new_var->Data; + + err = sanity_check(var, name, vendor, size, attributes, data); + if (err) + return err; + + memcpy(&entry->var, new_var, count); + } err = efivar_entry_set(entry, attributes, size, data, NULL); if (err) { @@ -263,6 +312,8 @@ static ssize_t efivar_show_raw(struct efivar_entry *entry, char *buf) { struct efi_variable *var = &entry->var; + struct compat_efi_variable *compat; + size_t size; if (!entry || !buf) return 0; @@ -272,9 +323,23 @@ efivar_show_raw(struct efivar_entry *entry, char *buf) &entry->var.DataSize, entry->var.Data)) return -EIO; - memcpy(buf, var, sizeof(*var)); + if (is_compat()) { + compat = (struct compat_efi_variable *)buf; + + size = sizeof(*compat); + memcpy(compat->VariableName, var->VariableName, + EFI_VAR_NAME_LEN); + memcpy(compat->Data, var->Data, sizeof(compat->Data)); + + compat->VendorGuid = var->VendorGuid; + compat->DataSize = var->DataSize; + compat->Attributes = var->Attributes; + } else { + size = sizeof(*var); + memcpy(buf, var, size); + } - return sizeof(*var); + return size; } /* @@ -349,8 +414,10 @@ static ssize_t efivar_create(struct file *filp, struct kobject *kobj, struct bin_attribute *bin_attr, char *buf, loff_t pos, size_t count) { + struct compat_efi_variable *compat = (struct compat_efi_variable *)buf; struct efi_variable *new_var = (struct efi_variable *)buf; struct efivar_entry *new_entry; + bool need_compat = is_compat(); efi_char16_t *name; unsigned long size; u32 attributes; @@ -360,13 +427,23 @@ static ssize_t efivar_create(struct file *filp, struct kobject *kobj, if (!capable(CAP_SYS_ADMIN)) return -EACCES; - if (count != sizeof(*new_var)) - return -EINVAL; - - attributes = new_var->Attributes; - name = new_var->VariableName; - size = new_var->DataSize; - data = new_var->Data; + if (need_compat) { + if (count != sizeof(*compat)) + return -EINVAL; + + attributes = compat->Attributes; + name = compat->VariableName; + size = compat->DataSize; + data = compat->Data; + } else { + if (count != sizeof(*new_var)) + return -EINVAL; + + attributes = new_var->Attributes; + name = new_var->VariableName; + size = new_var->DataSize; + data = new_var->Data; + } if ((attributes & ~EFI_VARIABLE_MASK) != 0 || efivar_validate(name, data, size) == false) { @@ -378,7 +455,10 @@ static ssize_t efivar_create(struct file *filp, struct kobject *kobj, if (!new_entry) return -ENOMEM; - memcpy(&new_entry->var, new_var, sizeof(*new_var)); + if (need_compat) + copy_out_compat(&new_entry->var, compat); + else + memcpy(&new_entry->var, new_var, sizeof(*new_var)); err = efivar_entry_set(new_entry, attributes, size, data, &efivar_sysfs_list); @@ -404,6 +484,7 @@ static ssize_t efivar_delete(struct file *filp, struct kobject *kobj, char *buf, loff_t pos, size_t count) { struct efi_variable *del_var = (struct efi_variable *)buf; + struct compat_efi_variable *compat; struct efivar_entry *entry; efi_char16_t *name; efi_guid_t vendor; @@ -412,11 +493,20 @@ static ssize_t efivar_delete(struct file *filp, struct kobject *kobj, if (!capable(CAP_SYS_ADMIN)) return -EACCES; - if (count != sizeof(*del_var)) - return -EINVAL; + if (is_compat()) { + if (count != sizeof(*compat)) + return -EINVAL; + + compat = (struct compat_efi_variable *)buf; + name = compat->VariableName; + vendor = compat->VendorGuid; + } else { + if (count != sizeof(*del_var)) + return -EINVAL; - name = del_var->VariableName; - vendor = del_var->VendorGuid; + name = del_var->VariableName; + vendor = del_var->VendorGuid; + } efivar_entry_iter_begin(); entry = efivar_entry_find(name, vendor, &efivar_sysfs_list, true); -- cgit