1. 09 Jul, 2020 1 commit
    • Ard Biesheuvel's avatar
      efi/efivars: Expose RT service availability via efivars abstraction · f88814cc
      Ard Biesheuvel authored
      Commit
      
        bf67fad1 ("efi: Use more granular check for availability for variable services")
      
      introduced a check into the efivarfs, efi-pstore and other drivers that
      aborts loading of the module if not all three variable runtime services
      (GetVariable, SetVariable and GetNextVariable) are supported. However, this
      results in efivarfs being unavailable entirely if only SetVariable support
      is missing, which is only needed if you want to make any modifications.
      Also, efi-pstore and the sysfs EFI variable interface could be backed by
      another implementation of the 'efivars' abstraction, in which case it is
      completely irrelevant which services are supported by the EFI firmware.
      
      So make the generic 'efivars' abstraction dependent on the availibility of
      the GetVariable and GetNextVariable EFI runtime services, and add a helper
      'efivar_supports_writes()' to find out whether the currently active efivars
      abstraction supports writes (and wire it up to the availability of
      SetVariable for the generic one).
      
      Then, use the efivar_supports_writes() helper to decide whether to permit
      efivarfs to be mounted read-write, and whether to enable efi-pstore or the
      sysfs EFI variable interface altogether.
      
      Fixes: bf67fad1 ("efi: Use more granular check for availability for variable services")
      Reported-by: default avatarHeinrich Schuchardt <xypron.glpk@gmx.de>
      Acked-by: default avatarIlias Apalodimas <ilias.apalodimas@linaro.org>
      Tested-by: default avatarIlias Apalodimas <ilias.apalodimas@linaro.org>
      Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
      f88814cc
  2. 15 Jun, 2020 2 commits
  3. 23 Feb, 2020 1 commit
  4. 05 Jul, 2019 1 commit
    • David Howells's avatar
      vfs: Convert efivarfs to use the new mount API · 47999745
      David Howells authored
      Convert the efivarfs filesystem to the new internal mount API as the old
      one will be obsoleted and removed.  This allows greater flexibility in
      communication of mount parameters between userspace, the VFS and the
      filesystem.
      
      [AV: get rid of efivarfs_sb nonsense - it has never been used]
      
      See Documentation/filesystems/mount_api.txt for more information.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: Matthew Garrett <matthew.garrett@nebula.com>
      cc: Jeremy Kerr <jk@ozlabs.org>
      cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
      cc: linux-efi@vger.kernel.org
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      47999745
  5. 01 Jul, 2019 1 commit
  6. 19 Jun, 2019 1 commit
  7. 21 May, 2019 1 commit
  8. 22 Jul, 2018 1 commit
  9. 22 Feb, 2018 1 commit
    • Luck, Tony's avatar
      efivarfs: Limit the rate for non-root to read files · bef3efbe
      Luck, Tony authored
      Each read from a file in efivarfs results in two calls to EFI
      (one to get the file size, another to get the actual data).
      
      On X86 these EFI calls result in broadcast system management
      interrupts (SMI) which affect performance of the whole system.
      A malicious user can loop performing reads from efivarfs bringing
      the system to its knees.
      
      Linus suggested per-user rate limit to solve this.
      
      So we add a ratelimit structure to "user_struct" and initialize
      it for the root user for no limit. When allocating user_struct for
      other users we set the limit to 100 per second. This could be used
      for other places that want to limit the rate of some detrimental
      user action.
      
      In efivarfs if the limit is exceeded when reading, we take an
      interruptible nap for 50ms and check the rate limit again.
      Signed-off-by: default avatarTony Luck <tony.luck@intel.com>
      Acked-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      bef3efbe
  10. 11 Jul, 2017 1 commit
  11. 28 Sep, 2016 1 commit
  12. 09 Sep, 2016 2 commits
  13. 31 Jul, 2016 1 commit
  14. 11 Jun, 2016 1 commit
    • Linus Torvalds's avatar
      vfs: make the string hashes salt the hash · 8387ff25
      Linus Torvalds authored
      We always mixed in the parent pointer into the dentry name hash, but we
      did it late at lookup time.  It turns out that we can simplify that
      lookup-time action by salting the hash with the parent pointer early
      instead of late.
      
      A few other users of our string hashes also wanted to mix in their own
      pointers into the hash, and those are updated to use the same mechanism.
      
      Hash users that don't have any particular initial salt can just use the
      NULL pointer as a no-salt.
      
      Cc: Vegard Nossum <vegard.nossum@oracle.com>
      Cc: George Spelvin <linux@sciencehorizons.net>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8387ff25
  15. 21 May, 2016 1 commit
  16. 07 May, 2016 2 commits
  17. 04 Apr, 2016 1 commit
    • Kirill A. Shutemov's avatar
      mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros · 09cbfeaf
      Kirill A. Shutemov authored
      PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} macros were introduced *long* time
      ago with promise that one day it will be possible to implement page
      cache with bigger chunks than PAGE_SIZE.
      
      This promise never materialized.  And unlikely will.
      
      We have many places where PAGE_CACHE_SIZE assumed to be equal to
      PAGE_SIZE.  And it's constant source of confusion on whether
      PAGE_CACHE_* or PAGE_* constant should be used in a particular case,
      especially on the border between fs and mm.
      
      Global switching to PAGE_CACHE_SIZE != PAGE_SIZE would cause to much
      breakage to be doable.
      
      Let's stop pretending that pages in page cache are special.  They are
      not.
      
      The changes are pretty straight-forward:
      
       - <foo> << (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> <foo>;
      
       - <foo> >> (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> <foo>;
      
       - PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} -> PAGE_{SIZE,SHIFT,MASK,ALIGN};
      
       - page_cache_get() -> get_page();
      
       - page_cache_release() -> put_page();
      
      This patch contains automated changes generated with coccinelle using
      script below.  For some reason, coccinelle doesn't patch header files.
      I've called spatch for them manually.
      
      The only adjustment after coccinelle is revert of changes to
      PAGE_CAHCE_ALIGN definition: we are going to drop it later.
      
      There are few places in the code where coccinelle didn't reach.  I'll
      fix them manually in a separate patch.  Comments and documentation also
      will be addressed with the separate patch.
      
      virtual patch
      
      @@
      expression E;
      @@
      - E << (PAGE_CACHE_SHIFT - PAGE_SHIFT)
      + E
      
      @@
      expression E;
      @@
      - E >> (PAGE_CACHE_SHIFT - PAGE_SHIFT)
      + E
      
      @@
      @@
      - PAGE_CACHE_SHIFT
      + PAGE_SHIFT
      
      @@
      @@
      - PAGE_CACHE_SIZE
      + PAGE_SIZE
      
      @@
      @@
      - PAGE_CACHE_MASK
      + PAGE_MASK
      
      @@
      expression E;
      @@
      - PAGE_CACHE_ALIGN(E)
      + PAGE_ALIGN(E)
      
      @@
      expression E;
      @@
      - page_cache_get(E)
      + get_page(E)
      
      @@
      expression E;
      @@
      - page_cache_release(E)
      + put_page(E)
      Signed-off-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Acked-by: default avatarMichal Hocko <mhocko@suse.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      09cbfeaf
  18. 10 Feb, 2016 2 commits
  19. 22 Jan, 2016 1 commit
    • Al Viro's avatar
      wrappers for ->i_mutex access · 5955102c
      Al Viro authored
      parallel to mutex_{lock,unlock,trylock,is_locked,lock_nested},
      inode_foo(inode) being mutex_foo(&inode->i_mutex).
      
      Please, use those for access to ->i_mutex; over the coming cycle
      ->i_mutex will become rwsem, with ->lookup() done with it held
      only shared.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      5955102c
  20. 17 Apr, 2015 1 commit
    • Ross Lagerwall's avatar
      efivarfs: Ensure VariableName is NUL-terminated · c57dcb56
      Ross Lagerwall authored
      Some buggy firmware implementations update VariableNameSize on success
      such that it does not include the final NUL character which results in
      garbage in the efivarfs name entries.  Use kzalloc on the efivar_entry
      (as is done in efivars.c) to ensure that the name is always
      NUL-terminated.
      
      The buggy firmware is:
      BIOS Information
              Vendor: Intel Corp.
              Version: S1200RP.86B.02.02.0005.102320140911
              Release Date: 10/23/2014
              BIOS Revision: 4.6
      System Information
              Manufacturer: Intel Corporation
              Product Name: S1200RP_SE
      Signed-off-by: default avatarRoss Lagerwall <ross.lagerwall@citrix.com>
      Acked-by: default avatarMatthew Garrett <mjg59@coreos.com>
      Cc: Jeremy Kerr <jk@ozlabs.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarMatt Fleming <matt.fleming@intel.com>
      c57dcb56
  21. 15 Apr, 2015 1 commit
  22. 08 Jan, 2015 1 commit
  23. 05 Jan, 2015 1 commit
  24. 19 Nov, 2014 1 commit
  25. 11 Nov, 2014 1 commit
  26. 04 Jun, 2014 1 commit
  27. 04 Mar, 2014 1 commit
  28. 16 Nov, 2013 1 commit
  29. 14 Jul, 2013 1 commit
  30. 29 Jun, 2013 1 commit
  31. 13 May, 2013 1 commit
    • Lingzhu Xiang's avatar
      efivarfs: Never return ENOENT from firmware again · 3fab70c1
      Lingzhu Xiang authored
      Previously in 1fa7e695 efi_status_to_err() translated firmware status
      EFI_NOT_FOUND to -EIO instead of -ENOENT for efivarfs operations to
      avoid confusion. After refactoring in e14ab23d, it is also used in other
      places where the translation may be unnecessary.
      
      So move the translation to efivarfs specific code. Also return EOF
      for reading zero-length files, which is what users would expect.
      
      Cc: Josh Boyer <jwboyer@redhat.com>
      Cc: Jeremy Kerr <jk@ozlabs.org>
      Cc: Lee, Chun-Yi <jlee@suse.com>
      Cc: Andy Whitcroft <apw@canonical.com>
      Signed-off-by: default avatarLingzhu Xiang <lxiang@redhat.com>
      Signed-off-by: default avatarMatt Fleming <matt.fleming@intel.com>
      3fab70c1
  32. 17 Apr, 2013 2 commits
    • Tom Gundersen's avatar
      efi: split efisubsystem from efivars · a9499fa7
      Tom Gundersen authored
      This registers /sys/firmware/efi/{,systab,efivars/} whenever EFI is enabled
      and the system is booted with EFI.
      
      This allows
       *) userspace to check for the existence of /sys/firmware/efi as a way
          to determine whether or it is running on an EFI system.
       *) 'mount -t efivarfs none /sys/firmware/efi/efivars' without manually
          loading any modules.
      
      [ Also, move the efivar API into vars.c and unconditionally compile it.
        This allows us to move efivars.c, which now only contains the sysfs
        variable code, into the firmware/efi directory. Note that the efivars.c
        filename is kept to maintain backwards compatability with the old
        efivars.ko module. With this patch it is now possible for efivarfs
        to be built without CONFIG_EFI_VARS - Matt ]
      
      Cc: Seiji Aguchi <seiji.aguchi@hds.com>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Mike Waychison <mikew@google.com>
      Cc: Kay Sievers <kay@vrfy.org>
      Cc: Jeremy Kerr <jk@ozlabs.org>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Cc: Chun-Yi Lee <jlee@suse.com>
      Cc: Andy Whitcroft <apw@canonical.com>
      Cc: Tobias Powalowski <tpowa@archlinux.org>
      Signed-off-by: default avatarTom Gundersen <teg@jklm.no>
      Signed-off-by: default avatarMatt Fleming <matt.fleming@intel.com>
      a9499fa7
    • Matt Fleming's avatar
      efivarfs: Move to fs/efivarfs · d68772b7
      Matt Fleming authored
      Now that efivarfs uses the efivar API, move it out of efivars.c and
      into fs/efivarfs where it belongs. This move will eventually allow us
      to enable the efivarfs code without having to also enable
      CONFIG_EFI_VARS built, and vice versa.
      
      Furthermore, things like,
      
          mount -t efivarfs none /sys/firmware/efi/efivars
      
      will now work if efivarfs is built as a module without requiring the
      use of MODULE_ALIAS(), which would have been necessary when the
      efivarfs code was part of efivars.c.
      
      Cc: Matthew Garrett <matthew.garrett@nebula.com>
      Cc: Jeremy Kerr <jk@ozlabs.org>
      Reviewed-by: default avatarTom Gundersen <teg@jklm.no>
      Tested-by: default avatarTom Gundersen <teg@jklm.no>
      Signed-off-by: default avatarMatt Fleming <matt.fleming@intel.com>
      d68772b7