[PATCH] fs/efivarfs: Permit read-only access on platforms that lack SetVariable

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ard Biesheuvel <ardb@kernel.org>
To: linux-efi@vger.kernel.org
Cc: xypron.glpk@gmx.de, Ard Biesheuvel <ardb@kernel.org>,
	Ilias Apalodimas <ilias.apalodimas@linaro.org>
Subject: [PATCH] fs/efivarfs: Permit read-only access on platforms that lack SetVariable
Date: Wed,  8 Jul 2020 13:09:44 +0300	[thread overview]
Message-ID: <20200708100944.7213-1-ardb@kernel.org> (raw)

Commit

  bf67fad19e493b ("efi: Use more granular check for availability for variable services")

introduced a check into the efivarfs init code that aborts loading of the
module if not all three variable runtime services (GetVariable, SetVariable
and GetNextVariable) are supported. However, this results in efivarfs being
unavailable entirely if only SetVariable support is missing, which is only
needed if you want to make any modifications.

So let's relax this restriction, and only require the GetVariable services,
but force efivarfs to be mounted read-only if SetVariable is unsupported.

Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Fixes: bf67fad19e493b ("efi: Use more granular check for availability for variable services")
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 fs/efivarfs/super.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c
index 12c66f5d92dd..c12608f0dcd9 100644
--- a/fs/efivarfs/super.c
+++ b/fs/efivarfs/super.c
@@ -201,6 +201,9 @@ static int efivarfs_fill_super(struct super_block *sb, struct fs_context *fc)
 	sb->s_d_op		= &efivarfs_d_ops;
 	sb->s_time_gran         = 1;
 
+	if (!efi_rt_services_supported(EFI_RT_SUPPORTED_SET_VARIABLE))
+		sb->s_flags |= SB_RDONLY;
+
 	inode = efivarfs_get_inode(sb, NULL, S_IFDIR | 0755, 0, true);
 	if (!inode)
 		return -ENOMEM;
@@ -252,7 +255,8 @@ static struct file_system_type efivarfs_type = {
 
 static __init int efivarfs_init(void)
 {
-	if (!efi_rt_services_supported(EFI_RT_SUPPORTED_VARIABLE_SERVICES))
+	if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE |
+				       EFI_RT_SUPPORTED_GET_NEXT_VARIABLE_NAME))
 		return -ENODEV;
 
 	if (!efivars_kobject())
-- 
2.17.1

                 reply	other threads:[~2020-07-08 10:09 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:12c66f5d92d dfblob:c12608f0dcd )
 OR (
bs:"[PATCH] fs/efivarfs: Permit read-only access on platforms that lack SetVariable" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200708100944.7213-1-ardb@kernel.org \
    --to=ardb@kernel.org \
    --cc=ilias.apalodimas@linaro.org \
    --cc=linux-efi@vger.kernel.org \
    --cc=xypron.glpk@gmx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.