lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1370276021.30695.4.camel@linux-s257.site>
Date:	Tue, 04 Jun 2013 00:13:40 +0800
From:	joeyli <jlee@...e.com>
To:	Matthew Garrett <matthew.garrett@...ula.com>
Cc:	rja@....com, mingo@...nel.org, torvalds@...ux-foundation.org,
	bp@...en8.de, jkosina@...e.cz, matt.fleming@...el.com,
	linux-efi@...r.kernel.org, x86@...nel.org,
	linux-kernel@...r.kernel.org, tglx@...utronix.de,
	hpa@...ux.intel.com, akpm@...ux-foundation.org, oneukum@...e.de
Subject: Re: [PATCH] Modify UEFI anti-bricking code

於 六,2013-06-01 於 16:06 -0400,Matthew Garrett 提到:
> +               unsigned long dummy_size = remaining_size + 1024;
> +               void *dummy = kmalloc(dummy_size, GFP_ATOMIC);
> +               efi_char16_t efi_name[6] = { 'D', 'U', 'M', 'M', 'Y', 0 };
> +               efi_guid_t guid = EFI_GUID(0x4424ac57, 0xbe4b, 0x47dd, 0x9e,
> +                                          0x97, 0xed, 0x50, 0xf0, 0x9f, 0x92,
> +                                          0xa9);
> +
> +               status = efi.set_variable(efi_name, &guid, attributes,
> +                                         dummy_size, dummy);
> +
> +               if (status == EFI_SUCCESS) {
> +                       /*
> +                        * This should have failed, so if it didn't make sure
> +                        * that we delete it...
> +                        */
> +                       efi.set_variable(efi_name, &guid, attributes, 0,
> +                                        dummy);
> +               } 

Oliver raised a question for if power fails between that succesful
attempt and the deletion?

Due to the create/delete operating are not atomic, I think that will be
better we try to delete DUMMY object in efi_enter_virtual_mode() or when
efivars initial.

The following diff tested on OVMF for delete DUMMY object when system
boot, for reference.


Thanks a lot!
Joey Lee


diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
index 63e167a..72770b0 100644
--- a/arch/x86/platform/efi/efi.c
+++ b/arch/x86/platform/efi/efi.c
@@ -861,6 +861,10 @@ void __init efi_enter_virtual_mode(void)
 	u64 end, systab, start_pfn, end_pfn;
 	void *p, *va, *new_memmap = NULL;
 	int count = 0;
+	efi_char16_t efi_name[6] = { 'D', 'U', 'M', 'M', 'Y', 0 };
+	efi_guid_t guid = EFI_GUID(0x4424ac57, 0xbe4b, 0x47dd, 0x9e,
+				   0x97, 0xed, 0x50, 0xf0, 0x9f, 0x92,
+				   0xa9);
 
 	efi.systab = NULL;
 
@@ -981,6 +985,9 @@ void __init efi_enter_virtual_mode(void)
 		runtime_code_page_mkexec();
 
 	kfree(new_memmap);
+
+	/* clean DUMMY object */
+	efi.set_variable(efi_name, &guid, 0, 0, NULL);
 }
 
 /*


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ