lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250331-work-freeze-v1-0-6dfbe8253b9f@kernel.org>
Date: Mon, 31 Mar 2025 14:42:10 +0200
From: Christian Brauner <brauner@...nel.org>
To: linux-fsdevel@...r.kernel.org,
	jack@...e.cz,
	Ard Biesheuvel <ardb@...nel.org>
Cc: Christian Brauner <brauner@...nel.org>,
	linux-efi@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	James Bottomley <James.Bottomley@...senpartnership.com>,
	mcgrof@...nel.org,
	hch@...radead.org,
	david@...morbit.com,
	rafael@...nel.org,
	djwong@...nel.org,
	pavel@...nel.org,
	peterz@...radead.org,
	mingo@...hat.com,
	will@...nel.org,
	boqun.feng@...il.com
Subject: [PATCH 0/2] efivarfs: support freeze/thaw

Allow efivarfs to partake to resync variable state during system
hibernation and suspend. Add freeze/thaw support.

This is a pretty straightforward implementation. We simply add regular
freeze/thaw support for both userspace and the kernel. This works
without any big issues and congrats afaict efivars is the first
pseudofilesystem that adds support for filesystem freezing and thawing.

The simplicity comes from the fact that we simply always resync variable
state after efivarfs has been frozen. It doesn't matter whether that's
because of suspend, userspace initiated freeze or hibernation. Efivars
is simple enough that it doesn't matter that we walk all dentries. There
are no directories and there aren't insane amounts of entries and both
freeze/thaw are already heavy-handed operations. If userspace initiated
a freeze/thaw cycle they would need CAP_SYS_ADMIN in the initial user
namespace (as that's where efivarfs is mounted) so it can't be triggered
by random userspace. IOW, we really really don't care.

@Ard, if you're fine with this (and agree with the patch) I'd carry this
on a stable branch vfs-6.16.super that you can pull into efivarfs once
-rc1 is out.

Signed-off-by: Christian Brauner <brauner@...nel.org>
---
Christian Brauner (2):
      libfs: export find_next_child()
      efivarfs: support freeze/thaw

 fs/efivarfs/internal.h |   1 -
 fs/efivarfs/super.c    | 196 +++++++++++++------------------------------------
 fs/internal.h          |   1 +
 fs/libfs.c             |   3 +-
 4 files changed, 54 insertions(+), 147 deletions(-)
---
base-commit: 8876e79faf32838d05488996b896cb40247a4a8a
change-id: 20250331-work-freeze-ae6260c405b9

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ