lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAMj1kXEXRtprufPX-BYxsuafcZTxxRz1kMb2+3KxjWg9Wg16SQ@mail.gmail.com>
Date: Mon, 31 Mar 2025 16:05:44 +0200
From: Ard Biesheuvel <ardb@...nel.org>
To: Christian Brauner <brauner@...nel.org>
Cc: linux-fsdevel@...r.kernel.org, jack@...e.cz, linux-efi@...r.kernel.org, 
	linux-kernel@...r.kernel.org, 
	James Bottomley <James.Bottomley@...senpartnership.com>, mcgrof@...nel.org, 
	hch@...radead.org, david@...morbit.com, rafael@...nel.org, djwong@...nel.org, 
	pavel@...nel.org, peterz@...radead.org, mingo@...hat.com, will@...nel.org, 
	boqun.feng@...il.com
Subject: Re: [PATCH 0/2] efivarfs: support freeze/thaw

On Mon, 31 Mar 2025 at 14:42, Christian Brauner <brauner@...nel.org> wrote:
>
> Allow efivarfs to partake to resync variable state during system
> hibernation and suspend. Add freeze/thaw support.
>
> This is a pretty straightforward implementation. We simply add regular
> freeze/thaw support for both userspace and the kernel. This works
> without any big issues and congrats afaict efivars is the first
> pseudofilesystem that adds support for filesystem freezing and thawing.
>
> The simplicity comes from the fact that we simply always resync variable
> state after efivarfs has been frozen. It doesn't matter whether that's
> because of suspend, userspace initiated freeze or hibernation. Efivars
> is simple enough that it doesn't matter that we walk all dentries. There
> are no directories and there aren't insane amounts of entries and both
> freeze/thaw are already heavy-handed operations. If userspace initiated
> a freeze/thaw cycle they would need CAP_SYS_ADMIN in the initial user
> namespace (as that's where efivarfs is mounted) so it can't be triggered
> by random userspace. IOW, we really really don't care.
>
> @Ard, if you're fine with this (and agree with the patch) I'd carry this
> on a stable branch vfs-6.16.super that you can pull into efivarfs once
> -rc1 is out.
>
> Signed-off-by: Christian Brauner <brauner@...nel.org>
> ---
> Christian Brauner (2):
>       libfs: export find_next_child()
>       efivarfs: support freeze/thaw
>

This looks fine to me: I'm a EFI expert not a VFS expert so I am quite
pleased that you have taken the time to implement this properly.

Acked-by: Ard Biesheuvel <ardb@...nel.org>

I don't anticipate a lot of parallel development going on in efivarfs
so taking this through the VFS tree is fine. I'll let you know if/when
I merge it into the EFI tree so feel free to rebase/tweak the branch
otherwise.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ