[0/2] efivarfs: fix ability to mimic uncommitted variables

Message

James Bottomley Jan. 19, 2025, 2:59 p.m. UTC

The use of simple_setattr in efivarfs means that anyone who can write
to the variable (which is usually only root) can set the cached inode
size to an arbitrary value (including truncating it to zero).  This
value, while not transmitted on to the underlying variable, does show
up on stat and means that anyone who can write to the variable file
can also make any variable mimic an uncommitted one (a variable with
zero size) which is checked by certain programmes that use EFI
variables, like systemd.  This problem can be fixed by not allowing
anything except a successful variable update to change the inode size.

I also added a regression test to make sure the problem behaviour
isn't reintroduced.

James

---

James Bottomley (2):
  efivarfs: prevent setting of zero size on the inodes in the cache
  selftests/efivarfs: add check for disallowing file truncation

 fs/efivarfs/inode.c                          | 17 +++++++++++++++
 tools/testing/selftests/efivarfs/efivarfs.sh | 23 ++++++++++++++++++++
 2 files changed, 40 insertions(+)