Re: [PATCH] efi: fix a race and a buffer overflow while reading efivars via sysfs

From: Vladis Dronov
Date: Tue Mar 03 2020 - 05:25:06 EST

Next message: Peter Zijlstra: "Re: [PATCH] threads: Update PID limit comment according to futex UAPI change"
Previous message: Thomas HellstrÃm (VMware): "Re: [PATCH v4 0/9] Huge page-table entries for TTM"
In reply to: Ard Biesheuvel: "Re: [PATCH] efi: fix a race and a buffer overflow while reading efivars via sysfs"
Next in thread: joeyli: "Re: [PATCH] efi: fix a race and a buffer overflow while reading efivars via sysfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello, Ard, all,

> > Wouldn't it be easier to pass a var_data_size stack variable into
> > efivar_entry_get(), and only update the value in 'var' if it is <=
> > 1024?
> >
>
> I was thinking about this approach, but this way we still do not protect
> var from a concurrent access. For example, efivar_data_read() can race
> with itself:

Oh, indeed, this race is not possible the way you sugget with a var_data_size
stack variable. Unfortunately, AFAIU, the read/write race stays:

> ... efivar read functions still can race with the write function
> efivar_store_raw(). Surely, the race window is much smaller but it is there.
> I strongly believe we need to protect all data accesses here with a lock.

Best regards,
Vladis Dronov | Red Hat, Inc. | The Core Kernel | Senior Software Engineer

Next message: Peter Zijlstra: "Re: [PATCH] threads: Update PID limit comment according to futex UAPI change"
Previous message: Thomas HellstrÃm (VMware): "Re: [PATCH v4 0/9] Huge page-table entries for TTM"
In reply to: Ard Biesheuvel: "Re: [PATCH] efi: fix a race and a buffer overflow while reading efivars via sysfs"
Next in thread: joeyli: "Re: [PATCH] efi: fix a race and a buffer overflow while reading efivars via sysfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]