Re: [PATCH 6.1] efivarfs: Move efivarfs list into superblock s_fs_info
From: Ard Biesheuvel
Date: Fri Mar 21 2025 - 15:01:30 EST
On Fri, 21 Mar 2025 at 19:40, Alexey Nepomnyashih <sdl@xxxxxxxx> wrote:
>
> From: Ard Biesheuvel <ardb@xxxxxxxxxx>
>
> commit cdb46a8aefbf7fd36772bb206aaaf7e45d7cf8f6 upstream.
>
> syzbot reports issues with concurrent fsopen()/fsconfig() invocations on
> efivarfs, which are the result of the fact that the efivarfs list (which
> caches the names and GUIDs of existing EFI variables) is a global
> structure. In normal use, these issues are unlikely to trigger, even in
> the presence of multiple mounts of efivarfs, but the execution pattern
> used by the syzkaller reproducer may result in multiple instances of the
> superblock that share the global efivarfs list, and this causes list
> corruption when the list is reinitialized by one user while another is
> traversing it.
>
> So let's move the list head into the superblock s_fs_info field, so that
> it will never be shared between distinct instances of the superblock. In
> the common case, there will still be a single instance of this list, but
> in the artificial syzkaller case, no list corruption can occur any
> longer.
>
> Reported-by: syzbot+1902c359bfcaf39c46f2@xxxxxxxxxxxxxxxxxxxxxxxxx
> Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
> Reported-by: syzbot+246ea4feed277471958a@xxxxxxxxxxxxxxxxxxxxxxxxx
> Closes: https://syzkaller.appspot.com/bug?extid=246ea4feed277471958a
> Signed-off-by: Alexey Nepomnyashih <sdl@xxxxxxxx>
> ---
> fs/efivarfs/inode.c | 3 ++-
> fs/efivarfs/internal.h | 9 ++++++---
> fs/efivarfs/super.c | 26 +++++++++++++++++---------
> fs/efivarfs/vars.c | 5 +++--
> 4 files changed, 28 insertions(+), 15 deletions(-)
>
The original commit has
fs/efivarfs/inode.c | 3 ++-
fs/efivarfs/internal.h | 6 +++---
fs/efivarfs/super.c | 19 ++++++++++---------
fs/efivarfs/vars.c | 5 +++--
4 files changed, 18 insertions(+), 15 deletions(-)
so you will need to explain where those extra 10 lines came from.