Commit 496a0fc8 authored by Matt Domsch's avatar Matt Domsch Committed by Linus Torvalds

[PATCH] Fix race in efi variable delete code

Fix race when deleting an EFI variable and issuing another EFI command on
the same variable.  The removal of the variable from the efivars_list
should be done in efivar_delete and not delayed until the kobject release.

Furthermore, remove the item from the list at module unload time, and use
list_for_each_entry_safe() rather than list_for_each_safe() for
readability.

Tested on ia64.
Signed-off-by: default avatarPrarit Bhargava <prarit@redhat.com>
Signed-off-by: default avatarMatt Domsch <Matt_Domsch@dell.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 01f20734
...@@ -122,8 +122,6 @@ struct efivar_entry { ...@@ -122,8 +122,6 @@ struct efivar_entry {
struct kobject kobj; struct kobject kobj;
}; };
#define get_efivar_entry(n) list_entry(n, struct efivar_entry, list)
struct efivar_attribute { struct efivar_attribute {
struct attribute attr; struct attribute attr;
ssize_t (*show) (struct efivar_entry *entry, char *buf); ssize_t (*show) (struct efivar_entry *entry, char *buf);
...@@ -386,9 +384,6 @@ static struct sysfs_ops efivar_attr_ops = { ...@@ -386,9 +384,6 @@ static struct sysfs_ops efivar_attr_ops = {
static void efivar_release(struct kobject *kobj) static void efivar_release(struct kobject *kobj)
{ {
struct efivar_entry *var = container_of(kobj, struct efivar_entry, kobj); struct efivar_entry *var = container_of(kobj, struct efivar_entry, kobj);
spin_lock(&efivars_lock);
list_del(&var->list);
spin_unlock(&efivars_lock);
kfree(var); kfree(var);
} }
...@@ -430,9 +425,8 @@ static ssize_t ...@@ -430,9 +425,8 @@ static ssize_t
efivar_create(struct subsystem *sub, const char *buf, size_t count) efivar_create(struct subsystem *sub, const char *buf, size_t count)
{ {
struct efi_variable *new_var = (struct efi_variable *)buf; struct efi_variable *new_var = (struct efi_variable *)buf;
struct efivar_entry *search_efivar = NULL; struct efivar_entry *search_efivar, *n;
unsigned long strsize1, strsize2; unsigned long strsize1, strsize2;
struct list_head *pos, *n;
efi_status_t status = EFI_NOT_FOUND; efi_status_t status = EFI_NOT_FOUND;
int found = 0; int found = 0;
...@@ -444,8 +438,7 @@ efivar_create(struct subsystem *sub, const char *buf, size_t count) ...@@ -444,8 +438,7 @@ efivar_create(struct subsystem *sub, const char *buf, size_t count)
/* /*
* Does this variable already exist? * Does this variable already exist?
*/ */
list_for_each_safe(pos, n, &efivar_list) { list_for_each_entry_safe(search_efivar, n, &efivar_list, list) {
search_efivar = get_efivar_entry(pos);
strsize1 = utf8_strsize(search_efivar->var.VariableName, 1024); strsize1 = utf8_strsize(search_efivar->var.VariableName, 1024);
strsize2 = utf8_strsize(new_var->VariableName, 1024); strsize2 = utf8_strsize(new_var->VariableName, 1024);
if (strsize1 == strsize2 && if (strsize1 == strsize2 &&
...@@ -490,9 +483,8 @@ static ssize_t ...@@ -490,9 +483,8 @@ static ssize_t
efivar_delete(struct subsystem *sub, const char *buf, size_t count) efivar_delete(struct subsystem *sub, const char *buf, size_t count)
{ {
struct efi_variable *del_var = (struct efi_variable *)buf; struct efi_variable *del_var = (struct efi_variable *)buf;
struct efivar_entry *search_efivar = NULL; struct efivar_entry *search_efivar, *n;
unsigned long strsize1, strsize2; unsigned long strsize1, strsize2;
struct list_head *pos, *n;
efi_status_t status = EFI_NOT_FOUND; efi_status_t status = EFI_NOT_FOUND;
int found = 0; int found = 0;
...@@ -504,8 +496,7 @@ efivar_delete(struct subsystem *sub, const char *buf, size_t count) ...@@ -504,8 +496,7 @@ efivar_delete(struct subsystem *sub, const char *buf, size_t count)
/* /*
* Does this variable already exist? * Does this variable already exist?
*/ */
list_for_each_safe(pos, n, &efivar_list) { list_for_each_entry_safe(search_efivar, n, &efivar_list, list) {
search_efivar = get_efivar_entry(pos);
strsize1 = utf8_strsize(search_efivar->var.VariableName, 1024); strsize1 = utf8_strsize(search_efivar->var.VariableName, 1024);
strsize2 = utf8_strsize(del_var->VariableName, 1024); strsize2 = utf8_strsize(del_var->VariableName, 1024);
if (strsize1 == strsize2 && if (strsize1 == strsize2 &&
...@@ -537,9 +528,9 @@ efivar_delete(struct subsystem *sub, const char *buf, size_t count) ...@@ -537,9 +528,9 @@ efivar_delete(struct subsystem *sub, const char *buf, size_t count)
spin_unlock(&efivars_lock); spin_unlock(&efivars_lock);
return -EIO; return -EIO;
} }
list_del(&search_efivar->list);
/* We need to release this lock before unregistering. */ /* We need to release this lock before unregistering. */
spin_unlock(&efivars_lock); spin_unlock(&efivars_lock);
efivar_unregister(search_efivar); efivar_unregister(search_efivar);
/* It's dead Jim.... */ /* It's dead Jim.... */
...@@ -768,10 +759,14 @@ efivars_init(void) ...@@ -768,10 +759,14 @@ efivars_init(void)
static void __exit static void __exit
efivars_exit(void) efivars_exit(void)
{ {
struct list_head *pos, *n; struct efivar_entry *entry, *n;
list_for_each_safe(pos, n, &efivar_list) list_for_each_entry_safe(entry, n, &efivar_list, list) {
efivar_unregister(get_efivar_entry(pos)); spin_lock(&efivars_lock);
list_del(&entry->list);
spin_unlock(&efivars_lock);
efivar_unregister(entry);
}
subsystem_unregister(&vars_subsys); subsystem_unregister(&vars_subsys);
firmware_unregister(&efi_subsys); firmware_unregister(&efi_subsys);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment