efi: Make efivarfs entries immutable by default

"rm -rf" is bricking some peoples' laptops because of variables being used to store non-reinitializable firmware driver data that's required to POST the hardware. These are 100% bugs, and they need to be fixed, but in the mean time it shouldn't be easy to *accidentally* brick machines. We have to have delete working, and picking which variables do and don't work for deletion is quite intractable, so instead make everything immutable by default (except for a whitelist), and make tools that aren't quite so broad-spectrum unset the immutable flag. Signed-off-by: Peter Jones <pjones@redhat.com> Tested-by: Lee, Chun-Yi <jlee@suse.com> Acked-by: Matthew Garrett <mjg59@coreos.com> Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
author: Peter Jones <pjones@redhat.com> 2016-02-08 14:48:15 -0500
committer: Matt Fleming <matt@codeblueprint.co.uk> 2016-02-10 11:25:52 -0500
commit: ed8b0de5a33d2a2557dce7f9429dca8cb5bc5879 (patch)
tree: 1dcd2e49cc432ae312677ec47453ec3abc18f1d2 /fs/efivarfs/super.c
parent: 8282f5d9c17fe15a9e658c06e3f343efae1a2a2f (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c
index 8651ac28ec0d..dd029d13ea61 100644
--- a/fs/efivarfs/super.c
+++ b/fs/efivarfs/super.c
@@ -120,6 +120,7 @@ static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor,
        char *name;
        int len;
        int err = -ENOMEM;
+        bool is_removable = false;
        entry = kzalloc(sizeof(*entry), GFP_KERNEL);
        if (!entry)
@@ -137,13 +138,17 @@ static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor,
        ucs2_as_utf8(name, entry->var.VariableName, len);
+        if (efivar_variable_is_removable(entry->var.VendorGuid, name, len))
+                is_removable = true;
        name[len] = '-';
        efi_guid_to_str(&entry->var.VendorGuid, name + len + 1);
        name[len + EFI_VARIABLE_GUID_LEN+1] = '\0';
-        inode = efivarfs_get_inode(sb, d_inode(root), S_IFREG | 0644, 0);
+        inode = efivarfs_get_inode(sb, d_inode(root), S_IFREG | 0644, 0,
+                                   is_removable);
        if (!inode)
                goto fail_name;
@@ -199,7 +204,7 @@ static int efivarfs_fill_super(struct super_block *sb, void *data, int silent)
        sb->s_d_op              = &efivarfs_d_ops;
        sb->s_time_gran         = 1;
-        inode = efivarfs_get_inode(sb, NULL, S_IFDIR | 0755, 0);
+        inode = efivarfs_get_inode(sb, NULL, S_IFDIR | 0755, 0, true);
        if (!inode)
                return -ENOMEM;
        inode->i_op = &efivarfs_dir_inode_operations;
author	Peter Jones <pjones@redhat.com>	2016-02-08 14:48:15 -0500
committer	Matt Fleming <matt@codeblueprint.co.uk>	2016-02-10 11:25:52 -0500
commit	ed8b0de5a33d2a2557dce7f9429dca8cb5bc5879 (patch)
tree	1dcd2e49cc432ae312677ec47453ec3abc18f1d2 /fs/efivarfs/super.c
parent	8282f5d9c17fe15a9e658c06e3f343efae1a2a2f (diff)