1d2912cb1SThomas Gleixner // SPDX-License-Identifier: GPL-2.0-only 2d68772b7SMatt Fleming /* 3d68772b7SMatt Fleming * Copyright (C) 2012 Red Hat, Inc. 4d68772b7SMatt Fleming * Copyright (C) 2012 Jeremy Kerr <jeremy.kerr@canonical.com> 5d68772b7SMatt Fleming */ 6d68772b7SMatt Fleming 7d68772b7SMatt Fleming #include <linux/efi.h> 8d68772b7SMatt Fleming #include <linux/fs.h> 9d68772b7SMatt Fleming #include <linux/ctype.h> 10ff04f3b6SArd Biesheuvel #include <linux/kmemleak.h> 1120b4fb48SLinus Torvalds #include <linux/slab.h> 128236431dSAndy Shevchenko #include <linux/uuid.h> 13d701ea28SMiklos Szeredi #include <linux/fileattr.h> 14d68772b7SMatt Fleming 15d68772b7SMatt Fleming #include "internal.h" 16d68772b7SMatt Fleming 17d701ea28SMiklos Szeredi static const struct inode_operations efivarfs_file_inode_operations; 18d701ea28SMiklos Szeredi 19d68772b7SMatt Fleming struct inode *efivarfs_get_inode(struct super_block *sb, 20ed8b0de5SPeter Jones const struct inode *dir, int mode, 21ed8b0de5SPeter Jones dev_t dev, bool is_removable) 22d68772b7SMatt Fleming { 23d68772b7SMatt Fleming struct inode *inode = new_inode(sb); 24d68772b7SMatt Fleming 25d68772b7SMatt Fleming if (inode) { 26d68772b7SMatt Fleming inode->i_ino = get_next_ino(); 27d68772b7SMatt Fleming inode->i_mode = mode; 28078cd827SDeepa Dinamani inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode); 29ed8b0de5SPeter Jones inode->i_flags = is_removable ? 0 : S_IMMUTABLE; 30d68772b7SMatt Fleming switch (mode & S_IFMT) { 31d68772b7SMatt Fleming case S_IFREG: 32d701ea28SMiklos Szeredi inode->i_op = &efivarfs_file_inode_operations; 33d68772b7SMatt Fleming inode->i_fop = &efivarfs_file_operations; 34d68772b7SMatt Fleming break; 35d68772b7SMatt Fleming case S_IFDIR: 36d68772b7SMatt Fleming inode->i_op = &efivarfs_dir_inode_operations; 37d68772b7SMatt Fleming inode->i_fop = &simple_dir_operations; 38d68772b7SMatt Fleming inc_nlink(inode); 39d68772b7SMatt Fleming break; 40d68772b7SMatt Fleming } 41d68772b7SMatt Fleming } 42d68772b7SMatt Fleming return inode; 43d68772b7SMatt Fleming } 44d68772b7SMatt Fleming 45d68772b7SMatt Fleming /* 46d68772b7SMatt Fleming * Return true if 'str' is a valid efivarfs filename of the form, 47d68772b7SMatt Fleming * 48d68772b7SMatt Fleming * VariableName-12345678-1234-1234-1234-1234567891bc 49d68772b7SMatt Fleming */ 50d68772b7SMatt Fleming bool efivarfs_valid_name(const char *str, int len) 51d68772b7SMatt Fleming { 52d68772b7SMatt Fleming const char *s = str + len - EFI_VARIABLE_GUID_LEN; 53d68772b7SMatt Fleming 54d68772b7SMatt Fleming /* 55d68772b7SMatt Fleming * We need a GUID, plus at least one letter for the variable name, 56d68772b7SMatt Fleming * plus the '-' separator 57d68772b7SMatt Fleming */ 58d68772b7SMatt Fleming if (len < EFI_VARIABLE_GUID_LEN + 2) 59d68772b7SMatt Fleming return false; 60d68772b7SMatt Fleming 61d68772b7SMatt Fleming /* GUID must be preceded by a '-' */ 62d68772b7SMatt Fleming if (*(s - 1) != '-') 63d68772b7SMatt Fleming return false; 64d68772b7SMatt Fleming 65d68772b7SMatt Fleming /* 66d68772b7SMatt Fleming * Validate that 's' is of the correct format, e.g. 67d68772b7SMatt Fleming * 68d68772b7SMatt Fleming * 12345678-1234-1234-1234-123456789abc 69d68772b7SMatt Fleming */ 708236431dSAndy Shevchenko return uuid_is_valid(s); 71d68772b7SMatt Fleming } 72d68772b7SMatt Fleming 736c960e68SChristian Brauner static int efivarfs_create(struct mnt_idmap *idmap, struct inode *dir, 74549c7297SChristian Brauner struct dentry *dentry, umode_t mode, bool excl) 75d68772b7SMatt Fleming { 76ed8b0de5SPeter Jones struct inode *inode = NULL; 77d68772b7SMatt Fleming struct efivar_entry *var; 78d68772b7SMatt Fleming int namelen, i = 0, err = 0; 79ed8b0de5SPeter Jones bool is_removable = false; 80d68772b7SMatt Fleming 81d68772b7SMatt Fleming if (!efivarfs_valid_name(dentry->d_name.name, dentry->d_name.len)) 82d68772b7SMatt Fleming return -EINVAL; 83d68772b7SMatt Fleming 84d68772b7SMatt Fleming var = kzalloc(sizeof(struct efivar_entry), GFP_KERNEL); 85ed8b0de5SPeter Jones if (!var) 86ed8b0de5SPeter Jones return -ENOMEM; 87d68772b7SMatt Fleming 88d68772b7SMatt Fleming /* length of the variable name itself: remove GUID and separator */ 89d68772b7SMatt Fleming namelen = dentry->d_name.len - EFI_VARIABLE_GUID_LEN - 1; 90d68772b7SMatt Fleming 91c4326563SAndy Shevchenko err = guid_parse(dentry->d_name.name + namelen + 1, &var->var.VendorGuid); 92c4326563SAndy Shevchenko if (err) 93c4326563SAndy Shevchenko goto out; 9463ffb573SJason A. Donenfeld if (guid_equal(&var->var.VendorGuid, &LINUX_EFI_RANDOM_SEED_TABLE_GUID)) { 9563ffb573SJason A. Donenfeld err = -EPERM; 9663ffb573SJason A. Donenfeld goto out; 9763ffb573SJason A. Donenfeld } 98d68772b7SMatt Fleming 99ed8b0de5SPeter Jones if (efivar_variable_is_removable(var->var.VendorGuid, 100ed8b0de5SPeter Jones dentry->d_name.name, namelen)) 101ed8b0de5SPeter Jones is_removable = true; 102ed8b0de5SPeter Jones 103ed8b0de5SPeter Jones inode = efivarfs_get_inode(dir->i_sb, dir, mode, 0, is_removable); 104ed8b0de5SPeter Jones if (!inode) { 105ed8b0de5SPeter Jones err = -ENOMEM; 106ed8b0de5SPeter Jones goto out; 107ed8b0de5SPeter Jones } 108ed8b0de5SPeter Jones 109d68772b7SMatt Fleming for (i = 0; i < namelen; i++) 110d68772b7SMatt Fleming var->var.VariableName[i] = dentry->d_name.name[i]; 111d68772b7SMatt Fleming 112d68772b7SMatt Fleming var->var.VariableName[i] = '\0'; 113d68772b7SMatt Fleming 114d68772b7SMatt Fleming inode->i_private = var; 115ff04f3b6SArd Biesheuvel kmemleak_ignore(var); 116d68772b7SMatt Fleming 11721b3ddd3SSylvain Chouleur err = efivar_entry_add(var, &efivarfs_list); 11821b3ddd3SSylvain Chouleur if (err) 11921b3ddd3SSylvain Chouleur goto out; 12021b3ddd3SSylvain Chouleur 121d68772b7SMatt Fleming d_instantiate(dentry, inode); 122d68772b7SMatt Fleming dget(dentry); 123d68772b7SMatt Fleming out: 124d68772b7SMatt Fleming if (err) { 125d68772b7SMatt Fleming kfree(var); 126ed8b0de5SPeter Jones if (inode) 127d68772b7SMatt Fleming iput(inode); 128d68772b7SMatt Fleming } 129d68772b7SMatt Fleming return err; 130d68772b7SMatt Fleming } 131d68772b7SMatt Fleming 132d68772b7SMatt Fleming static int efivarfs_unlink(struct inode *dir, struct dentry *dentry) 133d68772b7SMatt Fleming { 1342b0143b5SDavid Howells struct efivar_entry *var = d_inode(dentry)->i_private; 135d68772b7SMatt Fleming 136d68772b7SMatt Fleming if (efivar_entry_delete(var)) 137d68772b7SMatt Fleming return -EINVAL; 138d68772b7SMatt Fleming 1392b0143b5SDavid Howells drop_nlink(d_inode(dentry)); 140d68772b7SMatt Fleming dput(dentry); 141d68772b7SMatt Fleming return 0; 142d68772b7SMatt Fleming }; 143d68772b7SMatt Fleming 144d68772b7SMatt Fleming const struct inode_operations efivarfs_dir_inode_operations = { 1456e8cd2cbSAl Viro .lookup = simple_lookup, 146d68772b7SMatt Fleming .unlink = efivarfs_unlink, 147d68772b7SMatt Fleming .create = efivarfs_create, 148d68772b7SMatt Fleming }; 149d701ea28SMiklos Szeredi 150d701ea28SMiklos Szeredi static int 151d701ea28SMiklos Szeredi efivarfs_fileattr_get(struct dentry *dentry, struct fileattr *fa) 152d701ea28SMiklos Szeredi { 153d701ea28SMiklos Szeredi unsigned int i_flags; 154d701ea28SMiklos Szeredi unsigned int flags = 0; 155d701ea28SMiklos Szeredi 156d701ea28SMiklos Szeredi i_flags = d_inode(dentry)->i_flags; 157d701ea28SMiklos Szeredi if (i_flags & S_IMMUTABLE) 158d701ea28SMiklos Szeredi flags |= FS_IMMUTABLE_FL; 159d701ea28SMiklos Szeredi 160d701ea28SMiklos Szeredi fileattr_fill_flags(fa, flags); 161d701ea28SMiklos Szeredi 162d701ea28SMiklos Szeredi return 0; 163d701ea28SMiklos Szeredi } 164d701ea28SMiklos Szeredi 165d701ea28SMiklos Szeredi static int 166*8782a9aeSChristian Brauner efivarfs_fileattr_set(struct mnt_idmap *idmap, 167d701ea28SMiklos Szeredi struct dentry *dentry, struct fileattr *fa) 168d701ea28SMiklos Szeredi { 169d701ea28SMiklos Szeredi unsigned int i_flags = 0; 170d701ea28SMiklos Szeredi 171d701ea28SMiklos Szeredi if (fileattr_has_fsx(fa)) 172d701ea28SMiklos Szeredi return -EOPNOTSUPP; 173d701ea28SMiklos Szeredi 174d701ea28SMiklos Szeredi if (fa->flags & ~FS_IMMUTABLE_FL) 175d701ea28SMiklos Szeredi return -EOPNOTSUPP; 176d701ea28SMiklos Szeredi 177d701ea28SMiklos Szeredi if (fa->flags & FS_IMMUTABLE_FL) 178d701ea28SMiklos Szeredi i_flags |= S_IMMUTABLE; 179d701ea28SMiklos Szeredi 180d701ea28SMiklos Szeredi inode_set_flags(d_inode(dentry), i_flags, S_IMMUTABLE); 181d701ea28SMiklos Szeredi 182d701ea28SMiklos Szeredi return 0; 183d701ea28SMiklos Szeredi } 184d701ea28SMiklos Szeredi 185d701ea28SMiklos Szeredi static const struct inode_operations efivarfs_file_inode_operations = { 186d701ea28SMiklos Szeredi .fileattr_get = efivarfs_fileattr_get, 187d701ea28SMiklos Szeredi .fileattr_set = efivarfs_fileattr_set, 188d701ea28SMiklos Szeredi }; 189