xref: /linux/fs/efivarfs/super.c (revision 17e548405a81665fd14cee960db7d093d1396400)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright (C) 2012 Red Hat, Inc.
4  * Copyright (C) 2012 Jeremy Kerr <jeremy.kerr@canonical.com>
5  */
6 
7 #include <linux/ctype.h>
8 #include <linux/efi.h>
9 #include <linux/fs.h>
10 #include <linux/fs_context.h>
11 #include <linux/fs_parser.h>
12 #include <linux/module.h>
13 #include <linux/pagemap.h>
14 #include <linux/ucs2_string.h>
15 #include <linux/slab.h>
16 #include <linux/suspend.h>
17 #include <linux/magic.h>
18 #include <linux/statfs.h>
19 #include <linux/notifier.h>
20 #include <linux/printk.h>
21 
22 #include "internal.h"
23 
24 static int efivarfs_ops_notifier(struct notifier_block *nb, unsigned long event,
25 				 void *data)
26 {
27 	struct efivarfs_fs_info *sfi = container_of(nb, struct efivarfs_fs_info, nb);
28 
29 	switch (event) {
30 	case EFIVAR_OPS_RDONLY:
31 		sfi->sb->s_flags |= SB_RDONLY;
32 		break;
33 	case EFIVAR_OPS_RDWR:
34 		sfi->sb->s_flags &= ~SB_RDONLY;
35 		break;
36 	default:
37 		return NOTIFY_DONE;
38 	}
39 
40 	return NOTIFY_OK;
41 }
42 
43 static struct inode *efivarfs_alloc_inode(struct super_block *sb)
44 {
45 	struct efivar_entry *entry = kzalloc(sizeof(*entry), GFP_KERNEL);
46 
47 	if (!entry)
48 		return NULL;
49 
50 	inode_init_once(&entry->vfs_inode);
51 	entry->removed = false;
52 
53 	return &entry->vfs_inode;
54 }
55 
56 static void efivarfs_free_inode(struct inode *inode)
57 {
58 	struct efivar_entry *entry = efivar_entry(inode);
59 
60 	kfree(entry);
61 }
62 
63 static int efivarfs_show_options(struct seq_file *m, struct dentry *root)
64 {
65 	struct super_block *sb = root->d_sb;
66 	struct efivarfs_fs_info *sbi = sb->s_fs_info;
67 	struct efivarfs_mount_opts *opts = &sbi->mount_opts;
68 
69 	if (!uid_eq(opts->uid, GLOBAL_ROOT_UID))
70 		seq_printf(m, ",uid=%u",
71 				from_kuid_munged(&init_user_ns, opts->uid));
72 	if (!gid_eq(opts->gid, GLOBAL_ROOT_GID))
73 		seq_printf(m, ",gid=%u",
74 				from_kgid_munged(&init_user_ns, opts->gid));
75 	return 0;
76 }
77 
78 static int efivarfs_statfs(struct dentry *dentry, struct kstatfs *buf)
79 {
80 	const u32 attr = EFI_VARIABLE_NON_VOLATILE |
81 			 EFI_VARIABLE_BOOTSERVICE_ACCESS |
82 			 EFI_VARIABLE_RUNTIME_ACCESS;
83 	u64 storage_space, remaining_space, max_variable_size;
84 	u64 id = huge_encode_dev(dentry->d_sb->s_dev);
85 	efi_status_t status;
86 
87 	/* Some UEFI firmware does not implement QueryVariableInfo() */
88 	storage_space = remaining_space = 0;
89 	if (efi_rt_services_supported(EFI_RT_SUPPORTED_QUERY_VARIABLE_INFO)) {
90 		status = efivar_query_variable_info(attr, &storage_space,
91 						    &remaining_space,
92 						    &max_variable_size);
93 		if (status != EFI_SUCCESS && status != EFI_UNSUPPORTED)
94 			pr_warn_ratelimited("query_variable_info() failed: 0x%lx\n",
95 					    status);
96 	}
97 
98 	/*
99 	 * This is not a normal filesystem, so no point in pretending it has a block
100 	 * size; we declare f_bsize to 1, so that we can then report the exact value
101 	 * sent by EFI QueryVariableInfo in f_blocks and f_bfree
102 	 */
103 	buf->f_bsize	= 1;
104 	buf->f_namelen	= NAME_MAX;
105 	buf->f_blocks	= storage_space;
106 	buf->f_bfree	= remaining_space;
107 	buf->f_type	= dentry->d_sb->s_magic;
108 	buf->f_fsid	= u64_to_fsid(id);
109 
110 	/*
111 	 * In f_bavail we declare the free space that the kernel will allow writing
112 	 * when the storage_paranoia x86 quirk is active. To use more, users
113 	 * should boot the kernel with efi_no_storage_paranoia.
114 	 */
115 	if (remaining_space > efivar_reserved_space())
116 		buf->f_bavail = remaining_space - efivar_reserved_space();
117 	else
118 		buf->f_bavail = 0;
119 
120 	return 0;
121 }
122 static const struct super_operations efivarfs_ops = {
123 	.statfs = efivarfs_statfs,
124 	.drop_inode = generic_delete_inode,
125 	.alloc_inode = efivarfs_alloc_inode,
126 	.free_inode = efivarfs_free_inode,
127 	.show_options = efivarfs_show_options,
128 };
129 
130 /*
131  * Compare two efivarfs file names.
132  *
133  * An efivarfs filename is composed of two parts,
134  *
135  *	1. A case-sensitive variable name
136  *	2. A case-insensitive GUID
137  *
138  * So we need to perform a case-sensitive match on part 1 and a
139  * case-insensitive match on part 2.
140  */
141 static int efivarfs_d_compare(const struct dentry *dentry,
142 			      unsigned int len, const char *str,
143 			      const struct qstr *name)
144 {
145 	int guid = len - EFI_VARIABLE_GUID_LEN;
146 
147 	if (name->len != len)
148 		return 1;
149 
150 	/* Case-sensitive compare for the variable name */
151 	if (memcmp(str, name->name, guid))
152 		return 1;
153 
154 	/* Case-insensitive compare for the GUID */
155 	return strncasecmp(name->name + guid, str + guid, EFI_VARIABLE_GUID_LEN);
156 }
157 
158 static int efivarfs_d_hash(const struct dentry *dentry, struct qstr *qstr)
159 {
160 	unsigned long hash = init_name_hash(dentry);
161 	const unsigned char *s = qstr->name;
162 	unsigned int len = qstr->len;
163 
164 	while (len-- > EFI_VARIABLE_GUID_LEN)
165 		hash = partial_name_hash(*s++, hash);
166 
167 	/* GUID is case-insensitive. */
168 	while (len--)
169 		hash = partial_name_hash(tolower(*s++), hash);
170 
171 	qstr->hash = end_name_hash(hash);
172 	return 0;
173 }
174 
175 static const struct dentry_operations efivarfs_d_ops = {
176 	.d_compare = efivarfs_d_compare,
177 	.d_hash = efivarfs_d_hash,
178 	.d_delete = always_delete_dentry,
179 };
180 
181 static struct dentry *efivarfs_alloc_dentry(struct dentry *parent, char *name)
182 {
183 	struct dentry *d;
184 	struct qstr q;
185 	int err;
186 
187 	q.name = name;
188 	q.len = strlen(name);
189 
190 	err = efivarfs_d_hash(parent, &q);
191 	if (err)
192 		return ERR_PTR(err);
193 
194 	d = d_alloc(parent, &q);
195 	if (d)
196 		return d;
197 
198 	return ERR_PTR(-ENOMEM);
199 }
200 
201 bool efivarfs_variable_is_present(efi_char16_t *variable_name,
202 				  efi_guid_t *vendor, void *data)
203 {
204 	char *name = efivar_get_utf8name(variable_name, vendor);
205 	struct super_block *sb = data;
206 	struct dentry *dentry;
207 	struct qstr qstr;
208 
209 	if (!name)
210 		/*
211 		 * If the allocation failed there'll already be an
212 		 * error in the log (and likely a huge and growing
213 		 * number of them since they system will be under
214 		 * extreme memory pressure), so simply assume
215 		 * collision for safety but don't add to the log
216 		 * flood.
217 		 */
218 		return true;
219 
220 	qstr.name = name;
221 	qstr.len = strlen(name);
222 	dentry = d_hash_and_lookup(sb->s_root, &qstr);
223 	kfree(name);
224 	if (!IS_ERR_OR_NULL(dentry))
225 		dput(dentry);
226 
227 	return dentry != NULL;
228 }
229 
230 static int efivarfs_create_dentry(struct super_block *sb, efi_char16_t *name16,
231 				  unsigned long name_size, efi_guid_t vendor,
232 				  char *name)
233 {
234 	struct efivar_entry *entry;
235 	struct inode *inode;
236 	struct dentry *dentry, *root = sb->s_root;
237 	unsigned long size = 0;
238 	int len;
239 	int err = -ENOMEM;
240 	bool is_removable = false;
241 
242 	/* length of the variable name itself: remove GUID and separator */
243 	len = strlen(name) - EFI_VARIABLE_GUID_LEN - 1;
244 
245 	if (efivar_variable_is_removable(vendor, name, len))
246 		is_removable = true;
247 
248 	inode = efivarfs_get_inode(sb, d_inode(root), S_IFREG | 0644, 0,
249 				   is_removable);
250 	if (!inode)
251 		goto fail_name;
252 
253 	entry = efivar_entry(inode);
254 
255 	memcpy(entry->var.VariableName, name16, name_size);
256 	memcpy(&(entry->var.VendorGuid), &vendor, sizeof(efi_guid_t));
257 
258 	dentry = efivarfs_alloc_dentry(root, name);
259 	if (IS_ERR(dentry)) {
260 		err = PTR_ERR(dentry);
261 		goto fail_inode;
262 	}
263 
264 	__efivar_entry_get(entry, NULL, &size, NULL);
265 
266 	/* copied by the above to local storage in the dentry. */
267 	kfree(name);
268 
269 	inode_lock(inode);
270 	inode->i_private = entry;
271 	i_size_write(inode, size + sizeof(__u32)); /* attributes + data */
272 	inode_unlock(inode);
273 	d_add(dentry, inode);
274 
275 	return 0;
276 
277 fail_inode:
278 	iput(inode);
279 fail_name:
280 	kfree(name);
281 
282 	return err;
283 }
284 
285 static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor,
286 			     unsigned long name_size, void *data)
287 {
288 	struct super_block *sb = (struct super_block *)data;
289 	char *name;
290 
291 	if (guid_equal(&vendor, &LINUX_EFI_RANDOM_SEED_TABLE_GUID))
292 		return 0;
293 
294 	name = efivar_get_utf8name(name16, &vendor);
295 	if (!name)
296 		return -ENOMEM;
297 
298 	return efivarfs_create_dentry(sb, name16, name_size, vendor, name);
299 }
300 
301 enum {
302 	Opt_uid, Opt_gid,
303 };
304 
305 static const struct fs_parameter_spec efivarfs_parameters[] = {
306 	fsparam_uid("uid", Opt_uid),
307 	fsparam_gid("gid", Opt_gid),
308 	{},
309 };
310 
311 static int efivarfs_parse_param(struct fs_context *fc, struct fs_parameter *param)
312 {
313 	struct efivarfs_fs_info *sbi = fc->s_fs_info;
314 	struct efivarfs_mount_opts *opts = &sbi->mount_opts;
315 	struct fs_parse_result result;
316 	int opt;
317 
318 	opt = fs_parse(fc, efivarfs_parameters, param, &result);
319 	if (opt < 0)
320 		return opt;
321 
322 	switch (opt) {
323 	case Opt_uid:
324 		opts->uid = result.uid;
325 		break;
326 	case Opt_gid:
327 		opts->gid = result.gid;
328 		break;
329 	default:
330 		return -EINVAL;
331 	}
332 
333 	return 0;
334 }
335 
336 static int efivarfs_fill_super(struct super_block *sb, struct fs_context *fc)
337 {
338 	struct efivarfs_fs_info *sfi = sb->s_fs_info;
339 	struct inode *inode = NULL;
340 	struct dentry *root;
341 	int err;
342 
343 	sb->s_maxbytes          = MAX_LFS_FILESIZE;
344 	sb->s_blocksize         = PAGE_SIZE;
345 	sb->s_blocksize_bits    = PAGE_SHIFT;
346 	sb->s_magic             = EFIVARFS_MAGIC;
347 	sb->s_op                = &efivarfs_ops;
348 	sb->s_d_op		= &efivarfs_d_ops;
349 	sb->s_time_gran         = 1;
350 
351 	if (!efivar_supports_writes())
352 		sb->s_flags |= SB_RDONLY;
353 
354 	inode = efivarfs_get_inode(sb, NULL, S_IFDIR | 0755, 0, true);
355 	if (!inode)
356 		return -ENOMEM;
357 	inode->i_op = &efivarfs_dir_inode_operations;
358 
359 	root = d_make_root(inode);
360 	sb->s_root = root;
361 	if (!root)
362 		return -ENOMEM;
363 
364 	sfi->sb = sb;
365 	sfi->nb.notifier_call = efivarfs_ops_notifier;
366 	err = blocking_notifier_chain_register(&efivar_ops_nh, &sfi->nb);
367 	if (err)
368 		return err;
369 
370 	register_pm_notifier(&sfi->pm_nb);
371 
372 	return efivar_init(efivarfs_callback, sb, true);
373 }
374 
375 static int efivarfs_get_tree(struct fs_context *fc)
376 {
377 	return get_tree_single(fc, efivarfs_fill_super);
378 }
379 
380 static int efivarfs_reconfigure(struct fs_context *fc)
381 {
382 	if (!efivar_supports_writes() && !(fc->sb_flags & SB_RDONLY)) {
383 		pr_err("Firmware does not support SetVariableRT. Can not remount with rw\n");
384 		return -EINVAL;
385 	}
386 
387 	return 0;
388 }
389 
390 static const struct fs_context_operations efivarfs_context_ops = {
391 	.get_tree	= efivarfs_get_tree,
392 	.parse_param	= efivarfs_parse_param,
393 	.reconfigure	= efivarfs_reconfigure,
394 };
395 
396 struct efivarfs_ctx {
397 	struct dir_context ctx;
398 	struct super_block *sb;
399 	struct dentry *dentry;
400 };
401 
402 static bool efivarfs_actor(struct dir_context *ctx, const char *name, int len,
403 			   loff_t offset, u64 ino, unsigned mode)
404 {
405 	unsigned long size;
406 	struct efivarfs_ctx *ectx = container_of(ctx, struct efivarfs_ctx, ctx);
407 	struct qstr qstr = { .name = name, .len = len };
408 	struct dentry *dentry = d_hash_and_lookup(ectx->sb->s_root, &qstr);
409 	struct inode *inode;
410 	struct efivar_entry *entry;
411 	int err;
412 
413 	if (IS_ERR_OR_NULL(dentry))
414 		return true;
415 
416 	inode = d_inode(dentry);
417 	entry = efivar_entry(inode);
418 
419 	err = efivar_entry_size(entry, &size);
420 	size += sizeof(__u32);	/* attributes */
421 	if (err)
422 		size = 0;
423 
424 	inode_lock_nested(inode, I_MUTEX_CHILD);
425 	i_size_write(inode, size);
426 	inode_unlock(inode);
427 
428 	if (!size) {
429 		ectx->dentry = dentry;
430 		return false;
431 	}
432 
433 	dput(dentry);
434 
435 	return true;
436 }
437 
438 static int efivarfs_check_missing(efi_char16_t *name16, efi_guid_t vendor,
439 				  unsigned long name_size, void *data)
440 {
441 	char *name;
442 	struct super_block *sb = data;
443 	struct dentry *dentry;
444 	struct qstr qstr;
445 	int err;
446 
447 	if (guid_equal(&vendor, &LINUX_EFI_RANDOM_SEED_TABLE_GUID))
448 		return 0;
449 
450 	name = efivar_get_utf8name(name16, &vendor);
451 	if (!name)
452 		return -ENOMEM;
453 
454 	qstr.name = name;
455 	qstr.len = strlen(name);
456 	dentry = d_hash_and_lookup(sb->s_root, &qstr);
457 	if (IS_ERR(dentry)) {
458 		err = PTR_ERR(dentry);
459 		goto out;
460 	}
461 
462 	if (!dentry) {
463 		/* found missing entry */
464 		pr_info("efivarfs: creating variable %s\n", name);
465 		return efivarfs_create_dentry(sb, name16, name_size, vendor, name);
466 	}
467 
468 	dput(dentry);
469 	err = 0;
470 
471  out:
472 	kfree(name);
473 
474 	return err;
475 }
476 
477 static void efivarfs_deactivate_super_work(struct work_struct *work)
478 {
479 	struct super_block *s = container_of(work, struct super_block,
480 					     destroy_work);
481 	/*
482 	 * note: here s->destroy_work is free for reuse (which
483 	 * will happen in deactivate_super)
484 	 */
485 	deactivate_super(s);
486 }
487 
488 static struct file_system_type efivarfs_type;
489 
490 static int efivarfs_pm_notify(struct notifier_block *nb, unsigned long action,
491 			      void *ptr)
492 {
493 	struct efivarfs_fs_info *sfi = container_of(nb, struct efivarfs_fs_info,
494 						    pm_nb);
495 	struct path path;
496 	struct efivarfs_ctx ectx = {
497 		.ctx = {
498 			.actor	= efivarfs_actor,
499 		},
500 		.sb = sfi->sb,
501 	};
502 	struct file *file;
503 	struct super_block *s = sfi->sb;
504 	static bool rescan_done = true;
505 
506 	if (action == PM_HIBERNATION_PREPARE) {
507 		rescan_done = false;
508 		return NOTIFY_OK;
509 	} else if (action != PM_POST_HIBERNATION) {
510 		return NOTIFY_DONE;
511 	}
512 
513 	if (rescan_done)
514 		return NOTIFY_DONE;
515 
516 	/* ensure single superblock is alive and pin it */
517 	if (!atomic_inc_not_zero(&s->s_active))
518 		return NOTIFY_DONE;
519 
520 	pr_info("efivarfs: resyncing variable state\n");
521 
522 	path.dentry = sfi->sb->s_root;
523 
524 	/*
525 	 * do not add SB_KERNMOUNT which a single superblock could
526 	 * expose to userspace and which also causes MNT_INTERNAL, see
527 	 * below
528 	 */
529 	path.mnt = vfs_kern_mount(&efivarfs_type, 0,
530 				  efivarfs_type.name, NULL);
531 	if (IS_ERR(path.mnt)) {
532 		pr_err("efivarfs: internal mount failed\n");
533 		/*
534 		 * We may be the last pinner of the superblock but
535 		 * calling efivarfs_kill_sb from within the notifier
536 		 * here would deadlock trying to unregister it
537 		 */
538 		INIT_WORK(&s->destroy_work, efivarfs_deactivate_super_work);
539 		schedule_work(&s->destroy_work);
540 		return PTR_ERR(path.mnt);
541 	}
542 
543 	/* path.mnt now has pin on superblock, so this must be above one */
544 	atomic_dec(&s->s_active);
545 
546 	file = kernel_file_open(&path, O_RDONLY | O_DIRECTORY | O_NOATIME,
547 				current_cred());
548 	/*
549 	 * safe even if last put because no MNT_INTERNAL means this
550 	 * will do delayed deactivate_super and not deadlock
551 	 */
552 	mntput(path.mnt);
553 	if (IS_ERR(file))
554 		return NOTIFY_DONE;
555 
556 	rescan_done = true;
557 
558 	/*
559 	 * First loop over the directory and verify each entry exists,
560 	 * removing it if it doesn't
561 	 */
562 	file->f_pos = 2;	/* skip . and .. */
563 	do {
564 		ectx.dentry = NULL;
565 		iterate_dir(file, &ectx.ctx);
566 		if (ectx.dentry) {
567 			pr_info("efivarfs: removing variable %pd\n",
568 				ectx.dentry);
569 			simple_recursive_removal(ectx.dentry, NULL);
570 			dput(ectx.dentry);
571 		}
572 	} while (ectx.dentry);
573 	fput(file);
574 
575 	/*
576 	 * then loop over variables, creating them if there's no matching
577 	 * dentry
578 	 */
579 	efivar_init(efivarfs_check_missing, sfi->sb, false);
580 
581 	return NOTIFY_OK;
582 }
583 
584 static int efivarfs_init_fs_context(struct fs_context *fc)
585 {
586 	struct efivarfs_fs_info *sfi;
587 
588 	if (!efivar_is_available())
589 		return -EOPNOTSUPP;
590 
591 	sfi = kzalloc(sizeof(*sfi), GFP_KERNEL);
592 	if (!sfi)
593 		return -ENOMEM;
594 
595 	sfi->mount_opts.uid = GLOBAL_ROOT_UID;
596 	sfi->mount_opts.gid = GLOBAL_ROOT_GID;
597 
598 	fc->s_fs_info = sfi;
599 	fc->ops = &efivarfs_context_ops;
600 
601 	sfi->pm_nb.notifier_call = efivarfs_pm_notify;
602 	sfi->pm_nb.priority = 0;
603 
604 	return 0;
605 }
606 
607 static void efivarfs_kill_sb(struct super_block *sb)
608 {
609 	struct efivarfs_fs_info *sfi = sb->s_fs_info;
610 
611 	blocking_notifier_chain_unregister(&efivar_ops_nh, &sfi->nb);
612 	kill_litter_super(sb);
613 	unregister_pm_notifier(&sfi->pm_nb);
614 
615 	kfree(sfi);
616 }
617 
618 static struct file_system_type efivarfs_type = {
619 	.owner   = THIS_MODULE,
620 	.name    = "efivarfs",
621 	.init_fs_context = efivarfs_init_fs_context,
622 	.kill_sb = efivarfs_kill_sb,
623 	.parameters = efivarfs_parameters,
624 };
625 
626 static __init int efivarfs_init(void)
627 {
628 	return register_filesystem(&efivarfs_type);
629 }
630 
631 static __exit void efivarfs_exit(void)
632 {
633 	unregister_filesystem(&efivarfs_type);
634 }
635 
636 MODULE_AUTHOR("Matthew Garrett, Jeremy Kerr");
637 MODULE_DESCRIPTION("EFI Variable Filesystem");
638 MODULE_LICENSE("GPL");
639 MODULE_ALIAS_FS("efivarfs");
640 
641 module_init(efivarfs_init);
642 module_exit(efivarfs_exit);
643