• Matt Fleming's avatar
    efi: Add pstore variables to the deletion whitelist · ba1b6019
    Matt Fleming authored
    commit e246eb56 upstream.
    
    Laszlo explains why this is a good idea,
    
     'This is because the pstore filesystem can be backed by UEFI variables,
      and (for example) a crash might dump the last kilobytes of the dmesg
      into a number of pstore entries, each entry backed by a separate UEFI
      variable in the above GUID namespace, and with a variable name
      according to the above pattern.
    
      Please see "drivers/firmware/efi/efi-pstore.c".
    
      While this patch series will not prevent the user from deleting those
      UEFI variables via the pstore filesystem (i.e., deleting a pstore fs
      entry will continue to delete the backing UEFI variable), I think it
      would be nice to preserve the possibility for the sysadmin to delete
      Linux-created UEFI variables that carry portions of the crash log,
      *without* having to mount the pstore filesystem.'
    
    There's also no chance of causing machines to become bricked by
    deleting these variables, which is the whole purpose of excluding
    things from the whitelist.
    
    Use the LINUX_EFI_CRASH_GUID guid and a wildcard '*' for the match so
    that we don't have to update the string in the future if new variable
    name formats are created for crash dump variables.
    Reported-by: default avatarLaszlo Ersek <lersek@redhat.com>
    Acked-by: default avatarPeter Jones <pjones@redhat.com>
    Tested-by: default avatarPeter Jones <pjones@redhat.com>
    Cc: Matthew Garrett <mjg59@srcf.ucam.org>
    Cc: "Lee, Chun-Yi" <jlee@suse.com>
    Signed-off-by: default avatarMatt Fleming <matt@codeblueprint.co.uk>
    Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
    
    ba1b6019
vars.c 28.9 KB