efi: vars: prohibit reading random seed variables

In anticipation of putting random seeds in EFI variables, it's important
that the random GUID namespace of variables remains hidden from
userspace. We accomplish this by not populating efivarfs with entries
from that GUID, as well as denying the creation of new ones in that
GUID.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>

diff --git a/fs/efivarfs/inode.c b/fs/efivarfs/inode.c
index 939e5e242b985bd8aa6024bc716c70afb549e492..617f3ad2485e8ce154883bbda8f66ba7413eec42 100644 (file)
--- a/fs/efivarfs/inode.c
+++ b/fs/efivarfs/inode.c
@@ -91,6 +91,10 @@ static int efivarfs_create(struct user_namespace *mnt_userns, struct inode *dir,
        err = guid_parse(dentry->d_name.name + namelen + 1, &var->var.VendorGuid);
        if (err)
                goto out;
+       if (guid_equal(&var->var.VendorGuid, &LINUX_EFI_RANDOM_SEED_TABLE_GUID)) {
+               err = -EPERM;
+               goto out;
+       }
 
        if (efivar_variable_is_removable(var->var.VendorGuid,
                                         dentry->d_name.name, namelen))

diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c
index 6780fc81cc11f0d22a4636cfb09b24370563df5a..07e82e246666ef9a0cd59ae3594715ee69f46125 100644 (file)
--- a/fs/efivarfs/super.c
+++ b/fs/efivarfs/super.c
@@ -116,6 +116,9 @@ static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor,
        int err = -ENOMEM;
        bool is_removable = false;
 
+       if (guid_equal(&vendor, &LINUX_EFI_RANDOM_SEED_TABLE_GUID))
+               return 0;
+
        entry = kzalloc(sizeof(*entry), GFP_KERNEL);
        if (!entry)
                return err;