efi_loader: update attribute check for QueryVariableInfo()

author Masahisa Kojima <masahisa.kojima@linaro.org>

Thu, 2 Feb 2023 13:53:35 +0000 (22:53 +0900)

committer Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

Fri, 10 Feb 2023 12:05:39 +0000 (13:05 +0100)
author Masahisa Kojima <masahisa.kojima@linaro.org>
Thu, 2 Feb 2023 13:53:35 +0000 (22:53 +0900)
committer Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Fri, 10 Feb 2023 12:05:39 +0000 (13:05 +0100)
diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c

index eb837027818a3ebbcf0663c86af65f4a087e7e46..ad50bffd2b26688a9d1fe579df794e4c420f0431 100644 (file)
--- a/lib/efi_loader/efi_var_common.c
+++ b/lib/efi_loader/efi_var_common.c
@@ -165,17 +165,9 @@ efi_status_t EFIAPI efi_query_variable_info(
  
         if (!maximum_variable_storage_size ||
             !remaining_variable_storage_size ||
-           !maximum_variable_size ||
-           !(attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS))
+           !maximum_variable_size)
                 return EFI_EXIT(EFI_INVALID_PARAMETER);
  
-       if ((attributes & ~(u32)EFI_VARIABLE_MASK) ||
-           (attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) ||
-           (attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) ||
-           (!IS_ENABLED(CONFIG_EFI_SECURE_BOOT) &&
-            (attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)))
-               return EFI_EXIT(EFI_UNSUPPORTED);
-
         ret = efi_query_variable_info_int(attributes,
                                           maximum_variable_storage_size,
                                           remaining_variable_storage_size,
diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c

index 7c32adf6e5b7def8cd3f9f17c9e01c2f7698b4d3..4d4dfa6b15e13a6dd5b49c315cf120f325c420e4 100644 (file)
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -349,6 +349,29 @@ efi_status_t efi_query_variable_info_int(u32 attributes,
                                          u64 *remaining_variable_storage_size,
                                          u64 *maximum_variable_size)
  {
+       if (attributes == 0)
+               return EFI_INVALID_PARAMETER;
+
+       /* EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated */
+       if ((attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) ||
+           ((attributes & EFI_VARIABLE_MASK) == 0))
+               return EFI_UNSUPPORTED;
+
+       if ((attributes & EFI_VARIABLE_MASK) == EFI_VARIABLE_NON_VOLATILE)
+               return EFI_INVALID_PARAMETER;
+
+       /* Make sure if runtime bit is set, boot service bit is set also. */
+       if ((attributes &
+            (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) ==
+           EFI_VARIABLE_RUNTIME_ACCESS)
+               return EFI_INVALID_PARAMETER;
+
+       if (attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD)
+               return EFI_UNSUPPORTED;
+
+       if (attributes & ~(u32)EFI_VARIABLE_MASK)
+               return EFI_INVALID_PARAMETER;
+
         *maximum_variable_storage_size = EFI_VAR_BUF_SIZE -
                                          sizeof(struct efi_var_file);
         *remaining_variable_storage_size = efi_var_mem_free();
author	Masahisa Kojima <masahisa.kojima@linaro.org>
	Thu, 2 Feb 2023 13:53:35 +0000 (22:53 +0900)
committer	Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
	Fri, 10 Feb 2023 12:05:39 +0000 (13:05 +0100)
lib/efi_loader/efi_var_common.c		patch \| blob \| history
lib/efi_loader/efi_variable.c		patch \| blob \| history