All of lore.kernel.org
 help / color / mirror / Atom feed
From: Hyunwoo Kim <imv4bel@gmail.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: linux-efi@vger.kernel.org, imv4bel@gmail.com
Subject: Re: [PATCH] efi/capsule-loader: Fix use-after-free in efi_capsule_write
Date: Wed, 7 Sep 2022 08:17:01 -0700	[thread overview]
Message-ID: <20220907151701.GA127727@ubuntu> (raw)
In-Reply-To: <20220907145426.GA127455@ubuntu>

On Wed, Sep 07, 2022 at 07:54:26AM -0700, Hyunwoo Kim wrote:
> efi_capsule_flush() seems to exist for the purpose of canceling uploads in the middle.
> 
> If buffer release is moved to .release, will there be any compatibility issues?

The way to submit capsules is to submit by calling write() multiple times by the user, 
rather than in a structure that processes the copy operation at once inside efi_capsule_write().
In other words, if you just call close() when you want to cancel upload, 
.release is automatically called after write() is finished, and upload is stopped.
So there is no need for .flush to exist.

So I think it would be ok to move the buffer free part to .release.

I'll submit you a v4 patch that moves the buffre free part to .release.

  reply	other threads:[~2022-09-07 15:17 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-26 10:32 [PATCH] efi/capsule-loader: Fix use-after-free in efi_capsule_write Hyunwoo Kim
2022-09-07  8:30 ` Ard Biesheuvel
2022-09-07 10:29   ` Hyunwoo Kim
2022-09-07 14:40     ` Ard Biesheuvel
2022-09-07 14:54       ` Hyunwoo Kim
2022-09-07 15:17         ` Hyunwoo Kim [this message]
2022-09-07 15:19           ` Ard Biesheuvel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220907151701.GA127727@ubuntu \
    --to=imv4bel@gmail.com \
    --cc=ardb@kernel.org \
    --cc=linux-efi@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.