git.fsl.cs.sunysb.edu Git - wrapfs-4.13.y.git/commit

author	Dan Williams <dan.j.williams@intel.com>
	Tue, 15 Jan 2019 18:47:00 +0000 (10:47 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 23 Mar 2019 19:11:14 +0000 (20:11 +0100)
commit	dd40489f675180171f5c14929c8424e09b68b75a
tree	e8bb8dc17cd2af32dd4461f48c860121926e26a7	tree \| snapshot
parent	5fa9cb709adc46b52c25a45d919563b02c8fca6e	commit \| diff

libnvdimm/label: Clear 'updating' flag after label-set update

commit 966d23a006ca7b44ac8cf4d0c96b19785e0c3da0 upstream.

The UEFI 2.7 specification sets expectations that the 'updating' flag is
eventually cleared. To date, the libnvdimm core has never adhered to
that protocol. The policy of the core matches the policy of other
multi-device info-block formats like MD-Software-RAID that expect
administrator intervention on inconsistent info-blocks, not automatic
invalidation.

However, some pre-boot environments may unfortunately attempt to "clean
up" the labels and invalidate a set when it fails to find at least one
"non-updating" label in the set. Clear the updating flag after set
updates to minimize the window of vulnerability to aggressive pre-boot
environments.

Ideally implementations would not write to the label area outside of
creating namespaces.

Note that this only minimizes the window, it does not close it as the
system can still crash while clearing the flag and the set can be
subsequently deleted / invalidated by the pre-boot environment.

Fixes: f524bf271a5c ("libnvdimm: write pmem label set")
Cc: <stable@vger.kernel.org>
Cc: Kelly Couch <kelly.j.couch@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>