mjg59 · February 1, 2016 03:46
diff --git a/gistfile1.txt b/gistfile1.txt
 commit 3f5e3bdbb45bc2cd9ae95972420eb11b0340f120
 Author: Matthew Garrett <[email protected]>
 Date:   Mon Feb 1 13:31:00 2016 +1100

    Block most UEFI variable deletions
    
    Some systems appear to become upset if certain UEFI non-volatile variables
    are delted, to the point of no longer POSTing successfully. For a short-term
    fix, let's just block deletion of most variables while we figure out a
    better approach.
    
    Signed-off-by: Matthew Garrett <[email protected]>

 diff --git a/drivers/firmware/efi/vars.c b/drivers/firmware/efi/vars.c
 index 70a0fb1..77b4327 100644
 --- a/drivers/firmware/efi/vars.c
 +++ b/drivers/firmware/efi/vars.c
 @@ -532,6 +532,37 @@ int efivar_entry_delete(struct efivar_entry *entry)
 {
        const struct efivar_operations *ops = __efivars->ops;
        efi_status_t status;
 +       efi_guid_t global_variable_guid = EFI_GLOBAL_VARIABLE_GUID;
 +       int i;
 +       u16 *unicode_name = entry->var.VariableName;
 +
 +       /* Block deletion of any non-spec variables */
 +       if (memcmp(&global_variable_guid, &entry->var.VendorGuid,
 +                  sizeof(efi_guid_t)) != 0)
 +               return -EPERM;
 +
 +       /*
 +        * Don't permit deletion of the majority of spec-defined variables.
 +        * We just re-use the list of variables that we have validation code
 +        * for - wildcards are ignored in this case, so deleting boot and
 +        * device entries is still permitted.
 +        */
 +       for (i = 0; variable_validate[i].validate != NULL; i++) {
 +               const char *name = variable_validate[i].name;
 +               int match;
 +
 +               for (match = 0; ; match++) {
 +                       char c = name[match];
 +                       u16 u = unicode_name[match];
 +
 +                       if (c != u)
 +                               break;
 +
 +                       /* Reached the end of the string while matching */
 +                       if (!c && !u)
 +                               return -EPERM;
 +               }
 +       }
 
        spin_lock_irq(&__efivars->lock);
        status = ops->set_variable(entry->var.VariableName,
	commit 3f5e3bdbb45bc2cd9ae95972420eb11b0340f120
	Author: Matthew Garrett <[email protected]>
	Date: Mon Feb 1 13:31:00 2016 +1100

	Block most UEFI variable deletions

	Some systems appear to become upset if certain UEFI non-volatile variables
	are delted, to the point of no longer POSTing successfully. For a short-term
	fix, let's just block deletion of most variables while we figure out a
	better approach.

	Signed-off-by: Matthew Garrett <[email protected]>

	diff --git a/drivers/firmware/efi/vars.c b/drivers/firmware/efi/vars.c
	index 70a0fb1..77b4327 100644
	--- a/drivers/firmware/efi/vars.c
	+++ b/drivers/firmware/efi/vars.c
	@@ -532,6 +532,37 @@ int efivar_entry_delete(struct efivar_entry *entry)
	{
	const struct efivar_operations *ops = __efivars->ops;
	efi_status_t status;
	+ efi_guid_t global_variable_guid = EFI_GLOBAL_VARIABLE_GUID;
	+ int i;
	+ u16 *unicode_name = entry->var.VariableName;
	+
	+ /* Block deletion of any non-spec variables */
	+ if (memcmp(&global_variable_guid, &entry->var.VendorGuid,
	+ sizeof(efi_guid_t)) != 0)
	+ return -EPERM;
	+
	+ /*
	+ * Don't permit deletion of the majority of spec-defined variables.
	+ * We just re-use the list of variables that we have validation code
	+ * for - wildcards are ignored in this case, so deleting boot and
	+ * device entries is still permitted.
	+ */
	+ for (i = 0; variable_validate[i].validate != NULL; i++) {
	+ const char *name = variable_validate[i].name;
	+ int match;
	+
	+ for (match = 0; ; match++) {
	+ char c = name[match];
	+ u16 u = unicode_name[match];
	+
	+ if (c != u)
	+ break;
	+
	+ /* Reached the end of the string while matching */
	+ if (!c && !u)
	+ return -EPERM;
	+ }
	+ }

	spin_lock_irq(&__efivars->lock);
	status = ops->set_variable(entry->var.VariableName,