Merge tag 'uefi-20250812-pull-request' of https://gitlab.com/kraxel/qemu into staging

hw/uefi: last-minute bug fixes for the uefi variable store [for 10.1]

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmibENYACgkQTLbY7tPo
# cTi2vQ/9FlAPZTZ/z/D5dfDHLhB06esVe6qd7LuI7rV3/6bUB+g+LYwoJI40SVMq
# Q5YDsQGX0muhzsE343XYMXIcz8yxUEvALpvFVW6e5pg92Q2g1aeHeJaxsaiPdbo2
# gG9WU3paCOQzRK488fUe8ed6Gkqmu6SLDwuAtQ5D9UXZ7qCSfy2Rr8/Li9Qs5JCJ
# StLccRvK6G72S+ESYDo/O1Q1P0CdpgJXuOV+75NdYZn4e7G0GUXN52l1U3fH0JZZ
# sSqoo4TgMjrchEhE4YrXNm/UFrhLpn+uv1Xhyv6UuLpLLWlSU/5EeARS7mGjMGbp
# z3Np11LrqtbB9fxxrxf75OLzya2aKBVUlmuh/HCP1wLNx7kxYpT4yyjsywXkksQ3
# TV2dMknDHm0JRf/i2DJuS6bDZlbehfu+1KkR25+0h/QSd2tK9Ct/ZxO59QcR02Kt
# ecvSzRfFG8+jTVorwVguftDyRe4b/qpFn4X7KujlkKvLiOA4lZ8NZsIFi0x2FGeA
# efdLRVEaDRJBmblcykPR+NYAyxcwGdHYerOsbf/vnRlCAsNQw1oofqTSU6qxnjnH
# hDF+fGBVQ2drjTfb5aFdLpQ4Fq9yD+x9fdpshT8IzqIdsJDKrlPYZK4ueSBF4A3V
# 32N2ZumxH17bvE44WkclJ0aog25M2+dgs5OJvqjcYY5VllEMTis=
# =Ntwr
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 12 Aug 2025 06:00:54 EDT
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* tag 'uefi-20250812-pull-request' of https://gitlab.com/kraxel/qemu:
  hw/uefi: open json file in binary mode
  hw/uefi: check access for first variable
  hw/uefi: return success for notifications
  hw/uefi: clear uefi-vars buffer in uefi_vars_write callback

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

3 files changed, 8 insertions, 3 deletions

diff --git a/hw/uefi/var-service-core.c b/hw/uefi/var-service-core.c
index feec5a5958..6ab8df091a 100644
--- a/hw/uefi/var-service-core.c
+++ b/hw/uefi/var-service-core.c
@@ -259,8 +259,8 @@ static void uefi_vars_write(void *opaque, hwaddr addr, uint64_t val, unsigned si
         uv->buf_size = val;
         g_free(uv->buffer);
         g_free(uv->pio_xfer_buffer);
-        uv->buffer = g_malloc(uv->buf_size);
-        uv->pio_xfer_buffer = g_malloc(uv->buf_size);
+        uv->buffer = g_malloc0(uv->buf_size);
+        uv->pio_xfer_buffer = g_malloc0(uv->buf_size);
         break;
     case UEFI_VARS_REG_DMA_BUFFER_ADDR_LO:
         uv->buf_addr_lo = val;
diff --git a/hw/uefi/var-service-json.c b/hw/uefi/var-service-json.c
index ad3462cd15..f5f1556833 100644
--- a/hw/uefi/var-service-json.c
+++ b/hw/uefi/var-service-json.c
@@ -172,7 +172,7 @@ static GString *uefi_vars_to_json(uefi_vars_state *uv)
 void uefi_vars_json_init(uefi_vars_state *uv, Error **errp)
 {
     if (uv->jsonfile) {
-        uv->jsonfd = qemu_create(uv->jsonfile, O_RDWR, 0666, errp);
+        uv->jsonfd = qemu_create(uv->jsonfile, O_RDWR | O_BINARY, 0666, errp);
     }
 }
 
diff --git a/hw/uefi/var-service-vars.c b/hw/uefi/var-service-vars.c
index 37d05b71cf..8533533ea5 100644
--- a/hw/uefi/var-service-vars.c
+++ b/hw/uefi/var-service-vars.c
@@ -357,6 +357,9 @@ uefi_vars_mm_get_next_variable(uefi_vars_state *uv, mm_header *mhdr,
     if (uefi_strlen(name, nv->name_size) == 0) {
         /* empty string -> first */
         var = QTAILQ_FIRST(&uv->variables);
+        while (var && !check_access(uv, var)) {
+            var = QTAILQ_NEXT(var, next);
+        }
         if (!var) {
             return uefi_vars_mm_error(mhdr, mvar, EFI_NOT_FOUND);
         }
@@ -702,12 +705,14 @@ uint32_t uefi_vars_mm_vars_proto(uefi_vars_state *uv)
     case SMM_VARIABLE_FUNCTION_READY_TO_BOOT:
         trace_uefi_event("ready-to-boot");
         uv->ready_to_boot = true;
+        mvar->status = EFI_SUCCESS;
         length = 0;
         break;
 
     case SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE:
         trace_uefi_event("exit-boot-service");
         uv->exit_boot_service = true;
+        mvar->status = EFI_SUCCESS;
         length = 0;
         break;