[PATCH 0/5] Miscellaneous updates

[Ricardo Neri]

Hi!

I am submitting this patch series for your consideration. The series can be
split as follows:

A) Fix illegal access to the user space from the kernel. The first two patches
   of the series modify the manner in which the efi_runtime module reads
   user space memory. The approach followed is to perform deep copies of the
   userspace structures rather than dereferencing members of structure that
   lie in the user space. Additionally, the utility function to determine
   the string length is updated for the same reason. This updates are relevant
   now as we will start to see platforms that are able to detect this kind
   of illegal accesses; such as the Supervisor-Mode Access Prevention in 
   Intel processors.
   
B) The last three patches deal with the get_nextvariable functionality. Patch 3
   fixes a potential write beyond the borders of a userspace buffer. Patch 4
   limits the buffer for the variable name passed to the firmware. This patch
   is interesting in the sense that it may cause getnextvariable_test4 to fail
   in some firmware. Such firmware incorrectly looks for '\0' in the variable
   name without even checking the size of the buffer. Patch 4 intends to unmask
   this type of bugs. Finally Patch 5 removes the limitation of variable name
   lengths of 1024 characters, as nothing in the UEFI spec enforces such 
   limitation.
   
Thanks and BR,
Ricardo

Ricardo Neri (5):
  efi_runtime: do not dereference userspace pointers from strings
  efi_runtime: do not access userspace addresses directly
  efi_runtime: limit the amount of data copied to userspace
  efi_runtime: get_nextvariable: copy only the needed name bytes
  uefirtvariable: allow large sizes for variable names

 efi_runtime/efi_runtime.c                | 149 +++++++++++++++++++------------
 src/uefi/uefirtvariable/uefirtvariable.c | 109 +++++++++++++++++++---
 2 files changed, 190 insertions(+), 68 deletions(-)

-- 
1.9.1