1. Patchew
  2. QEMU
  3. [Stable-10.0.8 v2 00/85] Patch Round-up for stable 10.0.8, freeze on 2026-02-10 (frozen)
  4. View patch

[Stable-10.0.8 71/85] hw/uefi: fix size negotiation

Michael Tokarev posted 85 patches 18 hours ago
Only 16 patches received!
[Stable-10.0.8 71/85] hw/uefi: fix size negotiation
Posted by Michael Tokarev 18 hours ago 
From: Gerd Hoffmann <kraxel@redhat.com>

Payload size is the variable request size, not the total buffer size.
Take that into account and subtract header sizes.

Fixes: db1ecfb473ac ("hw/uefi: add var-service-vars.c")
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20260114104745.3465860-1-kraxel@redhat.com>
(cherry picked from commit 46dee71a945d50639586ca3365be29aa9f368bfd)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/uefi/var-service-vars.c b/hw/uefi/var-service-vars.c
index e382fb2813..27421c6e2d 100644
--- a/hw/uefi/var-service-vars.c
+++ b/hw/uefi/var-service-vars.c
@@ -592,7 +592,7 @@ uefi_vars_mm_get_payload_size(uefi_vars_state *uv, mm_header *mhdr,
         return uefi_vars_mm_error(mhdr, mvar, EFI_BAD_BUFFER_SIZE);
     }
 
-    ps->payload_size = uv->buf_size;
+    ps->payload_size = uv->buf_size - sizeof(*mhdr) - sizeof(*mvar);
     mvar->status = EFI_SUCCESS;
     return length;
 }
-- 
2.47.3

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.