From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 11 Aug 2025 13:01:09 +0000 (+0200)
Subject: hw/uefi: check access for first variable
X-Git-Tag: v10.1.0-rc4~2^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fc8ee8fe58ad410f27fca64e4ad212c5a3eabe00;p=thirdparty%2Fqemu.git

hw/uefi: check access for first variable

When listing variables (via get-next-variable-name) only the names of
variables which can be accessed will be returned.  That check was
missing for the first variable though.  Add it.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20250811130110.820958-3-kraxel@redhat.com>
---

diff --git a/hw/uefi/var-service-vars.c b/hw/uefi/var-service-vars.c
index cbeccdbd266..8533533ea5c 100644
--- a/hw/uefi/var-service-vars.c
+++ b/hw/uefi/var-service-vars.c
@@ -357,6 +357,9 @@ uefi_vars_mm_get_next_variable(uefi_vars_state *uv, mm_header *mhdr,
     if (uefi_strlen(name, nv->name_size) == 0) {
         /* empty string -> first */
         var = QTAILQ_FIRST(&uv->variables);
+        while (var && !check_access(uv, var)) {
+            var = QTAILQ_NEXT(var, next);
+        }
         if (!var) {
             return uefi_vars_mm_error(mhdr, mvar, EFI_NOT_FOUND);
         }