Two EFI fixes:

- Prevent a race and buffer overflow in the sysfs efivars interface which
    causes kernel memory corruption.
 
  - Add the missing NULL pointer checks in efivar_store_raw()
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCgAxFiEEQp8+kY+LLUocC4bMphj1TA10mKEFAl5uPtwTHHRnbHhAbGlu
 dXRyb25peC5kZQAKCRCmGPVMDXSYoU7CEAC7TN816o0o2EUokeThTnzEN1YljTNd
 zxL9Kin+a8PnVGM2KsJJNGN3vVErdzIqPrpiNRvVvV5PVBmXVkJiMQAFqBeP5Lu1
 h+69W5pGPVPun3EUnIKvTgrBkHU5F2GsDrUjaERZdP/ukeIpYf1oAmY7yMMRNSiI
 0ApjU5uhcuuLJHKUQ9xEz/QLNunbDW7j8tJy0jEsFKYixTsH2Gp4hiWWKONbPqhe
 K3Gs81NErIMz6iVsQmGEMKOqWo2TLtR3tIykGtj89fohauDwNvlmCOyV1l+ILdZd
 +SQhnM/yEimLfjV/QVyu/OxFFk9mK7iLQx7ADAtssMyz0z3vs9OyJqwicwjectl/
 70Ye9u+M4YzkgXYiUNJlXeRorhpZd6mpcj4lo5FrE42ydgd6Gmc2wNLT5P8bwO6T
 bMWPCdl/+9v3NofCFr1JCTHHtW6qgdEF1ehkW/P8NkxEQKvtMp5IV3M2DnR1TAxh
 oflf+nnA//daxc6RKzn5k0bMbQreXnBpQCjFIi9heenyDu14VO6Vok2EmqR6aZMF
 6pIqdOqv+m/xxJGFWLjYiZO5zMNcrEsd0ypNXmXXxDauDb/JZlkE88SfiUJaOpFd
 hmh7nYRjCXkO3/JHSugIyN4xnYuUgAgIJGnloRfATppfd+rkB/u5mf29jl54edRK
 +lhkYCvWP+cACQ==
 =BzA6
 -----END PGP SIGNATURE-----

Merge tag 'efi-urgent-2020-03-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull EFI fixes from Thomas Gleixner:
 "Two EFI fixes:

   - Prevent a race and buffer overflow in the sysfs efivars interface
     which causes kernel memory corruption.

   - Add the missing NULL pointer checks in efivar_store_raw()"

* tag 'efi-urgent-2020-03-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  efi: Add a sanity check to efivar_store_raw()
  efi: Fix a race and a buffer overflow while reading efivars via sysfs

drivers/firmware/efi/efivars.c

@@ -83,13 +83,16 @@ static ssize_t
 efivar_attr_read(struct efivar_entry *entry, char *buf)
 {
 	struct efi_variable *var = &entry->var;
+	unsigned long size = sizeof(var->Data);
 	char *str = buf;
+	int ret;
 
 	if (!entry || !buf)
 		return -EINVAL;
 
-	var->DataSize = 1024;
-	if (efivar_entry_get(entry, &var->Attributes, &var->DataSize, var->Data))
+	ret = efivar_entry_get(entry, &var->Attributes, &size, var->Data);
+	var->DataSize = size;
+	if (ret)
 		return -EIO;
 
 	if (var->Attributes & EFI_VARIABLE_NON_VOLATILE)
@@ -116,13 +119,16 @@ static ssize_t
 efivar_size_read(struct efivar_entry *entry, char *buf)
 {
 	struct efi_variable *var = &entry->var;
+	unsigned long size = sizeof(var->Data);
 	char *str = buf;
+	int ret;
 
 	if (!entry || !buf)
 		return -EINVAL;
 
-	var->DataSize = 1024;
-	if (efivar_entry_get(entry, &var->Attributes, &var->DataSize, var->Data))
+	ret = efivar_entry_get(entry, &var->Attributes, &size, var->Data);
+	var->DataSize = size;
+	if (ret)
 		return -EIO;
 
 	str += sprintf(str, "0x%lx\n", var->DataSize);
@@ -133,12 +139,15 @@ static ssize_t
 efivar_data_read(struct efivar_entry *entry, char *buf)
 {
 	struct efi_variable *var = &entry->var;
+	unsigned long size = sizeof(var->Data);
+	int ret;
 
 	if (!entry || !buf)
 		return -EINVAL;
 
-	var->DataSize = 1024;
-	if (efivar_entry_get(entry, &var->Attributes, &var->DataSize, var->Data))
+	ret = efivar_entry_get(entry, &var->Attributes, &size, var->Data);
+	var->DataSize = size;
+	if (ret)
 		return -EIO;
 
 	memcpy(buf, var->Data, var->DataSize);
@@ -199,6 +208,9 @@ efivar_store_raw(struct efivar_entry *entry, const char *buf, size_t count)
 	u8 *data;
 	int err;
 
+	if (!entry || !buf)
+		return -EINVAL;
+
 	if (in_compat_syscall()) {
 		struct compat_efi_variable *compat;
 
@@ -250,14 +262,16 @@ efivar_show_raw(struct efivar_entry *entry, char *buf)
 {
 	struct efi_variable *var = &entry->var;
 	struct compat_efi_variable *compat;
+	unsigned long datasize = sizeof(var->Data);
 	size_t size;
+	int ret;
 
 	if (!entry || !buf)
 		return 0;
 
-	var->DataSize = 1024;
-	if (efivar_entry_get(entry, &entry->var.Attributes,
-			     &entry->var.DataSize, entry->var.Data))
+	ret = efivar_entry_get(entry, &var->Attributes, &datasize, var->Data);
+	var->DataSize = datasize;
+	if (ret)
 		return -EIO;
 
 	if (in_compat_syscall()) {