From 99ac3d584e47db92bcfa8d0c48d942d0abad9fc6 Mon Sep 17 00:00:00 2001
From: emaste <emaste@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Tue, 28 Jul 2015 13:11:31 +0000
Subject: [PATCH] MFS r285951: Avoid creating invalid UEFI device path

The UEFI loader on the 10.1 release install disk (disc1) modifies an
existing EFI_DEVICE_PATH_PROTOCOL instance in an apparent attempt to
truncate the device path.  In doing so it creates an invalid device
path.

Perform the equivalent action without modification of structures
allocated by firmware.

PR:		197641
Submitted by:	Chris Ruffin <chris.ruffin at intel.com>
Approved by:	re (gjb)


git-svn-id: https://svn.freebsd.org/base/releng/10.2@285956 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 sys/boot/efi/libefi/efipart.c | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/sys/boot/efi/libefi/efipart.c b/sys/boot/efi/libefi/efipart.c
index 13dc0ac17..0831a98d6 100644
--- a/sys/boot/efi/libefi/efipart.c
+++ b/sys/boot/efi/libefi/efipart.c
@@ -63,13 +63,14 @@ static int
 efipart_init(void) 
 {
 	EFI_BLOCK_IO *blkio;
-	EFI_DEVICE_PATH *devpath, *node;
+	EFI_DEVICE_PATH *devpath, *devpathcpy, *tmpdevpath, *node;
 	EFI_HANDLE *hin, *hout, *aliases, handle;
 	EFI_STATUS status;
 	UINTN sz;
 	CHAR16 *path;
 	u_int n, nin, nout;
 	int err;
+	size_t devpathlen;
 
 	sz = 0;
 	hin = NULL;
@@ -98,9 +99,15 @@ efipart_init(void)
 		if (EFI_ERROR(status)) {
 			continue;
 		}
+
 		node = devpath;
-		while (!IsDevicePathEnd(NextDevicePathNode(node)))
+		devpathlen = DevicePathNodeLength(node);
+		while (!IsDevicePathEnd(NextDevicePathNode(node))) {
 			node = NextDevicePathNode(node);
+			devpathlen += DevicePathNodeLength(node);
+		}
+		devpathlen += DevicePathNodeLength(NextDevicePathNode(node));
+
 		status = BS->HandleProtocol(hin[n], &blkio_guid,
 		    (void**)&blkio);
 		if (EFI_ERROR(status))
@@ -117,10 +124,16 @@ efipart_init(void)
 		 */
 		if (DevicePathType(node) == MEDIA_DEVICE_PATH &&
 		    DevicePathSubType(node) == MEDIA_CDROM_DP) {
-			node->Type = END_DEVICE_PATH_TYPE;
-			node->SubType = END_ENTIRE_DEVICE_PATH_SUBTYPE;
-			status = BS->LocateDevicePath(&blkio_guid, &devpath,
+			devpathcpy = malloc(devpathlen);
+			memcpy(devpathcpy, devpath, devpathlen);
+			node = devpathcpy;
+			while (!IsDevicePathEnd(NextDevicePathNode(node)))
+				node = NextDevicePathNode(node);
+			SetDevicePathEndNode(node);
+			tmpdevpath = devpathcpy;
+			status = BS->LocateDevicePath(&blkio_guid, &tmpdevpath,
 			    &handle);
+			free(devpathcpy);
 			if (EFI_ERROR(status))
 				continue;
 			hout[nout] = handle;
-- 
2.45.2