12 files changed, 383 insertions, 83 deletions
diff --git a/Documentation/filesystems/efivarfs.txt b/Documentation/filesystems/efivarfs.txt
index c477af086e65..686a64bba775 100644
--- a/Documentation/filesystems/efivarfs.txt
+++ b/Documentation/filesystems/efivarfs.txt
@@ -14,3 +14,10 @@ filesystem.
 efivarfs is typically mounted like this,
        mount -t efivarfs none /sys/firmware/efi/efivars
+Due to the presence of numerous firmware bugs where removing non-standard
+UEFI variables causes the system firmware to fail to POST, efivarfs
+files that are not well-known standardized variables are created
+as immutable files.  This doesn't prevent removal - "chattr -i" will work -
+but it does prevent this kind of failure from being accomplished
+accidentally.
diff --git a/drivers/firmware/efi/efivars.c b/drivers/firmware/efi/efivars.c
index 756eca8c4cf8..10e6774ab2a2 100644
--- a/drivers/firmware/efi/efivars.c
+++ b/drivers/firmware/efi/efivars.c
@@ -221,7 +221,7 @@ sanity_check(struct efi_variable *var, efi_char16_t *name, efi_guid_t vendor,
        }
        if ((attributes & ~EFI_VARIABLE_MASK) != 0 ||
-            efivar_validate(name, data, size) == false) {
+            efivar_validate(vendor, name, data, size) == false) {
                printk(KERN_ERR "efivars: Malformed variable content\n");
                return -EINVAL;
        }
@@ -447,7 +447,8 @@ static ssize_t efivar_create(struct file *filp, struct kobject *kobj,
        }
        if ((attributes & ~EFI_VARIABLE_MASK) != 0 ||
-            efivar_validate(name, data, size) == false) {
+            efivar_validate(new_var->VendorGuid, name, data,
+                            size) == false) {
                printk(KERN_ERR "efivars: Malformed variable content\n");
                return -EINVAL;
        }
@@ -540,38 +541,30 @@ static ssize_t efivar_delete(struct file *filp, struct kobject *kobj,
 static int
 efivar_create_sysfs_entry(struct efivar_entry *new_var)
 {
-        int i, short_name_size;
+        int short_name_size;
        char *short_name;
-        unsigned long variable_name_size;
+        unsigned long utf8_name_size;
-        efi_char16_t *variable_name;
+        efi_char16_t *variable_name = new_var->var.VariableName;
        int ret;
-        variable_name = new_var->var.VariableName;
-        variable_name_size = ucs2_strlen(variable_name) * sizeof(efi_char16_t);
        /*
-         * Length of the variable bytes in ASCII, plus the '-' separator,
+         * Length of the variable bytes in UTF8, plus the '-' separator,
         * plus the GUID, plus trailing NUL
         */
-        short_name_size = variable_name_size / sizeof(efi_char16_t)
+        utf8_name_size = ucs2_utf8size(variable_name);
-                                + 1 + EFI_VARIABLE_GUID_LEN + 1;
+        short_name_size = utf8_name_size + 1 + EFI_VARIABLE_GUID_LEN + 1;
-        short_name = kzalloc(short_name_size, GFP_KERNEL);
+        short_name = kmalloc(short_name_size, GFP_KERNEL);
        if (!short_name)
                return -ENOMEM;
-        /* Convert Unicode to normal chars (assume top bits are 0),
+        ucs2_as_utf8(short_name, variable_name, short_name_size);
-           ala UTF-8 */
-        for (i=0; i < (int)(variable_name_size / sizeof(efi_char16_t)); i++) {
-                short_name[i] = variable_name[i] & 0xFF;
-        }
        /* This is ugly, but necessary to separate one vendor's
           private variables from another's.         */
+        short_name[utf8_name_size] = '-';
-        *(short_name + strlen(short_name)) = '-';
        efi_guid_to_str(&new_var->var.VendorGuid,
-                         short_name + strlen(short_name));
+                         short_name + utf8_name_size + 1);
        new_var->kobj.kset = efivars_kset;
diff --git a/drivers/firmware/efi/vars.c b/drivers/firmware/efi/vars.c
index 70a0fb10517f..50f10bad2604 100644
--- a/drivers/firmware/efi/vars.c
+++ b/drivers/firmware/efi/vars.c
@@ -165,67 +165,132 @@ validate_ascii_string(efi_char16_t *var_name, int match, u8 *buffer,
 }
 struct variable_validate {
+        efi_guid_t vendor;
        char *name;
        bool (*validate)(efi_char16_t *var_name, int match, u8 *data,
                         unsigned long len);
 };
+/*
+ * This is the list of variables we need to validate, as well as the
+ * whitelist for what we think is safe not to default to immutable.
+ *
+ * If it has a validate() method that's not NULL, it'll go into the
+ * validation routine.  If not, it is assumed valid, but still used for
+ * whitelisting.
+ *
+ * Note that it's sorted by {vendor,name}, but globbed names must come after
+ * any other name with the same prefix.
+ */
 static const struct variable_validate variable_validate[] = {
-        { "BootNext", validate_uint16 },
+        { EFI_GLOBAL_VARIABLE_GUID, "BootNext", validate_uint16 },
-        { "BootOrder", validate_boot_order },
+        { EFI_GLOBAL_VARIABLE_GUID, "BootOrder", validate_boot_order },
-        { "DriverOrder", validate_boot_order },
+        { EFI_GLOBAL_VARIABLE_GUID, "Boot*", validate_load_option },
-        { "Boot*", validate_load_option },
+        { EFI_GLOBAL_VARIABLE_GUID, "DriverOrder", validate_boot_order },
-        { "Driver*", validate_load_option },
+        { EFI_GLOBAL_VARIABLE_GUID, "Driver*", validate_load_option },
-        { "ConIn", validate_device_path },
+        { EFI_GLOBAL_VARIABLE_GUID, "ConIn", validate_device_path },
-        { "ConInDev", validate_device_path },
+        { EFI_GLOBAL_VARIABLE_GUID, "ConInDev", validate_device_path },
-        { "ConOut", validate_device_path },
+        { EFI_GLOBAL_VARIABLE_GUID, "ConOut", validate_device_path },
-        { "ConOutDev", validate_device_path },
+        { EFI_GLOBAL_VARIABLE_GUID, "ConOutDev", validate_device_path },
-        { "ErrOut", validate_device_path },
+        { EFI_GLOBAL_VARIABLE_GUID, "ErrOut", validate_device_path },
-        { "ErrOutDev", validate_device_path },
+        { EFI_GLOBAL_VARIABLE_GUID, "ErrOutDev", validate_device_path },
-        { "Timeout", validate_uint16 },
+        { EFI_GLOBAL_VARIABLE_GUID, "Lang", validate_ascii_string },
-        { "Lang", validate_ascii_string },
+        { EFI_GLOBAL_VARIABLE_GUID, "OsIndications", NULL },
-        { "PlatformLang", validate_ascii_string },
+        { EFI_GLOBAL_VARIABLE_GUID, "PlatformLang", validate_ascii_string },
-        { "", NULL },
+        { EFI_GLOBAL_VARIABLE_GUID, "Timeout", validate_uint16 },
+        { NULL_GUID, "", NULL },
 };
+static bool
+variable_matches(const char *var_name, size_t len, const char *match_name,
+                 int *match)
+{
+        for (*match = 0; ; (*match)++) {
+                char c = match_name[*match];
+                char u = var_name[*match];
+                /* Wildcard in the matching name means we've matched */
+                if (c == '*')
+                        return true;
+                /* Case sensitive match */
+                if (!c && *match == len)
+                        return true;
+                if (c != u)
+                        return false;
+                if (!c)
+                        return true;
+        }
+        return true;
+}
 bool
-efivar_validate(efi_char16_t *var_name, u8 *data, unsigned long len)
+efivar_validate(efi_guid_t vendor, efi_char16_t *var_name, u8 *data,
+                unsigned long data_size)
 {
        int i;
-        u16 *unicode_name = var_name;
+        unsigned long utf8_size;
+        u8 *utf8_name;
-        for (i = 0; variable_validate[i].validate != NULL; i++) {
+        utf8_size = ucs2_utf8size(var_name);
-                const char *name = variable_validate[i].name;
+        utf8_name = kmalloc(utf8_size + 1, GFP_KERNEL);
-                int match;
+        if (!utf8_name)
+                return false;
-                for (match = 0; ; match++) {
+        ucs2_as_utf8(utf8_name, var_name, utf8_size);
-                        char c = name[match];
+        utf8_name[utf8_size] = '\0';
-                        u16 u = unicode_name[match];
-                        /* All special variables are plain ascii */
+        for (i = 0; variable_validate[i].name[0] != '\0'; i++) {
-                        if (u > 127)
+                const char *name = variable_validate[i].name;
-                                return true;
+                int match = 0;
-                        /* Wildcard in the matching name means we've matched */
+                if (efi_guidcmp(vendor, variable_validate[i].vendor))
-                        if (c == '*')
+                        continue;
-                                return variable_validate[i].validate(var_name,
-                                                             match, data, len);
-                        /* Case sensitive match */
+                if (variable_matches(utf8_name, utf8_size+1, name, &match)) {
-                        if (c != u)
+                        if (variable_validate[i].validate == NULL)
                                break;
+                        kfree(utf8_name);
-                        /* Reached the end of the string while matching */
+                        return variable_validate[i].validate(var_name, match,
-                        if (!c)
+                                                             data, data_size);
-                                return variable_validate[i].validate(var_name,
-                                                             match, data, len);
                }
        }
+        kfree(utf8_name);
        return true;
 }
 EXPORT_SYMBOL_GPL(efivar_validate);
+bool
+efivar_variable_is_removable(efi_guid_t vendor, const char *var_name,
+                             size_t len)
+{
+        int i;
+        bool found = false;
+        int match = 0;
+        /*
+         * Check if our variable is in the validated variables list
+         */
+        for (i = 0; variable_validate[i].name[0] != '\0'; i++) {
+                if (efi_guidcmp(variable_validate[i].vendor, vendor))
+                        continue;
+                if (variable_matches(var_name, len,
+                                     variable_validate[i].name, &match)) {
+                        found = true;
+                        break;
+                }
+        }
+        /*
+         * If it's in our list, it is removable.
+         */
+        return found;
+}
+EXPORT_SYMBOL_GPL(efivar_variable_is_removable);
 static efi_status_t
 check_var_size(u32 attributes, unsigned long size)
 {
@@ -852,7 +917,7 @@ int efivar_entry_set_get_size(struct efivar_entry *entry, u32 attributes,
        *set = false;
-        if (efivar_validate(name, data, *size) == false)
+        if (efivar_validate(*vendor, name, data, *size) == false)
                return -EINVAL;
        /*
diff --git a/fs/efivarfs/file.c b/fs/efivarfs/file.c
index c424e4813ec8..d48e0d261d78 100644
--- a/fs/efivarfs/file.c
+++ b/fs/efivarfs/file.c
@@ -10,6 +10,7 @@
 #include <linux/efi.h>
 #include <linux/fs.h>
 #include <linux/slab.h>
+#include <linux/mount.h>
 #include "internal.h"
@@ -103,9 +104,78 @@ out_free:
        return size;
 }
+static int
+efivarfs_ioc_getxflags(struct file *file, void __user *arg)
+{
+        struct inode *inode = file->f_mapping->host;
+        unsigned int i_flags;
+        unsigned int flags = 0;
+        i_flags = inode->i_flags;
+        if (i_flags & S_IMMUTABLE)
+                flags |= FS_IMMUTABLE_FL;
+        if (copy_to_user(arg, &flags, sizeof(flags)))
+                return -EFAULT;
+        return 0;
+}
+static int
+efivarfs_ioc_setxflags(struct file *file, void __user *arg)
+{
+        struct inode *inode = file->f_mapping->host;
+        unsigned int flags;
+        unsigned int i_flags = 0;
+        int error;
+        if (!inode_owner_or_capable(inode))
+                return -EACCES;
+        if (copy_from_user(&flags, arg, sizeof(flags)))
+                return -EFAULT;
+        if (flags & ~FS_IMMUTABLE_FL)
+                return -EOPNOTSUPP;
+        if (!capable(CAP_LINUX_IMMUTABLE))
+                return -EPERM;
+        if (flags & FS_IMMUTABLE_FL)
+                i_flags |= S_IMMUTABLE;
+        error = mnt_want_write_file(file);
+        if (error)
+                return error;
+        inode_lock(inode);
+        inode_set_flags(inode, i_flags, S_IMMUTABLE);
+        inode_unlock(inode);
+        mnt_drop_write_file(file);
+        return 0;
+}
+long
+efivarfs_file_ioctl(struct file *file, unsigned int cmd, unsigned long p)
+{
+        void __user *arg = (void __user *)p;
+        switch (cmd) {
+        case FS_IOC_GETFLAGS:
+                return efivarfs_ioc_getxflags(file, arg);
+        case FS_IOC_SETFLAGS:
+                return efivarfs_ioc_setxflags(file, arg);
+        }
+        return -ENOTTY;
+}
 const struct file_operations efivarfs_file_operations = {
        .open   = simple_open,
        .read   = efivarfs_file_read,
        .write  = efivarfs_file_write,
        .llseek = no_llseek,
+        .unlocked_ioctl = efivarfs_file_ioctl,
 };
diff --git a/fs/efivarfs/inode.c b/fs/efivarfs/inode.c
index 3381b9da9ee6..e2ab6d0497f2 100644
--- a/fs/efivarfs/inode.c
+++ b/fs/efivarfs/inode.c
@@ -15,7 +15,8 @@
 #include "internal.h"
 struct inode *efivarfs_get_inode(struct super_block *sb,
-                                const struct inode *dir, int mode, dev_t dev)
+                                const struct inode *dir, int mode,
+                                dev_t dev, bool is_removable)
 {
        struct inode *inode = new_inode(sb);
@@ -23,6 +24,7 @@ struct inode *efivarfs_get_inode(struct super_block *sb,
                inode->i_ino = get_next_ino();
                inode->i_mode = mode;
                inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
+                inode->i_flags = is_removable ? 0 : S_IMMUTABLE;
                switch (mode & S_IFMT) {
                case S_IFREG:
                        inode->i_fop = &efivarfs_file_operations;
@@ -102,22 +104,17 @@ static void efivarfs_hex_to_guid(const char *str, efi_guid_t *guid)
 static int efivarfs_create(struct inode *dir, struct dentry *dentry,
                          umode_t mode, bool excl)
 {
-        struct inode *inode;
+        struct inode *inode = NULL;
        struct efivar_entry *var;
        int namelen, i = 0, err = 0;
+        bool is_removable = false;
        if (!efivarfs_valid_name(dentry->d_name.name, dentry->d_name.len))
                return -EINVAL;
-        inode = efivarfs_get_inode(dir->i_sb, dir, mode, 0);
-        if (!inode)
-                return -ENOMEM;
        var = kzalloc(sizeof(struct efivar_entry), GFP_KERNEL);
-        if (!var) {
+        if (!var)
-                err = -ENOMEM;
+                return -ENOMEM;
-                goto out;
-        }
        /* length of the variable name itself: remove GUID and separator */
        namelen = dentry->d_name.len - EFI_VARIABLE_GUID_LEN - 1;
@@ -125,6 +122,16 @@ static int efivarfs_create(struct inode *dir, struct dentry *dentry,
        efivarfs_hex_to_guid(dentry->d_name.name + namelen + 1,
                        &var->var.VendorGuid);
+        if (efivar_variable_is_removable(var->var.VendorGuid,
+                                         dentry->d_name.name, namelen))
+                is_removable = true;
+        inode = efivarfs_get_inode(dir->i_sb, dir, mode, 0, is_removable);
+        if (!inode) {
+                err = -ENOMEM;
+                goto out;
+        }
        for (i = 0; i < namelen; i++)
                var->var.VariableName[i] = dentry->d_name.name[i];
@@ -138,7 +145,8 @@ static int efivarfs_create(struct inode *dir, struct dentry *dentry,
 out:
        if (err) {
                kfree(var);
-                iput(inode);
+                if (inode)
+                        iput(inode);
        }
        return err;
 }
diff --git a/fs/efivarfs/internal.h b/fs/efivarfs/internal.h
index b5ff16addb7c..b4505188e799 100644
--- a/fs/efivarfs/internal.h
+++ b/fs/efivarfs/internal.h
@@ -15,7 +15,8 @@ extern const struct file_operations efivarfs_file_operations;
 extern const struct inode_operations efivarfs_dir_inode_operations;
 extern bool efivarfs_valid_name(const char *str, int len);
 extern struct inode *efivarfs_get_inode(struct super_block *sb,
-                        const struct inode *dir, int mode, dev_t dev);
+                        const struct inode *dir, int mode, dev_t dev,
+                        bool is_removable);
 extern struct list_head efivarfs_list;
diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c
index b8a564f29107..dd029d13ea61 100644
--- a/fs/efivarfs/super.c
+++ b/fs/efivarfs/super.c
@@ -118,8 +118,9 @@ static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor,
        struct dentry *dentry, *root = sb->s_root;
        unsigned long size = 0;
        char *name;
-        int len, i;
+        int len;
        int err = -ENOMEM;
+        bool is_removable = false;
        entry = kzalloc(sizeof(*entry), GFP_KERNEL);
        if (!entry)
@@ -128,15 +129,17 @@ static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor,
        memcpy(entry->var.VariableName, name16, name_size);
        memcpy(&(entry->var.VendorGuid), &vendor, sizeof(efi_guid_t));
-        len = ucs2_strlen(entry->var.VariableName);
+        len = ucs2_utf8size(entry->var.VariableName);
        /* name, plus '-', plus GUID, plus NUL*/
        name = kmalloc(len + 1 + EFI_VARIABLE_GUID_LEN + 1, GFP_KERNEL);
        if (!name)
                goto fail;
-        for (i = 0; i < len; i++)
+        ucs2_as_utf8(name, entry->var.VariableName, len);
-                name[i] = entry->var.VariableName[i] & 0xFF;
+        if (efivar_variable_is_removable(entry->var.VendorGuid, name, len))
+                is_removable = true;
        name[len] = '-';
@@ -144,7 +147,8 @@ static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor,
        name[len + EFI_VARIABLE_GUID_LEN+1] = '\0';
-        inode = efivarfs_get_inode(sb, d_inode(root), S_IFREG | 0644, 0);
+        inode = efivarfs_get_inode(sb, d_inode(root), S_IFREG | 0644, 0,
+                                   is_removable);
        if (!inode)
                goto fail_name;
@@ -200,7 +204,7 @@ static int efivarfs_fill_super(struct super_block *sb, void *data, int silent)
        sb->s_d_op              = &efivarfs_d_ops;
        sb->s_time_gran         = 1;
-        inode = efivarfs_get_inode(sb, NULL, S_IFDIR | 0755, 0);
+        inode = efivarfs_get_inode(sb, NULL, S_IFDIR | 0755, 0, true);
        if (!inode)
                return -ENOMEM;
        inode->i_op = &efivarfs_dir_inode_operations;
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 569b5a866bb1..47be3ad7d3e5 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -1199,7 +1199,10 @@ int efivar_entry_iter(int (*func)(struct efivar_entry *, void *),
 struct efivar_entry *efivar_entry_find(efi_char16_t *name, efi_guid_t guid,
                                       struct list_head *head, bool remove);
-bool efivar_validate(efi_char16_t *var_name, u8 *data, unsigned long len);
+bool efivar_validate(efi_guid_t vendor, efi_char16_t *var_name, u8 *data,
+                     unsigned long data_size);
+bool efivar_variable_is_removable(efi_guid_t vendor, const char *name,
+                                  size_t len);
 extern struct work_struct efivar_work;
 void efivar_run_worker(void);
diff --git a/include/linux/ucs2_string.h b/include/linux/ucs2_string.h
index cbb20afdbc01..bb679b48f408 100644
--- a/include/linux/ucs2_string.h
+++ b/include/linux/ucs2_string.h
@@ -11,4 +11,8 @@ unsigned long ucs2_strlen(const ucs2_char_t *s);
 unsigned long ucs2_strsize(const ucs2_char_t *data, unsigned long maxlength);
 int ucs2_strncmp(const ucs2_char_t *a, const ucs2_char_t *b, size_t len);
+unsigned long ucs2_utf8size(const ucs2_char_t *src);
+unsigned long ucs2_as_utf8(u8 *dest, const ucs2_char_t *src,
+                           unsigned long maxlength);
 #endif /* _LINUX_UCS2_STRING_H_ */
diff --git a/lib/ucs2_string.c b/lib/ucs2_string.c
index 6f500ef2301d..17dd74e21ef9 100644
--- a/lib/ucs2_string.c
+++ b/lib/ucs2_string.c
@@ -49,3 +49,65 @@ ucs2_strncmp(const ucs2_char_t *a, const ucs2_char_t *b, size_t len)
        }
 }
 EXPORT_SYMBOL(ucs2_strncmp);
+unsigned long
+ucs2_utf8size(const ucs2_char_t *src)
+{
+        unsigned long i;
+        unsigned long j = 0;
+        for (i = 0; i < ucs2_strlen(src); i++) {
+                u16 c = src[i];
+                if (c > 0x800)
+                        j += 3;
+                else if (c > 0x80)
+                        j += 2;
+                else
+                        j += 1;
+        }
+        return j;
+}
+EXPORT_SYMBOL(ucs2_utf8size);
+/*
+ * copy at most maxlength bytes of whole utf8 characters to dest from the
+ * ucs2 string src.
+ *
+ * The return value is the number of characters copied, not including the
+ * final NUL character.
+ */
+unsigned long
+ucs2_as_utf8(u8 *dest, const ucs2_char_t *src, unsigned long maxlength)
+{
+        unsigned int i;
+        unsigned long j = 0;
+        unsigned long limit = ucs2_strnlen(src, maxlength);
+        for (i = 0; maxlength && i < limit; i++) {
+                u16 c = src[i];
+                if (c > 0x800) {
+                        if (maxlength < 3)
+                                break;
+                        maxlength -= 3;
+                        dest[j++] = 0xe0 | (c & 0xf000) >> 12;
+                        dest[j++] = 0x80 | (c & 0x0fc0) >> 8;
+                        dest[j++] = 0x80 | (c & 0x003f);
+                } else if (c > 0x80) {
+                        if (maxlength < 2)
+                                break;
+                        maxlength -= 2;
+                        dest[j++] = 0xc0 | (c & 0xfe0) >> 5;
+                        dest[j++] = 0x80 | (c & 0x01f);
+                } else {
+                        maxlength -= 1;
+                        dest[j++] = c & 0x7f;
+                }
+        }
+        if (maxlength)
+                dest[j] = '\0';
+        return j;
+}
+EXPORT_SYMBOL(ucs2_as_utf8);
diff --git a/tools/testing/selftests/efivarfs/efivarfs.sh b/tools/testing/selftests/efivarfs/efivarfs.sh
index 77edcdcc016b..057278448515 100755
--- a/tools/testing/selftests/efivarfs/efivarfs.sh
+++ b/tools/testing/selftests/efivarfs/efivarfs.sh
@@ -88,7 +88,11 @@ test_delete()
                exit 1
        fi
-        rm $file
+        rm $file 2>/dev/null
+        if [ $? -ne 0 ]; then
+                chattr -i $file
+                rm $file
+        fi
        if [ -e $file ]; then
                echo "$file couldn't be deleted" >&2
@@ -111,6 +115,7 @@ test_zero_size_delete()
                exit 1
        fi
+        chattr -i $file
        printf "$attrs" > $file
        if [ -e $file ]; then
@@ -141,7 +146,11 @@ test_valid_filenames()
                        echo "$file could not be created" >&2
                        ret=1
                else
-                        rm $file
+                        rm $file 2>/dev/null
+                        if [ $? -ne 0 ]; then
+                                chattr -i $file
+                                rm $file
+                        fi
                fi
        done
@@ -174,7 +183,11 @@ test_invalid_filenames()
                if [ -e $file ]; then
                        echo "Creating $file should have failed" >&2
-                        rm $file
+                        rm $file 2>/dev/null
+                        if [ $? -ne 0 ]; then
+                                chattr -i $file
+                                rm $file
+                        fi
                        ret=1
                fi
        done
diff --git a/tools/testing/selftests/efivarfs/open-unlink.c b/tools/testing/selftests/efivarfs/open-unlink.c
index 8c0764407b3c..4af74f733036 100644
--- a/tools/testing/selftests/efivarfs/open-unlink.c
+++ b/tools/testing/selftests/efivarfs/open-unlink.c
@@ -1,10 +1,68 @@
+#include <errno.h>
 #include <stdio.h>
 #include <stdint.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <sys/ioctl.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+#include <linux/fs.h>
+static int set_immutable(const char *path, int immutable)
+{
+        unsigned int flags;
+        int fd;
+        int rc;
+        int error;
+        fd = open(path, O_RDONLY);
+        if (fd < 0)
+                return fd;
+        rc = ioctl(fd, FS_IOC_GETFLAGS, &flags);
+        if (rc < 0) {
+                error = errno;
+                close(fd);
+                errno = error;
+                return rc;
+        }
+        if (immutable)
+                flags |= FS_IMMUTABLE_FL;
+        else
+                flags &= ~FS_IMMUTABLE_FL;
+        rc = ioctl(fd, FS_IOC_SETFLAGS, &flags);
+        error = errno;
+        close(fd);
+        errno = error;
+        return rc;
+}
+static int get_immutable(const char *path)
+{
+        unsigned int flags;
+        int fd;
+        int rc;
+        int error;
+        fd = open(path, O_RDONLY);
+        if (fd < 0)
+                return fd;
+        rc = ioctl(fd, FS_IOC_GETFLAGS, &flags);
+        if (rc < 0) {
+                error = errno;
+                close(fd);
+                errno = error;
+                return rc;
+        }
+        close(fd);
+        if (flags & FS_IMMUTABLE_FL)
+                return 1;
+        return 0;
+}
 int main(int argc, char **argv)
 {
@@ -27,7 +85,7 @@ int main(int argc, char **argv)
        buf[4] = 0;
        /* create a test variable */
-        fd = open(path, O_WRONLY | O_CREAT);
+        fd = open(path, O_WRONLY | O_CREAT, 0600);
        if (fd < 0) {
                perror("open(O_WRONLY)");
                return EXIT_FAILURE;
@@ -41,6 +99,18 @@ int main(int argc, char **argv)
        close(fd);
+        rc = get_immutable(path);
+        if (rc < 0) {
+                perror("ioctl(FS_IOC_GETFLAGS)");
+                return EXIT_FAILURE;
+        } else if (rc) {
+                rc = set_immutable(path, 0);
+                if (rc < 0) {
+                        perror("ioctl(FS_IOC_SETFLAGS)");
+                        return EXIT_FAILURE;
+                }
+        }
        fd = open(path, O_RDONLY);
        if (fd < 0) {
                perror("open");