On Fri, Oct 24, 2014 at 2:53 PM, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> wrote: > On 24 October 2014 15:41, Grant Likely <grant.likely@xxxxxxxxxx> wrote: >> On Fri, Oct 24, 2014 at 1:39 PM, Ard Biesheuvel >> <ard.biesheuvel@xxxxxxxxxx> wrote: >>> Now that we have moved the call to SetVirtualAddressMap() to the stub, >>> UEFI has no use for the ID map, so we can drop the code that installs >>> ID mappings for UEFI memory regions. >>> >>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> >> >> I have to say, this series makes me happy. :-) >> >> This method will go a long way to catching UEFI implementations that >> do incorrect things after exitbootservices is called. I'm assuming >> that any attempt to access a region that boot services has not >> requested will get trapped by the kernel, correct? >> > > If we really want to catch firmware problems, we should probably wipe > all boot services regions between the calls to ExitBootServices() and > SetVirtualAddressMap(). Mark Salter's original approach here was > fairly cautious here, i.e., reserving boot services regions until > after the call to SetVirtualAddressMap(), but there is no point in > doing that for kexec, that's why I removed it. I quite like that idea. Let's do that and see if anyone screams in agony. g. -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
