On Wed, 21 Oct, at 11:46:53AM, Andy Lutomirski wrote: > > If the UEFI stuff is mapped in its own PGD entry, we could just RO > that entire PGD entry everywhere except the UEFI pgd (and make sure to > clear G so that the TLB entries get zapped). What would be the benefit of making it RO as opposed to not having it mapped at all? The mappings only exist in the trampoline_pgd right now for x86 which minimizes the potentially vulnerable code paths to the EFI runtime calls and the suspend/resume code. -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
