From: Sai Praneeth <sai.praneeth.prakhya@xxxxxxxxx>
UEFI v2.5 specification introduced a new configuration table called
EFI_PROPERTIES_TABLE. Currently it is only used to convey that UEFI
runtime code and data sections of the executable image are separate.
Patches ("x86/efi: Add support for EFI_MEMORY_RO attribute introduced
by UEFIv2.5") and ("x86/efi: Add support for UEFIv2.5 Properties table")
and ("x86/efi: Introduce EFI_NX_PE_DATA bit and set it from properties
table") have already added support for this feature and sets
EFI_NX_PE_DATA bit if this feature is detected. The following two
patches will update mappings of these runtime regions. Patch 1 is a
prerequisite which modifies kernel_map_pages_pgd (), so that we could
map regions as read/write or read-only. Patch 2 does the restrictive
mapping for runtime regions. EFI runtime code regions are mapped
read-only and EFI runtime data regions are mapped not executable.
Sai Praneeth (2):
x86/mm/pageattr: Don't implicitly allow _PAGE_RW in
kernel_map_pages_in_pgd()
x86/efi: Map EFI_MEMORY_{XP,RO} memory region bits to EFI page tables
arch/x86/include/asm/efi.h | 2 +-
arch/x86/mm/pageattr.c | 3 +++
arch/x86/platform/efi/efi.c | 9 +++++--
arch/x86/platform/efi/efi_64.c | 53 +++++++++++++++++++++++++++++++++++-------
4 files changed, 56 insertions(+), 11 deletions(-)
Cc: Borislav Petkov <bp@xxxxxxxxx>
Cc: Lee, Chun-Yi <jlee@xxxxxxxx>
Cc: Ricardo Neri <ricardo.neri@xxxxxxxxx>
Cc: Ravi Shankar <ravi.v.shankar@xxxxxxxxx>
Signed-off-by: Matt Fleming <matt@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Sai Praneeth Prakhya <sai.praneeth.prakhya@xxxxxxxxx>
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
