On Fri, 29 Jan, at 05:04:40PM, Sai Praneeth Prakhya wrote: > From: Sai Praneeth <sai.praneeth.prakhya@xxxxxxxxx> > > Now that we have EFI memory region bits that indicate which regions do > not need execute permission or read/write permission in the page tables, > let's use them. > > We also check for EFI_NX_PE_DATA and only enforce the restrictive > mappings if it's present (to allow us to ignore buggy firmware that sets > bits it didn't mean to and to preserve backwards compatibility). > > Instead of assuming that firmware would set appropriate attributes in > memory descriptor like EFI_MEMORY_RO for code and EFI_MEMORY_XP for > data, we can expect some firmware out there which might only set *type* > in memory descriptor to be EFI_RUNTIME_SERVICES_CODE or > EFI_RUNTIME_SERVICES_DATA leaving away attribute. This will lead to > improper mappings of EFI runtime regions. In order to avoid it, we check > attribute and type of memory descriptor to update mappings and moreover > Windows works this way. > > Cc: Borislav Petkov <bp@xxxxxxxxx> > Cc: Lee, Chun-Yi <jlee@xxxxxxxx> > Cc: Ricardo Neri <ricardo.neri@xxxxxxxxx> > Cc: Ravi Shankar <ravi.v.shankar@xxxxxxxxx> > Signed-off-by: Matt Fleming <matt@xxxxxxxxxxxxxxxxxxx> > Signed-off-by: Sai Praneeth Prakhya <sai.praneeth.prakhya@xxxxxxxxx> > --- > arch/x86/include/asm/efi.h | 2 +- > arch/x86/platform/efi/efi.c | 9 +++++++-- > arch/x86/platform/efi/efi_64.c | 45 ++++++++++++++++++++++++++++++++++++++---- > 3 files changed, 49 insertions(+), 7 deletions(-) Applied. -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
