On Fri, 26 Feb, at 03:20:35PM, Ard Biesheuvel wrote:
> Commit 2eec5dedf770 ("efi/arm-init: Use read-only early mappings")
> updated the early ARM UEFI init code to create the temporary, early
> mapping of the UEFI System table using read-only attributes, as a
> hardening measure against inadvertent modification.
>
> However, this still leaves the permanent, writable mapping of the UEFI
> System table, which is only ever referenced during invocations of UEFI
> Runtime Services, at which time the UEFI virtual mapping is available,
> which also covers the system table. (This is guaranteed by the fact that
> SetVirtualAddressMap(), which is a runtime service itself, converts
> various entries in the table to their virtual equivalents, which implies
> that the table must be covered by a RuntimeServicesData region that has
> the EFI_MEMORY_RUNTIME attribute.)
>
> So instead of creating this permanent mapping, record the virtual address
> of the system table inside the UEFI virtual mapping, and dereference that
> when accessing the table. This protects the contents of the system table
> from inadvertent (or deliberate) modification when no UEFI Runtime
> Services calls are in progress.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
> ---
> drivers/firmware/efi/arm-init.c | 2 ++
> drivers/firmware/efi/arm-runtime.c | 27 ++++++++++++++++-----------
> 2 files changed, 18 insertions(+), 11 deletions(-)
Looks like a nice cleanup. Applied.
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
