On Tue, 12 Nov 2024 at 19:53, Nicolas Saenz Julienne <nsaenz@xxxxxxxxxx> wrote:
>
> Kexec bypasses EFI's switch to virtual mode. In exchange, it has its own
> routine, kexec_enter_virtual_mode(), which replays the mappings made by
> the original kernel. Unfortunately, that function fails to reinstate
> EFI's memory attributes, which would've otherwise been set after
> entering virtual mode. Remediate this by calling
> efi_runtime_update_mappings() within kexec's routine.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: 18141e89a76c ("x86/efi: Add support for EFI_MEMORY_ATTRIBUTES_TABLE")
> Signed-off-by: Nicolas Saenz Julienne <nsaenz@xxxxxxxxxx>
>
> ---
>
> Notes:
> - Tested with QEMU/OVMF.
>
I'll queue these up, but I am going drop the cc stable: the memory
attributes table is an overlay of the EFI memory map with restricted
permissions for EFI runtime services regions, which are only mapped
while a EFI runtime call is in progress.
So if the table is not taken into account after kexec, the runtime
code and data mappings will all be RWX but I think this is a situation
we can live with. If nothing breaks, we can always revisit this later
if there is an actual need.
Thanks,
> arch/x86/platform/efi/efi.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
> index 375ebd78296a..a7ff189421c3 100644
> --- a/arch/x86/platform/efi/efi.c
> +++ b/arch/x86/platform/efi/efi.c
> @@ -765,6 +765,7 @@ static void __init kexec_enter_virtual_mode(void)
>
> efi_sync_low_kernel_mappings();
> efi_native_runtime_setup();
> + efi_runtime_update_mappings();
> #endif
> }
>
> --
> 2.40.1
>
