Patch "efi/libstub: zboot: Mark zboot EFI application as NX compatible" has been added to the 6.2-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    efi/libstub: zboot: Mark zboot EFI application as NX compatible

to the 6.2-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     efi-libstub-zboot-mark-zboot-efi-application-as-nx-compatible.patch
and it can be found in the queue-6.2 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From c7d9e628b8ff4d52a365a441bdacb3209ee83c81 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@xxxxxxxxxx>
Date: Fri, 10 Mar 2023 12:15:24 +0100
Subject: efi/libstub: zboot: Mark zboot EFI application as NX compatible

From: Ard Biesheuvel <ardb@xxxxxxxxxx>

commit c7d9e628b8ff4d52a365a441bdacb3209ee83c81 upstream.

Now that the zboot loader will invoke the EFI memory attributes protocol
to remap the decompressed code and rodata as read-only/executable, we
can set the PE/COFF header flag that indicates to the firmware that the
application does not rely on writable memory being executable at the
same time.

Cc: <stable@xxxxxxxxxxxxxxx> # v6.2+
Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 drivers/firmware/efi/libstub/zboot-header.S |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/firmware/efi/libstub/zboot-header.S
+++ b/drivers/firmware/efi/libstub/zboot-header.S
@@ -63,7 +63,7 @@ __efistub_efi_zboot_header:
 	.long		.Lefi_header_end - .Ldoshdr
 	.long		0
 	.short		IMAGE_SUBSYSTEM_EFI_APPLICATION
-	.short		0
+	.short		IMAGE_DLL_CHARACTERISTICS_NX_COMPAT
 #ifdef CONFIG_64BIT
 	.quad		0, 0, 0, 0
 #else


Patches currently in stable-queue which might be from ardb@xxxxxxxxxx are

queue-6.2/efi-libstub-use-relocated-version-of-kernel-s-struct.patch
queue-6.2/efi-libstub-smbios-use-length-member-instead-of-reco.patch
queue-6.2/efi-earlycon-reprobe-after-parsing-config-tables.patch
queue-6.2/arm64-efi-use-smbios-processor-version-to-key-off-am.patch
queue-6.2/arm64-efi-set-nx-compat-flag-in-pe-coff-header.patch
queue-6.2/efi-libstub-zboot-mark-zboot-efi-application-as-nx-compatible.patch
queue-6.2/efi-sysfb_efi-fix-dmi-quirks-not-working-for-simpledrm.patch
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux