Patch "arm64: efi: Set NX compat flag in PE/COFF header" has been added to the 6.1-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    arm64: efi: Set NX compat flag in PE/COFF header

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     arm64-efi-set-nx-compat-flag-in-pe-coff-header.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 16b47f362260fd260e6be1320d19bf3440fc199a
Author: Ard Biesheuvel <ardb@xxxxxxxxxx>
Date:   Fri Mar 10 13:30:05 2023 +0100

    arm64: efi: Set NX compat flag in PE/COFF header
    
    [ Upstream commit 3c66bb1918c262dd52fb4221a8d372619c5da70a ]
    
    The PE/COFF header has a NX compat flag which informs the firmware that
    the application does not rely on memory regions being mapped with both
    executable and writable permissions at the same time.
    
    This is typically used by the firmware to decide whether it can set the
    NX attribute on all allocations it returns, but going forward, it may be
    used to enforce a policy that only permits applications with the NX flag
    set to be loaded to begin wiht in some configurations, e.g., when Secure
    Boot is in effect.
    
    Even though the arm64 version of the EFI stub may relocate the kernel
    before executing it, it always did so after disabling the MMU, and so we
    were always in line with what the NX compat flag conveys, we just never
    bothered to set it.
    
    So let's set the flag now.
    
    Cc: <stable@xxxxxxxxxxxxxxx>
    Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
index 28d8a5dca5f12..d731b4655df8e 100644
--- a/arch/arm64/kernel/efi-header.S
+++ b/arch/arm64/kernel/efi-header.S
@@ -66,7 +66,7 @@
 	.long	.Lefi_header_end - .L_head		// SizeOfHeaders
 	.long	0					// CheckSum
 	.short	IMAGE_SUBSYSTEM_EFI_APPLICATION		// Subsystem
-	.short	0					// DllCharacteristics
+	.short	IMAGE_DLL_CHARACTERISTICS_NX_COMPAT	// DllCharacteristics
 	.quad	0					// SizeOfStackReserve
 	.quad	0					// SizeOfStackCommit
 	.quad	0					// SizeOfHeapReserve
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux