]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 34a3249) | patch
efi/x86-mixed: move unmitigated RET into .rodata
authorArd Biesheuvel <ardb@kernel.org>
Fri, 22 Jul 2022 15:15:41 +0000 (17:15 +0200)
committerArd Biesheuvel <ardb@kernel.org>
Tue, 16 Aug 2022 07:28:05 +0000 (09:28 +0200)
commit915de97484cb7c4800866c85989ad6cf927e4982
tree2116309d97f0a5da0a92559f2b1fe6adabf81a22tree | snapshot
parent34a3249ab33a1690f58cd6e91a0208887337d3e0commit | diff
efi/x86-mixed: move unmitigated RET into .rodata

Move the EFI mixed mode return trampoline RET into .rodata, so it is
normally mapped without executable permissions.  And given that this
snippet of code is really the only kernel code that we ever execute via
this 1:1 mapping, let's unmap the 1:1 mapping of the kernel .text, and
only map the page that covers the return trampoline with executable
permissions.

Note that the remainder of .rodata needs to remain mapped into the 1:1
mapping with RO/NX permissions, as literal GUIDs and strings may be
passed to the variable routines.

Acked-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
arch/x86/platform/efi/efi_64.c diff | blob | history
arch/x86/platform/efi/efi_thunk_64.S diff | blob | history
Linux Kernel Source Tree.