| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250916193853.410189-1-lszubowi@redhat.com> Date: Tue, 16 Sep 2025 15:38:53 -0400 From: Lenny Szubowicz <lszubowi@...hat.com> To: ardb@...nel.org Cc: linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org Subject: [PATCH] efi/x86: Memory protection on EfiGcdMemoryTypeMoreReliable Check for needed memory protection changes on EFI DXE GCD memory space descriptors with type EfiGcdMemoryTypeMoreReliable in addition to EfiGcdMemoryTypeSystemMemory. This fixes a fault on entry into the decompressed kernel from the EFI stub that occurs when the memory allocated for the decompressed kernel is more reliable memory, has NX/XP set, and the kernel needs to use the EFI DXE protocol to adjust memory protections. The memory descriptors returned by the DXE protocol GetMemorySpaceDescriptor() service use a different GCD memory type to distinguish more reliable memory ranges from their conventional counterparts. This is in contrast to the EFI memory descriptors returned by the EFI GetMemoryMap() service which use the EFI_MEMORY_MORE_RELIABLE memory attributes flag to identify EFI_CONVENTIONAL_MEMORY type regions that have this additional property. Signed-off-by: Lenny Szubowicz <lszubowi@...hat.com> --- drivers/firmware/efi/libstub/x86-stub.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index cafc90d4caaf..0f60a12401c2 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -300,7 +300,7 @@ efi_status_t efi_adjust_memory_range_protection(unsigned long start, return EFI_SUCCESS; /* - * Don't modify memory region attributes, they are + * Don't modify memory region attributes, if they are * already suitable, to lower the possibility to * encounter firmware bugs. */ @@ -315,11 +315,13 @@ efi_status_t efi_adjust_memory_range_protection(unsigned long start, next = desc.base_address + desc.length; /* - * Only system memory is suitable for trampoline/kernel image placement, - * so only this type of memory needs its attributes to be modified. + * Only system memory and more reliable memory are suitable for + * trampoline/kernel image placement. So only those memory types + * may need to have attributes modified. */ - if (desc.gcd_memory_type != EfiGcdMemoryTypeSystemMemory || + if ((desc.gcd_memory_type != EfiGcdMemoryTypeSystemMemory && + desc.gcd_memory_type != EfiGcdMemoryTypeMoreReliable) || (desc.attributes & (EFI_MEMORY_RO | EFI_MEMORY_XP)) == 0) continue; -- 2.51.0
Powered by blists - more mailing lists