git.itanic.dy.fi Git - linux-stable/commit

author	Ard Biesheuvel <ardb@kernel.org>
	Thu, 25 Jan 2024 13:32:07 +0000 (14:32 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 10 Apr 2024 14:38:23 +0000 (16:38 +0200)
commit	70a2425a1335c130dc447b8e6eb2c173d247a0b4
tree	2671f2c23fb3ecc2826dbca093ff95064d216908	tree \| snapshot
parent	4947db8687e636427f1398076cf46283989feb7e	commit \| diff

x86/efistub: Remap kernel text read-only before dropping NX attribute

commit 9c55461040a9264b7e44444c53d26480b438eda6 upstream.

Currently, the EFI stub invokes the EFI memory attributes protocol to
strip any NX restrictions from the entire loaded kernel, resulting in
all code and data being mapped read-write-execute.

The point of the EFI memory attributes protocol is to remove the need
for all memory allocations to be mapped with both write and execute
permissions by default, and make it the OS loader's responsibility to
transition data mappings to code mappings where appropriate.

Even though the UEFI specification does not appear to leave room for
denying memory attribute changes based on security policy, let's be
cautious and avoid relying on the ability to create read-write-execute
mappings. This is trivially achievable, given that the amount of kernel
code executing via the firmware's 1:1 mapping is rather small and
limited to the .head.text region. So let's drop the NX restrictions only
on that subregion, but not before remapping it as read-only first.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

arch/x86/boot/compressed/Makefile		diff \| blob \| history
arch/x86/boot/compressed/misc.c		diff \| blob \| history
arch/x86/include/asm/boot.h		diff \| blob \| history
drivers/firmware/efi/libstub/x86-stub.c		diff \| blob \| history