• Ard Biesheuvel's avatar
    efi/arm*: Drop writable mapping of the UEFI System table · 14c43be6
    Ard Biesheuvel authored
    Commit:
    
      2eec5ded ("efi/arm-init: Use read-only early mappings")
    
    updated the early ARM UEFI init code to create the temporary, early
    mapping of the UEFI System table using read-only attributes, as a
    hardening measure against inadvertent modification.
    
    However, this still leaves the permanent, writable mapping of the UEFI
    System table, which is only ever referenced during invocations of UEFI
    Runtime Services, at which time the UEFI virtual mapping is available,
    which also covers the system table. (This is guaranteed by the fact that
    SetVirtualAddressMap(), which is a runtime service itself, converts
    various entries in the table to their virtual equivalents, which implies
    that the table must be covered by a RuntimeServicesData region that has
    the EFI_MEMORY_RUNTIME attribute.)
    
    So instead of creating this permanent mapping, record the virtual address
    of the system table inside the UEFI virtual mapping, and dereference that
    when accessing the table. This protects the contents of the system table
    from inadvertent (or deliberate) modification when no UEFI Runtime
    Services calls are in progress.
    Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
    Signed-off-by: default avatarMatt Fleming <matt@codeblueprint.co.uk>
    Cc: Borislav Petkov <bp@alien8.de>
    Cc: Leif Lindholm <leif.lindholm@linaro.org>
    Cc: Mark Rutland <mark.rutland@arm.com>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: linux-efi@vger.kernel.org
    Link: http://lkml.kernel.org/r/1461614832-17633-3-git-send-email-matt@codeblueprint.co.ukSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
    14c43be6
arm-init.c 5.47 KB