From: Sai Praneeth <[email protected]> Presently, the kernel maps EFI_BOOT_SERVICES_<CODE/DATA> regions as a workaround for buggy firmware that accesses them even when they shouldn't. With EFI_WARN_ON_ILLEGAL_ACCESSES enabled kernel can now detect and handle such accesses dynamically. Hence, rather than safely mapping all the EFI_BOOT_SERVICES_<CODE/DATA> regions, map only EFI_RUNTIME_SERVICES_<CODE/DATA> regions and trap all other illegal accesses.
Signed-off-by: Sai Praneeth Prakhya <[email protected]> Suggested-by: Matt Fleming <[email protected]> Based-on-code-from: Ricardo Neri <[email protected]> Cc: Al Stone <[email protected]> Cc: Lee Chun-Yi <[email protected]> Cc: Borislav Petkov <[email protected]> Cc: Bhupesh Sharma <[email protected]> Cc: Ard Biesheuvel <[email protected]> --- arch/x86/platform/efi/efi.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c index 7d18b7ed5d41..0ddb22a03d88 100644 --- a/arch/x86/platform/efi/efi.c +++ b/arch/x86/platform/efi/efi.c @@ -768,9 +768,13 @@ static bool should_map_region(efi_memory_desc_t *md) /* * Map boot services regions as a workaround for buggy * firmware that accesses them even when they shouldn't. + * (only if CONFIG_EFI_WARN_ON_ILLEGAL_ACCESSES is disabled) * * See efi_{reserve,free}_boot_services(). */ + if (IS_ENABLED(CONFIG_EFI_WARN_ON_ILLEGAL_ACCESSES)) + return false; + if (md->type == EFI_BOOT_SERVICES_CODE || md->type == EFI_BOOT_SERVICES_DATA) return true; -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
