Skip to content

Commit d5052a7

Browse files
Sai Praneeth PrakhyaArd Biesheuvel
Sai Praneeth Prakhya
authored and
Ard Biesheuvel
committed
x86/efi: Unmap EFI boot services code/data regions from efi_pgd
efi_free_boot_services(), as the name suggests, frees EFI boot services code/data regions but forgets to unmap these regions from efi_pgd. This means that any code that's running in efi_pgd address space (e.g: any EFI runtime service) would still be able to access these regions but the contents of these regions would have long been over written by someone else. So, it's important to unmap these regions. Hence, introduce efi_unmap_pages() to unmap these regions from efi_pgd. After unmapping EFI boot services code/data regions, any illegal access by buggy firmware to these regions would result in page fault which will be handled by EFI specific fault handler. Signed-off-by: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Ingo Molnar <mingo@kernel.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Bhupesh Sharma <bhsharma@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Acked-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
1 parent 57e741b commit d5052a7

File tree

1 file changed

+25
-0
lines changed

1 file changed

+25
-0
lines changed

arch/x86/platform/efi/quirks.c

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -369,6 +369,24 @@ void __init efi_reserve_boot_services(void)
369369
}
370370
}
371371

372+
/*
373+
* Apart from having VA mappings for EFI boot services code/data regions,
374+
* (duplicate) 1:1 mappings were also created as a quirk for buggy firmware. So,
375+
* unmap both 1:1 and VA mappings.
376+
*/
377+
static void __init efi_unmap_pages(efi_memory_desc_t *md)
378+
{
379+
pgd_t *pgd = efi_mm.pgd;
380+
u64 pa = md->phys_addr;
381+
u64 va = md->virt_addr;
382+
383+
if (kernel_unmap_pages_in_pgd(pgd, pa, md->num_pages))
384+
pr_err("Failed to unmap 1:1 mapping for 0x%llx\n", pa);
385+
386+
if (kernel_unmap_pages_in_pgd(pgd, va, md->num_pages))
387+
pr_err("Failed to unmap VA mapping for 0x%llx\n", va);
388+
}
389+
372390
void __init efi_free_boot_services(void)
373391
{
374392
phys_addr_t new_phys, new_size;
@@ -393,6 +411,13 @@ void __init efi_free_boot_services(void)
393411
continue;
394412
}
395413

414+
/*
415+
* Before calling set_virtual_address_map(), EFI boot services
416+
* code/data regions were mapped as a quirk for buggy firmware.
417+
* Unmap them from efi_pgd before freeing them up.
418+
*/
419+
efi_unmap_pages(md);
420+
396421
/*
397422
* Nasty quirk: if all sub-1MB memory is used for boot
398423
* services, we can get here without having allocated the

0 commit comments

Comments
 (0)