diff options
author | Ard Biesheuvel <ardb@kernel.org> | 2023-02-06 15:33:07 +0300 |
---|---|---|
committer | Ard Biesheuvel <ardb@kernel.org> | 2023-02-09 21:30:54 +0300 |
commit | 93be2859e26c3be847780c65313da1b261833451 (patch) | |
tree | 41b20e79a370172ee3630ab3039c5ffa90c73957 /arch/x86/platform/efi | |
parent | 1d959312e2f23c8ee6ed9432a6fa4416b267477b (diff) | |
download | linux-93be2859e26c3be847780c65313da1b261833451.tar.xz |
efi: x86: Wire up IBT annotation in memory attributes table
UEFI v2.10 extends the EFI memory attributes table with a flag that
indicates whether or not all RuntimeServicesCode regions were
constructed with ENDBR landing pads, permitting the OS to map these
regions with IBT restrictions enabled.
So let's take this into account on x86 as well.
Suggested-by: Peter Zijlstra <peterz@infradead.org> # ibt_save() changes
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Diffstat (limited to 'arch/x86/platform/efi')
-rw-r--r-- | arch/x86/platform/efi/efi_64.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c index 2e6fe430cb07..232acf418cfb 100644 --- a/arch/x86/platform/efi/efi_64.c +++ b/arch/x86/platform/efi/efi_64.c @@ -389,11 +389,15 @@ static int __init efi_update_mappings(efi_memory_desc_t *md, unsigned long pf) return err1 || err2; } +bool efi_disable_ibt_for_runtime __ro_after_init = true; + static int __init efi_update_mem_attr(struct mm_struct *mm, efi_memory_desc_t *md, bool has_ibt) { unsigned long pf = 0; + efi_disable_ibt_for_runtime |= !has_ibt; + if (md->attribute & EFI_MEMORY_XP) pf |= _PAGE_NX; @@ -415,6 +419,7 @@ void __init efi_runtime_update_mappings(void) * exists, since it is intended to supersede EFI_PROPERTIES_TABLE. */ if (efi_enabled(EFI_MEM_ATTR)) { + efi_disable_ibt_for_runtime = false; efi_memattr_apply_permissions(NULL, efi_update_mem_attr); return; } |