From patchwork Wed Oct 25 10:14:19 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 117097 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp665591qgn; Wed, 25 Oct 2017 03:14:42 -0700 (PDT) X-Google-Smtp-Source: ABhQp+TqSCey0ORUxZQS0i3yl7vxrj5nRGgla2b0fIviyvjwixeuE002KfDJIJizv1TDmdFu3cVW X-Received: by 10.84.173.4 with SMTP id o4mr1351864plb.152.1508926482152; Wed, 25 Oct 2017 03:14:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508926482; cv=none; d=google.com; s=arc-20160816; b=bkSL6j+bFHX81u/oO95io2hSRof2W62xry1mYZzd8yAYxbcfzb3MXThe+nbQCcpSGq iWo2O1aOqCQ0hcuTHK2n0Vep9SmA+IUmz+zjPzhqSPTb3Ok8JDl8Bzsx3/g/dPkA0GSS hWqDIc8bOiyitr0IHAxvBT1V/26KheBOoZD8Hw8oHsIJaA7Z1ctk5HV7G5nkOQF9iv/p 8gpF1ObLoRU4xZIXSTkaQ/fqzGk5/rJJqTit/l+kzB6rTZAHscpmXPwUi/7pgoY3CgR0 838OetiD7ZSU67GlMT2PvWj4i1FPbjOGk62XxhdXkDzBANgSifrstVVO3GUXxtWXhY7k Eylw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=06ZZjnqZQPBuocA3CzZQ6zLWSmqm2H40DGbt0tBDBfE=; b=vxXBpoeL6+748aFjwhQN2Y5L+WSzqxUGbTeU/DjRY/+NuSFMuSMDiFhgPo+r3gBriR kypx/ElDqy2mhRgOsg1aylE5Y1MZAOS0WqGbFs1A/0KXW43g0UrpLv6gnFrDd5+F23Ch LrJceScnzh77iRSD1el5rmHwSk/ro5JKslfQOwyc3pt7StNIUM9TUFPLPF1BAAkoYEYQ Y3bpD1Py9pYjLaxfBTyjZsE4kKkGPDIC2ljgabwfMpdzi6u7c8NqscIahX6+tjd23dhh YRs0f1bA/pwD5Zr+Fn8CpraiTEyMkrnbqKDkQHwgjHjoLWa6zeL4LZnfPOJD0+ziaIgb /KEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=CRzGSczB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t189si1614322pgb.672.2017.10.25.03.14.41; Wed, 25 Oct 2017 03:14:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=CRzGSczB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932510AbdJYKOj (ORCPT + 27 others); Wed, 25 Oct 2017 06:14:39 -0400 Received: from mail-wr0-f193.google.com ([209.85.128.193]:53898 "EHLO mail-wr0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932228AbdJYKOe (ORCPT ); Wed, 25 Oct 2017 06:14:34 -0400 Received: by mail-wr0-f193.google.com with SMTP id u40so17567070wrf.10 for ; Wed, 25 Oct 2017 03:14:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=06ZZjnqZQPBuocA3CzZQ6zLWSmqm2H40DGbt0tBDBfE=; b=CRzGSczBZO3RSMk0U40L3SUva6cgYOxnbYyJu3kc23BZf6/0Ow11zqYLknenNZh7My M35sRJmNygY+dVxAxdf86fDca5z05s+sMk0d1V5e7NrekIR1ZtOOUVWm+jQrOQBSD7qd 52IjVxaDDNbsqZ2TtQEfMRKAgeYyp2G2unRO8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=06ZZjnqZQPBuocA3CzZQ6zLWSmqm2H40DGbt0tBDBfE=; b=DjSjoiVotOBVKKrllU2M8QLWoeE5GI/wLGqey3UDBQ4VDP6unJeA70J3zP+ceTBc/F h3nlQtwfiUAdfKlCUUgRMiPCPqSAWMuratNFiejurxMgLXHR+J7ia0vbKAWpc7eNaRzU pt8El/no+66l67dwPkVYEhVGk2Zs6ZJnzfH+KLpDchRDyolQprEt2xhT18J1djiuYqwr VNtB0D/9DMHx/3khRWiMlYeW7iq5p1aU4kSFWXdWYevmzPG/lyhx7QoIG222IbczTcM1 gfObX4A7q9cKydc3vu/TrrKRm6oQur9PXPoEBP5cVJe6ztsLKdxXk5BT/W8Fbbmk2AQu 193Q== X-Gm-Message-State: AMCzsaUhMh+P41v4vwHUfpq7srAyAK/uNHfnDz7w7M4FalK2oD9JBnD5 CRCw+/YgnQ8mjZh3D/08yBoPXQ== X-Received: by 10.223.157.137 with SMTP id p9mr1568176wre.98.1508926473268; Wed, 25 Oct 2017 03:14:33 -0700 (PDT) Received: from localhost.localdomain ([160.161.173.60]) by smtp.gmail.com with ESMTPSA id m26sm2272470wrb.81.2017.10.25.03.14.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Oct 2017 03:14:32 -0700 (PDT) From: Ard Biesheuvel To: linux-efi@vger.kernel.org, Ingo Molnar , Thomas Gleixner , "H . Peter Anvin" Cc: Ard Biesheuvel , linux-kernel@vger.kernel.org, Matt Fleming Subject: [PATCH 2/2] arm64: efi: ignore EFI_MEMORY_XP attribute if RP and/or WP are set Date: Wed, 25 Oct 2017 11:14:19 +0100 Message-Id: <20171025101419.26369-3-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20171025101419.26369-1-ard.biesheuvel@linaro.org> References: <20171025101419.26369-1-ard.biesheuvel@linaro.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The UEFI memory map is a bit vague about how to interpret the EFI_MEMORY_XP attribute when it is combined with EFI_MEMORY_RP and/or EFI_MEMORY_WP, which have retroactively been redefined as cacheability attributes rather than permission attributes. So let's ignore EFI_MEMORY_XP if _RP and/or _WP are also set. In this case, it is likely that they are being used to describe the capability of the region (i.e., whether it has the controls to reconfigure it as non-executable) rather than the nature of the contents of the region (i.e., whether it contains data that we will never attempt to execute) Reported-by: Stephen Boyd Tested-by: Stephen Boyd Cc: Matt Fleming Signed-off-by: Ard Biesheuvel --- arch/arm64/kernel/efi.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- 2.11.0 diff --git a/arch/arm64/kernel/efi.c b/arch/arm64/kernel/efi.c index 82cd07592519..f85ac58d08a3 100644 --- a/arch/arm64/kernel/efi.c +++ b/arch/arm64/kernel/efi.c @@ -48,7 +48,9 @@ static __init pteval_t create_mapping_protection(efi_memory_desc_t *md) return pgprot_val(PAGE_KERNEL_ROX); /* RW- */ - if (attr & EFI_MEMORY_XP || type != EFI_RUNTIME_SERVICES_CODE) + if (((attr & (EFI_MEMORY_RP | EFI_MEMORY_WP | EFI_MEMORY_XP)) == + EFI_MEMORY_XP) || + type != EFI_RUNTIME_SERVICES_CODE) return pgprot_val(PAGE_KERNEL); /* RWX */