On Fri Nov 15, 2024 at 4:39 PM UTC, Ard Biesheuvel wrote:
On Tue, 12 Nov 2024 at 19:53, Nicolas Saenz Julienne nsaenz@amazon.com wrote:
Kexec bypasses EFI's switch to virtual mode. In exchange, it has its own routine, kexec_enter_virtual_mode(), which replays the mappings made by the original kernel. Unfortunately, that function fails to reinstate EFI's memory attributes, which would've otherwise been set after entering virtual mode. Remediate this by calling efi_runtime_update_mappings() within kexec's routine.
Cc: stable@vger.kernel.org Fixes: 18141e89a76c ("x86/efi: Add support for EFI_MEMORY_ATTRIBUTES_TABLE") Signed-off-by: Nicolas Saenz Julienne nsaenz@amazon.com
Notes:
- Tested with QEMU/OVMF.
I'll queue these up,
Thanks!
but I am going drop the cc stable: the memory attributes table is an overlay of the EFI memory map with restricted permissions for EFI runtime services regions, which are only mapped while a EFI runtime call is in progress.
So if the table is not taken into account after kexec, the runtime code and data mappings will all be RWX but I think this is a situation we can live with. If nothing breaks, we can always revisit this later if there is an actual need.
My intention was backporting the fix all the way to 'stable/linux-5.10.y'. But I'm happy to wait, or even to maintain an internal backport. It's simple enough.
Nicolas