From 91444aa2c105e1b262e0e363c879e81c5fe72a7e Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 27 Jul 2023 13:01:47 +0200 Subject: [PATCH] 5.15-stable patches added patches: efi-libstub-use-efi_loader_code-region-when-moving-the-kernel-in-memory.patch series --- ...ion-when-moving-the-kernel-in-memory.patch | 126 ++++++++++++++++++ queue-5.15/series | 1 + 2 files changed, 127 insertions(+) create mode 100644 queue-5.15/efi-libstub-use-efi_loader_code-region-when-moving-the-kernel-in-memory.patch create mode 100644 queue-5.15/series diff --git a/queue-5.15/efi-libstub-use-efi_loader_code-region-when-moving-the-kernel-in-memory.patch b/queue-5.15/efi-libstub-use-efi_loader_code-region-when-moving-the-kernel-in-memory.patch new file mode 100644 index 00000000000..6a4a2be2704 --- /dev/null +++ b/queue-5.15/efi-libstub-use-efi_loader_code-region-when-moving-the-kernel-in-memory.patch @@ -0,0 +1,126 @@ +From 9cf42bca30e98a1c6c9e8abf876940a551eaa3d1 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Tue, 2 Aug 2022 11:00:16 +0200 +Subject: efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory + +From: Ard Biesheuvel + +commit 9cf42bca30e98a1c6c9e8abf876940a551eaa3d1 upstream. + +The EFI spec is not very clear about which permissions are being given +when allocating pages of a certain type. However, it is quite obvious +that EFI_LOADER_CODE is more likely to permit execution than +EFI_LOADER_DATA, which becomes relevant once we permit booting the +kernel proper with the firmware's 1:1 mapping still active. + +Ostensibly, recent systems such as the Surface Pro X grant executable +permissions to EFI_LOADER_CODE regions but not EFI_LOADER_DATA regions. + +Signed-off-by: Ard Biesheuvel +Signed-off-by: Greg Kroah-Hartman +--- + drivers/firmware/efi/libstub/alignedmem.c | 5 +++-- + drivers/firmware/efi/libstub/arm64-stub.c | 6 ++++-- + drivers/firmware/efi/libstub/efistub.h | 6 ++++-- + drivers/firmware/efi/libstub/mem.c | 3 ++- + drivers/firmware/efi/libstub/randomalloc.c | 5 +++-- + 5 files changed, 16 insertions(+), 9 deletions(-) + +--- a/drivers/firmware/efi/libstub/alignedmem.c ++++ b/drivers/firmware/efi/libstub/alignedmem.c +@@ -22,7 +22,8 @@ + * Return: status code + */ + efi_status_t efi_allocate_pages_aligned(unsigned long size, unsigned long *addr, +- unsigned long max, unsigned long align) ++ unsigned long max, unsigned long align, ++ int memory_type) + { + efi_physical_addr_t alloc_addr; + efi_status_t status; +@@ -36,7 +37,7 @@ efi_status_t efi_allocate_pages_aligned( + slack = align / EFI_PAGE_SIZE - 1; + + status = efi_bs_call(allocate_pages, EFI_ALLOCATE_MAX_ADDRESS, +- EFI_LOADER_DATA, size / EFI_PAGE_SIZE + slack, ++ memory_type, size / EFI_PAGE_SIZE + slack, + &alloc_addr); + if (status != EFI_SUCCESS) + return status; +--- a/drivers/firmware/efi/libstub/arm64-stub.c ++++ b/drivers/firmware/efi/libstub/arm64-stub.c +@@ -133,7 +133,8 @@ efi_status_t handle_kernel_image(unsigne + * locate the kernel at a randomized offset in physical memory. + */ + status = efi_random_alloc(*reserve_size, min_kimg_align, +- reserve_addr, phys_seed); ++ reserve_addr, phys_seed, ++ EFI_LOADER_CODE); + if (status != EFI_SUCCESS) + efi_warn("efi_random_alloc() failed: 0x%lx\n", status); + } else { +@@ -154,7 +155,8 @@ efi_status_t handle_kernel_image(unsigne + } + + status = efi_allocate_pages_aligned(*reserve_size, reserve_addr, +- ULONG_MAX, min_kimg_align); ++ ULONG_MAX, min_kimg_align, ++ EFI_LOADER_CODE); + + if (status != EFI_SUCCESS) { + efi_err("Failed to relocate kernel\n"); +--- a/drivers/firmware/efi/libstub/efistub.h ++++ b/drivers/firmware/efi/libstub/efistub.h +@@ -764,7 +764,8 @@ void efi_get_virtmap(efi_memory_desc_t * + efi_status_t efi_get_random_bytes(unsigned long size, u8 *out); + + efi_status_t efi_random_alloc(unsigned long size, unsigned long align, +- unsigned long *addr, unsigned long random_seed); ++ unsigned long *addr, unsigned long random_seed, ++ int memory_type); + + efi_status_t efi_random_get_seed(void); + +@@ -790,7 +791,8 @@ efi_status_t efi_allocate_pages(unsigned + unsigned long max); + + efi_status_t efi_allocate_pages_aligned(unsigned long size, unsigned long *addr, +- unsigned long max, unsigned long align); ++ unsigned long max, unsigned long align, ++ int memory_type); + + efi_status_t efi_low_alloc_above(unsigned long size, unsigned long align, + unsigned long *addr, unsigned long min); +--- a/drivers/firmware/efi/libstub/mem.c ++++ b/drivers/firmware/efi/libstub/mem.c +@@ -96,7 +96,8 @@ efi_status_t efi_allocate_pages(unsigned + + if (EFI_ALLOC_ALIGN > EFI_PAGE_SIZE) + return efi_allocate_pages_aligned(size, addr, max, +- EFI_ALLOC_ALIGN); ++ EFI_ALLOC_ALIGN, ++ EFI_LOADER_DATA); + + alloc_addr = ALIGN_DOWN(max + 1, EFI_ALLOC_ALIGN) - 1; + status = efi_bs_call(allocate_pages, EFI_ALLOCATE_MAX_ADDRESS, +--- a/drivers/firmware/efi/libstub/randomalloc.c ++++ b/drivers/firmware/efi/libstub/randomalloc.c +@@ -53,7 +53,8 @@ static unsigned long get_entry_num_slots + efi_status_t efi_random_alloc(unsigned long size, + unsigned long align, + unsigned long *addr, +- unsigned long random_seed) ++ unsigned long random_seed, ++ int memory_type) + { + unsigned long map_size, desc_size, total_slots = 0, target_slot; + unsigned long buff_size; +@@ -116,7 +117,7 @@ efi_status_t efi_random_alloc(unsigned l + pages = size / EFI_PAGE_SIZE; + + status = efi_bs_call(allocate_pages, EFI_ALLOCATE_ADDRESS, +- EFI_LOADER_DATA, pages, &target); ++ memory_type, pages, &target); + if (status == EFI_SUCCESS) + *addr = target; + break; diff --git a/queue-5.15/series b/queue-5.15/series new file mode 100644 index 00000000000..590c2e71bbd --- /dev/null +++ b/queue-5.15/series @@ -0,0 +1 @@ +efi-libstub-use-efi_loader_code-region-when-moving-the-kernel-in-memory.patch -- 2.47.3