arm64: Mark EFI memory as userspace non-executable
FEAT_PAN3 adds the SCTLR_EL1.EPAN field. This tells the hardware to raise a permission abort when userspace could execute a page, i.e. the ATTR_S1_UXN field is clear in the page table. This causes issues for the EFI runtime as we only mark non-executable pages with this flag leading to a permission fault when accessing it. Fix this by marking all EFI mappings with ATTR_S1_UXN. The kernel already had this field set so was already safe. Reported by: tuexen Reviewed by: tuexen Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52750
This commit is contained in:
@@ -218,8 +218,9 @@ efi_create_1t1_map(struct efi_md *map, int ndesc, int descsz)
|
||||
p->md_phys, mode, p->md_pages);
|
||||
}
|
||||
|
||||
l3_attr = ATTR_AF | pmap_sh_attr | ATTR_S1_IDX(mode) |
|
||||
ATTR_S1_AP(ATTR_S1_AP_RW) | ATTR_S1_nG | L3_PAGE;
|
||||
l3_attr = ATTR_S1_UXN | ATTR_AF | pmap_sh_attr |
|
||||
ATTR_S1_IDX(mode) | ATTR_S1_AP(ATTR_S1_AP_RW) |
|
||||
ATTR_S1_nG | L3_PAGE;
|
||||
if (mode == VM_MEMATTR_DEVICE || p->md_attr & EFI_MD_ATTR_XP)
|
||||
l3_attr |= ATTR_S1_XN;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user