• Ard Biesheuvel's avatar
    efi/x86-mixed: move unmitigated RET into .rodata · 6c3a9c9a
    Ard Biesheuvel authored
    Move the EFI mixed mode return trampoline RET into .rodata, so it is
    normally mapped without executable permissions.  And given that this
    snippet of code is really the only kernel code that we ever execute via
    this 1:1 mapping, let's unmap the 1:1 mapping of the kernel .text, and
    only map the page that covers the return trampoline with executable
    permissions.
    
    Note that the remainder of .rodata needs to remain mapped into the 1:1
    mapping with RO/NX permissions, as literal GUIDs and strings may be
    passed to the variable routines.
    Acked-by: default avatarBorislav Petkov <bp@suse.de>
    Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
    6c3a9c9a
efi_64.c 22.5 KB