x86/EFI: Avoid mapping EFI system memory as shadow stacks

Ensure the dirty bit is clear when creating read-only EFI mappings.

Reported-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c
index a6f84c945aad69e5c152685603320c22c265f02c..5a520bf21d3a25e87cf38310a066da004a243006 100644 (file)
--- a/xen/common/efi/boot.c
+++ b/xen/common/efi/boot.c
@@ -1554,7 +1554,7 @@ void __init efi_init_memory(void)
 
         if ( desc->Attribute & (efi_bs_revision < EFI_REVISION(2, 5)
                                 ? EFI_MEMORY_WP : EFI_MEMORY_RO) )
-            prot &= ~_PAGE_RW;
+            prot &= ~(_PAGE_DIRTY | _PAGE_RW);
         if ( desc->Attribute & EFI_MEMORY_XP )
             prot |= _PAGE_NX;