From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Fri, 29 May 2020 20:49:13 +0000 (+0100)
Subject: x86/EFI: Avoid mapping EFI system memory as shadow stacks
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=137d2d6310d31b4ace3df01832c37aa86b6173cc;p=people%2Fsstabellini%2Fxen-unstable.git%2F.git

x86/EFI: Avoid mapping EFI system memory as shadow stacks

Ensure the dirty bit is clear when creating read-only EFI mappings.

Reported-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---

diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c
index a6f84c945a..5a520bf21d 100644
--- a/xen/common/efi/boot.c
+++ b/xen/common/efi/boot.c
@@ -1554,7 +1554,7 @@ void __init efi_init_memory(void)
 
         if ( desc->Attribute & (efi_bs_revision < EFI_REVISION(2, 5)
                                 ? EFI_MEMORY_WP : EFI_MEMORY_RO) )
-            prot &= ~_PAGE_RW;
+            prot &= ~(_PAGE_DIRTY | _PAGE_RW);
         if ( desc->Attribute & EFI_MEMORY_XP )
             prot |= _PAGE_NX;