Re: [PATCH 0/3] x86: Extend LASS support to EFI configurations

Next message: Caleb Sander Mateos: "[PATCH] ublk: clean up user copy references on ublk server exit"
Previous message: Shuah Khan: "Re: [PATCH v3 00/10] KFuzzTest: a new kernel fuzzing framework"
Next in thread: Sohil Mehta: "Re: [PATCH 0/3] x86: Extend LASS support to EFI configurations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sohil Mehta

Date: Fri Dec 12 2025 - 19:17:14 EST

On 12/4/2025 11:03 AM, Ard Biesheuvel wrote:
>
> efi_check_for_embedded_firmwares() maps EFI_BOOT_SERVICES_DATA regions
> in the kernel region, so bit 63 will be set.

Ah, I missed that efi_check_for_embedded_firmwares() remaps the regions.

>
>> LASS wouldn't care whether there is an actual mapping behind the
>> address. It only relies on the MSB for enforcement. So, any code that
>> relied on accessing boot services memory before efi_free_boot_services()
>> could get affected by LASS.
>>
>
> This only applies to code that accesses boot services memory via a
> mapping in the lower range.
>

Yes, I was referring to usages which use the lower mapping. Though,
efi_check_for_embedded_firmwares() doesn't do that, enabling LASS after
freeing boot services memory is still the right thing to do. In theory,
someone could use the 1:1 mapping.