Merge tag 'efi-urgent-for-v5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi Pull EFI fix from Ard Biesheuvel: "Ensure that the EFI memory map resides in encrypted memory even after it has been reallocated" * tag 'efi-urgent-for-v5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi: x86/sme: Explicitly map new EFI memmap table as encrypted

commit: 55a677b256c363a0cdcd00781d392abeb6e1c0d1 [log] [tgz]
author: Linus Torvalds <torvalds@linux-foundation.org> Mon Dec 06 10:09:00 2021 -0800
committer: Linus Torvalds <torvalds@linux-foundation.org> Mon Dec 06 10:09:00 2021 -0800
tree: f6ac439e9c019b331e4fa9695a8276b01b712b28
parent: 0fcfb00b28c0b7884635dacf38e46d60bf3d4eb1 [diff]
parent: 1ff2fc02862d52e18fd3daabcfe840ec27e920a8 [diff]
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 7399327..5c2ccb8 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig

@@ -1932,6 +1932,7 @@
 	depends on ACPI
 	select UCS2_STRING
 	select EFI_RUNTIME_WRAPPERS
+	select ARCH_USE_MEMREMAP_PROT
 	help
 	  This enables the kernel to use EFI runtime services that are
 	  available (such as the EFI variable services).

diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c
index b15ebfe..b0b848d 100644
--- a/arch/x86/platform/efi/quirks.c
+++ b/arch/x86/platform/efi/quirks.c

@@ -277,7 +277,8 @@
 		return;
 	}
 
-	new = early_memremap(data.phys_map, data.size);
+	new = early_memremap_prot(data.phys_map, data.size,
+				  pgprot_val(pgprot_encrypted(FIXMAP_PAGE_NORMAL)));
 	if (!new) {
 		pr_err("Failed to map new boot services memmap\n");
 		return;
commit	55a677b256c363a0cdcd00781d392abeb6e1c0d1	[log] [tgz]
author	Linus Torvalds <torvalds@linux-foundation.org>	Mon Dec 06 10:09:00 2021 -0800
committer	Linus Torvalds <torvalds@linux-foundation.org>	Mon Dec 06 10:09:00 2021 -0800
tree	f6ac439e9c019b331e4fa9695a8276b01b712b28
parent	0fcfb00b28c0b7884635dacf38e46d60bf3d4eb1 [diff]
parent	1ff2fc02862d52e18fd3daabcfe840ec27e920a8 [diff]