[U-Boot] [PATCH v4 19/21] sandbox: Allow to execute from RAM
Alexander Graf
agraf at suse.de
Thu Jun 21 09:44:23 UTC 2018
On 06/21/2018 04:02 AM, Simon Glass wrote:
> Hi Alex,
>
> On 18 June 2018 at 09:23, Alexander Graf <agraf at suse.de> wrote:
>> With efi_loader, we may want to execute payloads from RAM. By default,
>> permissions on the RAM region don't allow us to execute from there though.
>>
>> So whenever we get into the efi_loader case, let's mark RAM as executable.
>> That way we still protect normal cases, but allow for efi binaries to
>> directly get executed from within RAM.
>>
>> For this, we hook into the already existing allow_unaligned() call which
>> also transitions the system over into semantics required by the UEFI
>> specification.
>>
>> Signed-off-by: Alexander Graf <agraf at suse.de>
>> ---
>> arch/sandbox/cpu/cpu.c | 14 ++++++++++++++
>> arch/sandbox/cpu/os.c | 14 ++++++++++++++
>> include/os.h | 19 +++++++++++++++++++
>> 3 files changed, 47 insertions(+)
>>
> What is this patch actually for? Does it make something work that did
> not before? Where is it called?
At least on aarch64 executing from the RAM region fails on the first
instruction you call inside it, because it's not mapped with PROT_EXEC.
I think not mapping it with PROT_EXEC is a good thing in the normal
sandbox use case, but for EFI we need to run from RAM ;).
So yes, this patch makes that work. It's called from allow_unaligned()
which gets called from the bootefi command function.
Alex
More information about the U-Boot
mailing list