This patch addresses a problem that, immediately before the kernel is started, the amd64_tramp function calls the efi_copy_finish function to copy the kernel image from a temporary staging area in the memory to the actual memory address where the kernel expects to be run from. The problem is that the boot loader, including the efi_copy_finish function, may have been loaded by the UEFI firmware somewhere in the range where the kernel is being copied to. The efi_copy_finish function may thus overwrite its own instructions by the kernel image, causing the system to freeze. This is not a problem for the amd64_tramp trampoline itself, which is first copied to a safe memory location before it is executed.
My patch does the following:
- Instead of calling the efi_copy_finish function, which may be located anywhere in the memory, the copy operation is done by the trampoline itself. This is the most important part of the patch.
- Adds missing return value checks.
- Before the kernel is copied from the staging area, a new efi_verify_destination_type function checks that the target memory area is safe to use. If not, it only prints a warning message. (This is useful mainly for debugging purposes when a system freezes.)
Because I changed the parameters of the trampoline function, I created a new amd64_tramp_inline function and kept the original amd64_tramp intact in order not to break any other existing code. However, the amd64_tramp function does not seem to be used anywhere else in the existing code, so it could be modified directly. The efi_copy_finish function is not needed anymore too.