[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v1.1 64/65] x86/efi: Disable CET-IBT around Runtime Services calls

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 6 Dec 2021 12:06:59 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=elz+xgbj7jJUe9dM4ZRSPj7epxPvJ1nvaPRQGhIGOSU=; b=EJqjBOS8JguYAtSqy5TwwsBFU2kDKBC+DJYyUIrx9By/RlUm7gVpcChQrenCdNGBbDXwN5/hYOBuezLxwHic1z+kxMKanlegqM4UhIIMDPVFHZTSLIV6dCcQB9K1zSL2Vvdpi1e3y3QXqxpi7v/T7yNIHsvDHfxSFWCLK6bd3DcVUCoGECgROlXCkL3G1TW7nLOB63yC3EgNJNIhVAzOjLUbRxFUZCxLGx40KoweBEZ3ROegoTPAZEXz2lEAGPId53RXj7ovwmjwdI98OGmBulDzMrC4Fva02uDQLoHSSH0dBx21mEj/lxz3xJ97r3MPqM0KZdwL863jT7JkCD2SPw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LiSO7baha5GGNJ1GZFr1DSqfRUjzUP8+7zc1/SwCVKd6ILUVuydUQBSoQnCQ98rZ9JAp4ZkgT9Hm2ALIIiGGew8CV9+jLeGYkMH9//cS92Lw8c0GX5Ca1cwoa4XiZ7eD7RnfiI+D4SQOkk1H3G1B8EHYZBOM53ey1Q4bai0sMCxYJiPJpt8fI11mVkZyDWoIUFQll5frwBWFGMA5o70XsW1lV+cIuiURk2KE0CnBedH/mfzhE7+9J9Xex5uCzWadZnWLNac8wtDsvGdL+VUIEiifPS7XwpGDxQLIi9sRUNwm1Lhiy+h0zySRf6+zjIRrDK2CfQFxtCRhGtqdqzbxXA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 06 Dec 2021 11:07:25 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 26.11.2021 17:38, Andrew Cooper wrote:
> --- a/xen/arch/x86/efi/stub.c
> +++ b/xen/arch/x86/efi/stub.c
> @@ -11,6 +11,8 @@
>  #include <efi/efidevp.h>
>  #include <efi/efiapi.h>
>  
> +bool __initdata efi_no_cet_ibt;

I'm having trouble seeing what this is needed for - when this file gets
built, neither boot.c nor runtime.c will get compiled, and hence there
should not be any reference to the symbol that needs satisfying.

> @@ -735,6 +736,14 @@ static void __init efi_init(EFI_HANDLE ImageHandle, 
> EFI_SYSTEM_TABLE *SystemTabl
>  
>      StdOut = SystemTable->ConOut;
>      StdErr = SystemTable->StdErr ?: StdOut;
> +
> +#ifdef CONFIG_X86

CONFIG_XEN_IBT?

> +    /*
> +     * Heuristic.  Look under an arbitrary function pointer to see if UEFI 
> was
> +     * compiled with CET-IBT support.  Experimentally some are not.
> +     */
> +    efi_no_cet_ibt = !is_endbr64(efi_rs->GetTime);

I'm afraid I consider this insufficient. Even if the core EFI was built
with IBT support, some driver may not have been. Hence I think there
needs to be a command line control to force turning off IBT. The only
question is whether we want to also honor its positive form - that
would, afaict, be a recipe for a guaranteed crash if used wrongly (and
it would be meaningless when used on IBT-aware firmware).

Not only in context of such a command line option I'm also inclined to
suggest to invert the polarity of the variable, naming it "efi_cet_ibt"
(and the command line sub-option "no-ibt" or "no-cet-ibt").

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.