[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 03 Mar 2022 17:15:46 +0300
From: baskov@...ras.ru
To: Ard Biesheuvel <ardb@...nel.org>
Cc: Matthew Garrett <mjg59@...f.ucam.org>,
Peter Jones <pjones@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
X86 ML <x86@...nel.org>, linux-efi <linux-efi@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH RFC v2 0/2] Handle UEFI NX-restricted page tables
On 2022-02-28 19:45, Ard Biesheuvel wrote:
> (cc Matt and Peter)
>
>
> Thanks for exploring my suggestion to use the DXE services for this.
>
> Given that this is a workaround for a very specific issue arising on
> PI based implementations of UEFI, I consider this a quirk, and so I
> think this approach is reasonable. I'd still like to gate it on some
> kind of identification, though - perhaps something related to DMI like
> the x86 core kernel does as well.
>
> I've cc'ed Peter and Matt, who have much more experience dealing with
> these kinds of things on x86 - my experience is mostly based on ARM,
> which tends to be less quirky when it comes to UEFI support, given
> that vendors that implement EFI actually care about being compliant
> (instead of only about getting a windows sticker)
>
> Matt, Peter, any thoughts?
>
>
>> Baskov Evgeniy (2):
>> efi: declare DXE services table
>> libstub: ensure allocated memory to be executable
>>
>> arch/x86/include/asm/efi.h | 5 ++
>> drivers/firmware/efi/libstub/efistub.h | 53 ++++++++++++++++++++
>> drivers/firmware/efi/libstub/x86-stub.c | 73
>> ++++++++++++++++++++++++++--
>> include/linux/efi.h | 2 +
>> 4 files changed, 128 insertions(+), 5 deletions(-)
We now have tested the patch on major platforms, and it works without
any
issues. But in case of firmware bugs I have changed the code to only
modify attributes if either EFI_MEMORY_RO or EFI_MEMORY_WP is set and
the memory has type EfiGcdMemoryTypeSystemMemory.
I also added option CONFIG_EFI_DXE_MEM_ATTRIBUTES (enabled by default),
to allow this code to be disabled at compile time.
These changes will be sent in version 3 of the patch.
Thanks,
Baskov Evgeniy
Powered by blists - more mailing lists