| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 31 Mar 2022 21:29:01 +0200
From: "Ahmed S. Darwish" <a.darwish@...utronix.de>
To: Ard Biesheuvel <ardb@...nel.org>
Cc: Javier Martinez Canillas <javierm@...hat.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
linux-efi <linux-efi@...r.kernel.org>,
Brian Masney <bmasney@...hat.com>,
Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
Al Stone <ahs3@...hat.com>,
Peter Robinson <pbrobinson@...il.com>,
Robbie Harwood <rharwood@...hat.com>,
Peter Jones <pjones@...hat.com>,
Alexander Larsson <alexl@...hat.com>,
Andrew Halaney <ahalaney@...hat.com>,
linux-rt-users@...r.kernel.org,
Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH v2] efi: Allow to enable EFI runtime services by default
on RT
Hi Ard, Javier,
Am Do, Mar 31, 2022, schrieb Ard Biesheuvel:
> On Thu, 31 Mar 2022 at 17:17, Javier Martinez Canillas
> <javierm@...hat.com> wrote:
> >
> > Commit d9f283ae71af ("efi: Disable runtime services on RT") disabled EFI
> > runtime services by default when the CONFIG_PREEMPT_RT option is enabled.
> >
> > The rationale for that commit is that some EFI calls could take too much
> > time, leading to large latencies which is an issue for Real-Time kernels.
> >
> > But a side effect of that change was that now is not possible anymore to
> > enable the EFI runtime services by default when CONFIG_PREEMPT_RT is set,
> > without passing an efi=runtime command line parameter to the kernel.
> >
> > Instead, let's add a new EFI_DISABLE_RUNTIME boolean Kconfig option, that
> > would be set to n by default but to y if CONFIG_PREEMPT_RT is enabled.
> >
> > That way, the current behaviour is preserved but gives users a mechanism
> > to enable the EFI runtimes services in their kernels if that is required.
> > For example, if the firmware could guarantee bounded time for EFI calls.
> >
> > Also, having a separate boolean config could allow users to disable the
> > EFI runtime services by default even when CONFIG_PREEMPT_RT is not set.
> >
> > Reported-by: Alexander Larsson <alexl@...hat.com>
> > Fixes: d9f283ae71af ("efi: Disable runtime services on RT")
> > Signed-off-by: Javier Martinez Canillas <javierm@...hat.com>
> > ---
> >
> > Changes in v2:
> > - Improve commit description to make clear the motivation for the change
> > (Sebastian Andrzej Siewior).
> >
>
> This looks ok to me. I'll queue this up once the merge window closes.
>
In case of (CONFIG_PREEMPT_RT=y && CONFIG_EFI_DISABLE_RUNTIME=n),
shouldn't we add a small message in the kernel log warning that EFI
runtime services are enabled for the RT kernel?
In almost all HW, except custom ones with "verified" firmware, such a
warning would be useful... This is especially true since in the embedded
domain, manually-configured RT kernels are almost always the norm.
Thanks,
--
Ahmed S. Darwish
Linutronix GmbH | Bahnhofstrasse 3 | D-88690 Uhldingen-Mühlhofen
Phone: +49 7556 25 999 31; Fax.: +49 7556 25 999 99
Hinweise zum Datenschutz finden Sie hier (Informations on data privacy
can be found here): https://linutronix.de/kontakt/Datenschutz.php
Linutronix GmbH | Firmensitz (Registered Office): Uhldingen-Mühlhofen |
Registergericht (Registration Court): Amtsgericht Freiburg i.Br., HRB700
806 | Geschäftsführer (Managing Directors): Heinz Egger, Thomas Gleixner
Powered by blists - more mailing lists