lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YkYA/Wpqa/PMczkp@lx-t490>
Date:   Thu, 31 Mar 2022 21:29:01 +0200
From:   "Ahmed S. Darwish" <a.darwish@...utronix.de>
To:     Ard Biesheuvel <ardb@...nel.org>
Cc:     Javier Martinez Canillas <javierm@...hat.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-efi <linux-efi@...r.kernel.org>,
        Brian Masney <bmasney@...hat.com>,
        Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
        Al Stone <ahs3@...hat.com>,
        Peter Robinson <pbrobinson@...il.com>,
        Robbie Harwood <rharwood@...hat.com>,
        Peter Jones <pjones@...hat.com>,
        Alexander Larsson <alexl@...hat.com>,
        Andrew Halaney <ahalaney@...hat.com>,
        linux-rt-users@...r.kernel.org,
        Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH v2] efi: Allow to enable EFI runtime services by default
 on RT

Hi Ard, Javier,

Am Do, Mar 31, 2022, schrieb Ard Biesheuvel:
> On Thu, 31 Mar 2022 at 17:17, Javier Martinez Canillas
> <javierm@...hat.com> wrote:
> >
> > Commit d9f283ae71af ("efi: Disable runtime services on RT") disabled EFI
> > runtime services by default when the CONFIG_PREEMPT_RT option is enabled.
> >
> > The rationale for that commit is that some EFI calls could take too much
> > time, leading to large latencies which is an issue for Real-Time kernels.
> >
> > But a side effect of that change was that now is not possible anymore to
> > enable the EFI runtime services by default when CONFIG_PREEMPT_RT is set,
> > without passing an efi=runtime command line parameter to the kernel.
> >
> > Instead, let's add a new EFI_DISABLE_RUNTIME boolean Kconfig option, that
> > would be set to n by default but to y if CONFIG_PREEMPT_RT is enabled.
> >
> > That way, the current behaviour is preserved but gives users a mechanism
> > to enable the EFI runtimes services in their kernels if that is required.
> > For example, if the firmware could guarantee bounded time for EFI calls.
> >
> > Also, having a separate boolean config could allow users to disable the
> > EFI runtime services by default even when CONFIG_PREEMPT_RT is not set.
> >
> > Reported-by: Alexander Larsson <alexl@...hat.com>
> > Fixes: d9f283ae71af ("efi: Disable runtime services on RT")
> > Signed-off-by: Javier Martinez Canillas <javierm@...hat.com>
> > ---
> >
> > Changes in v2:
> > - Improve commit description to make clear the motivation for the change
> >   (Sebastian Andrzej Siewior).
> >
>
> This looks ok to me. I'll queue this up once the merge window closes.
>

In case of (CONFIG_PREEMPT_RT=y && CONFIG_EFI_DISABLE_RUNTIME=n),
shouldn't we add a small message in the kernel log warning that EFI
runtime services are enabled for the RT kernel?

In almost all HW, except custom ones with "verified" firmware, such a
warning would be useful... This is especially true since in the embedded
domain, manually-configured RT kernels are almost always the norm.

Thanks,

--
Ahmed S. Darwish
Linutronix GmbH | Bahnhofstrasse 3 | D-88690 Uhldingen-Mühlhofen
Phone: +49 7556 25 999 31; Fax.: +49 7556 25 999 99

Hinweise zum Datenschutz finden Sie hier (Informations on data privacy
can be found here): https://linutronix.de/kontakt/Datenschutz.php

Linutronix GmbH | Firmensitz (Registered Office): Uhldingen-Mühlhofen |
Registergericht (Registration Court): Amtsgericht Freiburg i.Br., HRB700
806 | Geschäftsführer (Managing Directors): Heinz Egger, Thomas Gleixner

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ