[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 69/70] x86/efi: Disable CET-IBT around Runtime Services calls

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 15 Feb 2022 17:53:35 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=b8F0MgvW7RpJXh1waPLI80VrIznjq+BPIlelFky06mU=; b=nO1WrzzaGiYxfEF29OskjXxhuRNOmZAsKopYJxj5oLKCtRduPehJiXls7PP8bNH7+rmdomyj+qLtMeyEmHrgMSRwLq0Q0Sicjg9mKwj2zbmu4O/UpcOrS916fTwBaNTxXnh9bF8leNXBtRL6heu4IRFw5shivImo7GA5dAwWcs7QDufP4bsF5RpeVgxZmxBCqxryFNZI3ulGPdVbmCfNmHsu0X8Pohw2RrGrXiOktJRQY6GR4B+T5XutvS9QveXldQGJlOU97LVdr2J4MMfkWZNLej5E2l+TIQW4zI/BJBCCEwD9z/KlZfgSEdtJJ/lLQxnXSP7QIAWwlmcv5p6zMA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NVZlorzwaXExJYQ6AKnQujOVqjdkpiNsdNi++avTUAWLxKHqK9WtYAwIuWsIR0kp8NESl6me90eIbm25U8JspSQQlhl4BMcSzbL37QSjJ0tnrG8tM2rNNq6bfO6nv+INsAteG1gI0YZKCYsai69daI1N/YAKjvm+D1iYKuRZSfpkjepWKAhXY7CACpuMEn+pYWqgBuOaEPOMOozi80vTUl6Yw3rvCTqmdTLEIz0ZPR/8PinEoO+m3Un7ZsG8fCEqF8XLyELrYzC2DVczLJuWF6ch9F/eei9BtBY7573evzJf5OrxLcE9DuIxJv4+ToleLqqf5ljFBWEPZRvL4xxyPw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 15 Feb 2022 16:53:47 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 14.02.2022 13:51, Andrew Cooper wrote:
> UEFI Runtime services, at the time of writing, aren't CET-IBT compatible.
> Work is ongoing to address this. In the meantime, unconditionally disable IBT.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>

> --- a/xen/common/efi/runtime.c
> +++ b/xen/common/efi/runtime.c
> @@ -21,6 +21,7 @@ struct efi_rs_state {
>    * don't strictly need that.
>    */
>   unsigned long __aligned(32) cr3;
> +    unsigned long msr_s_cet;
>  #endif
>  };

The latest with the next addition here we will probably want to ...

> @@ -113,6 +114,19 @@ struct efi_rs_state efi_rs_enter(void)

... no longer have this be the function's return type.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.