[PATCH] arm64: efi: Make runtime service wrapper more robust
Ard Biesheuvel
ardb at kernel.org
Thu Dec 1 15:47:33 PST 2022
On Fri, 2 Dec 2022 at 00:45, Kees Cook <keescook at chromium.org> wrote:
>
> On Mon, Nov 28, 2022 at 10:49:39AM +0100, Ard Biesheuvel wrote:
> > Prevent abuse of the runtime service wrapper code by avoiding restoring
> > the shadow call stack pointer from the ordinary stack, or the stack
> > pointer itself from a GPR. Also, given that the exception recovery
> > routine is never called in an ordinary way, it doesn't need BTI landing
> > pads so it can be SYM_CODE rather than SYM_FUNC.
>
> Does this mean x18 is now being spilled to the stack? (Do we already
> spill it in other places?)
>
I've found a better way of addressing this, by moving this code out of
the kernel .text mapping entirely, and only mapping it executable in
the EFI page tables (which are only active while a runtime service
call is in progress, and only on a single CPU running with preemption
disabled)
https://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git/commit/?id=47f68266d6ad94860c6cd9d2145cb91350b47e43
More information about the linux-arm-kernel
mailing list