[PATCH v2 0/3] efi: Enable BTI for EFI runtimes services
Ard Biesheuvel
ardb at kernel.org
Mon Feb 6 04:49:35 PST 2023
The EFI spec v2.10 introduces a global flag in the memory attributes
table that indicates whether the EFI runtime code regions were emitted
with BTI landing pads, and can therefore tolerate being mapped with BTI
enforcement enabled.
Add the generic plumbing for this, and wire it up for arm64.
Changes since v1:
- enable BTI in UEFI code regions even if CONFIG_ARM64_BIT_KERNEL=n
- deal with BTI exceptions occuring in EFI code gracefully
- add equivalent handling to x86
- add Kees's R-b
Cc: Catalin Marinas <catalin.marinas at arm.com>
Cc: Will Deacon <will at kernel.org>
Cc: Kees Cook <keescook at chromium.org>
Cc: Mark Rutland <mark.rutland at arm.com>
Cc: Peter Zijlstra <peterz at infradead.org>
Cc: Thomas Gleixner <tglx at linutronix.de>
Cc: Ingo Molnar <mingo at redhat.com>
Cc: Borislav Petkov <bp at alien8.de>
Cc: Dave Hansen <dave.hansen at linux.intel.com>
Ard Biesheuvel (3):
efi: Discover BTI support in runtime services regions
efi: arm64: Wire up BTI annotation in memory attributes table
efi: x86: Wire up IBT annotation in memory attributes table
arch/arm/include/asm/efi.h | 2 +-
arch/arm/kernel/efi.c | 5 +++--
arch/arm64/include/asm/efi.h | 3 ++-
arch/arm64/kernel/efi.c | 17 ++++++++++++++---
arch/arm64/kernel/traps.c | 6 ++++++
arch/riscv/include/asm/efi.h | 2 +-
arch/riscv/kernel/efi.c | 3 ++-
arch/x86/include/asm/efi.h | 4 +++-
arch/x86/include/asm/ibt.h | 4 ++--
arch/x86/kernel/apm_32.c | 4 ++--
arch/x86/kernel/cpu/common.c | 5 +++--
arch/x86/platform/efi/efi_64.c | 8 +++++++-
drivers/firmware/efi/memattr.c | 7 ++++++-
include/linux/efi.h | 8 ++++++--
14 files changed, 58 insertions(+), 20 deletions(-)
--
2.39.1
More information about the linux-arm-kernel
mailing list