[PATCH v3] efi: implement mandatory locking for UEFI Runtime Services

[Matt Fleming]

On Mon, 04 Aug, at 05:05:53PM, Ard Biesheuvel wrote:
> 
> I think that makes sense. As I said, I don't have a strong preference
> either way regarding the NMI handling, as it does not affect the
> systems I am primarily concerned with (and it sounds like a big hack
> anyway). What I /am/ concerned with is not getting code into the
> kernel that turns out to be non-compliant a couple of months down the
> road and having to fix it urgently then.

Right, that's a valid concern.
 
> So other than GetVariable and SetVariable, or there any other services
> that need the NMI treatment?

The one and only (potential) NMI-context caller of EFI runtime services
is efi_pstore_write(), which calls (as part of efivar_entry_set_safe())
QueryVariableInfo() and SetVariable().

-- 
Matt Fleming, Intel Open Source Technology Center