On Fri, Jan 26, 2018 at 05:06:42PM +0000, Ard Biesheuvel wrote: > On 26 January 2018 at 17:05, Will Deacon <will.deacon@xxxxxxx> wrote: > > On Thu, Jan 25, 2018 at 10:31:31AM +0000, Ard Biesheuvel wrote: > >> Now that all UEFI runtime service wrappers ensure that byref > >> arguments are moved into the UEFI marshalling buffer (which > >> is not part of the kernel mapping), we can proceed and unmap > >> the kernel while UEFI runtime service calls are in progress. > >> > >> This is done by setting the EPD1 bit and flushing the TLB of > >> the local CPU. This makes it independent of KPTI or whether > >> non-global mappings are being used. > > > > One snag with this is that it will break SPE, so I'd prefer this behaviour > > to be predicated on kpti so that the arm64_kernel_unmapped_at_el0() check > > in drivers/perf/arm_spe_pmu.c remains valid. > > > > The problem with that is that they serve two different purposes: kpti > protects against meltdown, this protects against Spectre variant 1. Fair enough, but we should do something because it renders SPE unusable and it can be a really handy profiling feature. Having the new EFI behaviour optional in some way would be my preference. Will -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
