On 25 July 2018 at 19:32, Prakhya, Sai Praneeth <sai.praneeth.prakhya@xxxxxxxxx> wrote: >> I have added some x86/intel folks to cc. >> >> I am fine with these patches, and I think it is useful to be able to detect and >> recover from buggy UEFI implementations that use boot time regions at >> runtime. >> >> However, I need help from the x86 maintainers/developers to review this so >> please cc them on these patches. > > Hi Ard, > > Sure! I will keep them cc'ed. > > Could you also please let me know you thoughts on this approach > > If the illegal access occurs to any EFI region other than EFI boot time regions (Eg: EFI conventional memory or EFI loader code/data), these patches will exit firmware context and return to kernel i.e. we are adjusting RIP and RSP in efi page fault handler and leaving runtime service execution abruptly. Is that OK? > I need the x86 guys to tell me if that is OK. This is essentially an open coded longjmp(), which smells dodgy to me, but this is an x86 question not an EFI question. > This code in "[PATCH RFC 4/8] x86/efi: Add page fault handler to fixup/recover from page faults caused by firmware" > + regs->sp = xmm_regs_rsp; > + regs->ip = exit_fw_ctx_rip; > + exited_fw_ctx = true; > + clear_bit(EFI_RUNTIME_SERVICES, &efi.flags); > + pr_info("Exited Firmware context and disabled EFI Runtime Services\n"); > > AFAIK, efi runtime services are not reentrant. With this in mind, if something like above happens, I have completely turned off EFI runtime services in kernel. Is that OK? Or should we keep them enabled hoping to catch further illegal accesses (assuming that this feature is not used in production kernels). > I think it is reasonable to turn off services after that. The only problem is that distros will never be able to enable this, given that it may break systems that are working fine today. -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html