On Sun, 4 Nov 2018, Sai Praneeth Prakhya wrote: > Ideally, after kernel assumes control of the platform, firmware > shouldn't access EFI boot services code/data regions. But, it's noticed > that this is not so true in many x86 platforms. Hence, during boot, > kernel reserves EFI boot services code/data regions [1] and maps [2] > them to efi_pgd so that call to set_virtual_address_map() doesn't fail. > After returning from set_virtual_address_map(), kernel frees the > reserved regions [3] but they still remain mapped. Hence, introduce > kernel_unmap_pages_in_pgd() which will later be used to unmap EFI boot > services code/data regions. > > While at it modify kernel_map_pages_in_pgd() by > 1. Adding __init modifier because it's always used *only* during boot. > 2. Add a warning if it's used after SMP is initialized because it uses > __flush_tlb_all() which flushes mappings only on current CPU. > > Unmapping EFI boot services code/data regions will result in clearing > PAGE_PRESENT bit and it shouldn't bother L1TF cases because it's already > handled by protnone_mask() at arch/x86/include/asm/pgtable-invert.h. > > [1] efi_reserve_boot_services() > [2] efi_map_region() -> __map_region() -> kernel_map_pages_in_pgd() > [3] efi_free_boot_services() > > Signed-off-by: Sai Praneeth Prakhya <sai.praneeth.prakhya@xxxxxxxxx> > Cc: Borislav Petkov <bp@xxxxxxxxx> > Cc: Ingo Molnar <mingo@xxxxxxxxxx> > Cc: Andy Lutomirski <luto@xxxxxxxxxx> > Cc: Dave Hansen <dave.hansen@xxxxxxxxx> > Cc: Bhupesh Sharma <bhsharma@xxxxxxxxxx> > Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> > Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx> > Cc: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> Reviewed-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
