On Fri, 2 Dec 2022 at 00:45, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > On Mon, Nov 28, 2022 at 10:49:39AM +0100, Ard Biesheuvel wrote: > > Prevent abuse of the runtime service wrapper code by avoiding restoring > > the shadow call stack pointer from the ordinary stack, or the stack > > pointer itself from a GPR. Also, given that the exception recovery > > routine is never called in an ordinary way, it doesn't need BTI landing > > pads so it can be SYM_CODE rather than SYM_FUNC. > > Does this mean x18 is now being spilled to the stack? (Do we already > spill it in other places?) > I've found a better way of addressing this, by moving this code out of the kernel .text mapping entirely, and only mapping it executable in the EFI page tables (which are only active while a runtime service call is in progress, and only on a single CPU running with preemption disabled) https://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git/commit/?id=47f68266d6ad94860c6cd9d2145cb91350b47e43