On Fri, 2 Dec 2022 at 00:47, Ard Biesheuvel <ardb@xxxxxxxxxx> wrote: > > On Fri, 2 Dec 2022 at 00:45, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > > > On Mon, Nov 28, 2022 at 10:49:39AM +0100, Ard Biesheuvel wrote: > > > Prevent abuse of the runtime service wrapper code by avoiding restoring > > > the shadow call stack pointer from the ordinary stack, or the stack > > > pointer itself from a GPR. Also, given that the exception recovery > > > routine is never called in an ordinary way, it doesn't need BTI landing > > > pads so it can be SYM_CODE rather than SYM_FUNC. > > > > Does this mean x18 is now being spilled to the stack? (Do we already > > spill it in other places?) > > > > I've found a better way of addressing this, by moving this code out of > the kernel .text mapping entirely, and only mapping it executable in > the EFI page tables (which are only active while a runtime service > call is in progress, and only on a single CPU running with preemption > disabled) > > https://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git/commit/?id=47f68266d6ad94860c6cd9d2145cb91350b47e43 And to answer your question: yes, x18 is currently spllled to the stack in both of those routines. I've reverted the patch that added the second one (which was only added this cycle). The other one needs a fix going to -stable, so I'll backport the patch I quoted above once it hits linus's tree.