On Tue, 4 Jun 2024 at 23:05, Linus Walleij <linus.walleij@xxxxxxxxxx> wrote:
>
> On Tue, Jun 4, 2024 at 5:56 PM Ard Biesheuvel <ardb+git@xxxxxxxxxx> wrote:
>
> > From: Ard Biesheuvel <ardb@xxxxxxxxxx>
> >
> > The EFI runtime wrappers are a sandbox for calling into EFI runtime
> > services, which are invoked using indirect calls. When running with kCFI
> > enabled, the compiler will require the target of any indirect call to be
> > type annotated.
> >
> > Given that the EFI runtime services prototypes and calling convention
> > are governed by the EFI spec, not the Linux kernel, adding such type
> > annotations for firmware routines is infeasible, and so the compiler
> > must be informed that prototype validation should be omitted.
> >
> > Add the __nocfi annotation at the appropriate places in the EFI runtime
> > wrapper code to achieve this.
> >
> > Note that this currently only affects 32-bit ARM, given that other
> > architectures that support both kCFI and EFI use an asm wrapper to call
> > EFI runtime services, and this hides the indirect call from the
> > compiler.
> >
> > Cc: Kees Cook <keescook@xxxxxxxxxxxx>
> > Cc: Sami Tolvanen <samitolvanen@xxxxxxxxxx>
> > Cc: Linus Walleij <linus.walleij@xxxxxxxxxx>
> > Cc: Nathan Chancellor <nathan@xxxxxxxxxx>
> > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
>
> Thanks for looking into this Ard!
> Reviewed-by: Linus Walleij <linus.walleij@xxxxxxxxxx>
>
> Maybe tag on:
> Fixes: 1a4fec49efe5 ("ARM: 9392/2: Support CLANG CFI")
>
> So it goes into the v6.10-rc:s.
>
Thanks, I've added these and pushed the result to efi/urgent.
