Re: [PATCH] efi/arm: Disable LPAE PAN when calling EFI runtime services

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jun 10, 2024 at 2:24 PM Ard Biesheuvel <ardb+git@xxxxxxxxxx> wrote:

> From: Ard Biesheuvel <ardb@xxxxxxxxxx>
>
> EFI runtime services are remapped into the lower 1 GiB of virtual
> address space at boot, so they are guaranteed to be able to co-exist
> with the kernel virtual mappings without the need to allocate space for
> them in the kernel's vmalloc region, which is rather small.
>
> This means those mappings are covered by TTBR0 when LPAE PAN is enabled,
> and so 'user' access must be enabled while such calls are in progress.
>
> To avoid the need to refactor the code that is shared between ARM, arm64
> and other EFI architectures, fold this into efi_set_pgd(). Given that
> EFI runtime services are serialized and not pre-emptible, storing the
> flags into a global variable is reasonable here - efi_set_pgd() calls
> will always occur in pairs on a single CPU.
>
> Cc: Kees Cook <keescook@xxxxxxxxxxxx>
> Cc: Linus Walleij <linus.walleij@xxxxxxxxxx>
> Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>

Makes sense to me! Thanks for looking into this.
Reviewed-by: Linus Walleij <linus.walleij@xxxxxxxxxx>

Yours,
Linus Walleij





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux