diff options
| author | Peter Zijlstra <peterz@infradead.org> | 2022-03-08 16:30:38 +0100 |
|---|---|---|
| committer | Peter Zijlstra <peterz@infradead.org> | 2022-03-15 10:32:40 +0100 |
| commit | fe379fa4d199abc52d5b4a256e52cf94eff685cf (patch) | |
| tree | 4466b0d16bc23c3b36f574ef17113bb3cbcfd497 /arch/x86/include | |
| parent | 99c95c5d4f1027130d555fdb27b576520894827d (diff) | |
x86/ibt: Disable IBT around firmware
Assume firmware isn't IBT clean and disable it across calls.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lore.kernel.org/r/20220308154318.759989383@infradead.org
Diffstat (limited to 'arch/x86/include')
| -rw-r--r-- | arch/x86/include/asm/efi.h | 9 | ||||
| -rw-r--r-- | arch/x86/include/asm/ibt.h | 6 |
2 files changed, 13 insertions, 2 deletions
diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h index 03cb12775043..98938a68251c 100644 --- a/arch/x86/include/asm/efi.h +++ b/arch/x86/include/asm/efi.h @@ -7,6 +7,7 @@ #include <asm/tlb.h> #include <asm/nospec-branch.h> #include <asm/mmu_context.h> +#include <asm/ibt.h> #include <linux/build_bug.h> #include <linux/kernel.h> #include <linux/pgtable.h> @@ -120,8 +121,12 @@ extern asmlinkage u64 __efi_call(void *fp, ...); efi_enter_mm(); \ }) -#define arch_efi_call_virt(p, f, args...) \ - efi_call((void *)p->f, args) \ +#define arch_efi_call_virt(p, f, args...) ({ \ + u64 ret, ibt = ibt_save(); \ + ret = efi_call((void *)p->f, args); \ + ibt_restore(ibt); \ + ret; \ +}) #define arch_efi_call_virt_teardown() \ ({ \ diff --git a/arch/x86/include/asm/ibt.h b/arch/x86/include/asm/ibt.h index fcaf6a41d373..52fb05d66489 100644 --- a/arch/x86/include/asm/ibt.h +++ b/arch/x86/include/asm/ibt.h @@ -52,6 +52,9 @@ static inline bool is_endbr(u32 val) return val == gen_endbr(); } +extern __noendbr u64 ibt_save(void); +extern __noendbr void ibt_restore(u64 save); + #else /* __ASSEMBLY__ */ #ifdef CONFIG_X86_64 @@ -74,6 +77,9 @@ static inline bool is_endbr(u32 val) static inline bool is_endbr(u32 val) { return false; } +static inline u64 ibt_save(void) { return 0; } +static inline void ibt_restore(u64 save) { } + #else /* __ASSEMBLY__ */ #define ENDBR |