|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PATCH 64/65] x86/efi: Disable CET-IBT around Runtime Services calls
At least one TigerLake NUC has UEFI firmware which isn't CET-IBT compatible.
Read under a function pointer to see whether an endbr64 instruction is
present, and use this as a heuristic.
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
CC: Wei Liu <wl@xxxxxxx>
This was disappointing to discover. I've pestered some folk and maybe
something will improve in due course, but it remains an open question how best
to discover that Runtime Services are CET-IBT compatible.
---
xen/arch/x86/efi/stub.c | 2 ++
xen/common/efi/boot.c | 6 ++++++
xen/common/efi/runtime.c | 17 +++++++++++++++++
xen/include/xen/efi.h | 1 +
4 files changed, 26 insertions(+)
diff --git a/xen/arch/x86/efi/stub.c b/xen/arch/x86/efi/stub.c
index 998493262641..5e44913e52db 100644
--- a/xen/arch/x86/efi/stub.c
+++ b/xen/arch/x86/efi/stub.c
@@ -11,6 +11,8 @@
#include <efi/efidevp.h>
#include <efi/efiapi.h>
+bool __initdata efi_no_cet_ibt;
+
/*
* Here we are in EFI stub. EFI calls are not supported due to lack
* of relevant functionality in compiler and/or linker.
diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c
index f5af71837d5a..2c7f86f4f534 100644
--- a/xen/common/efi/boot.c
+++ b/xen/common/efi/boot.c
@@ -735,6 +735,12 @@ static void __init efi_init(EFI_HANDLE ImageHandle,
EFI_SYSTEM_TABLE *SystemTabl
StdOut = SystemTable->ConOut;
StdErr = SystemTable->StdErr ?: StdOut;
+
+ /*
+ * Heuristic. Look under an arbitrary function pointer to see if UEFI was
+ * compiled with CET-IBT support. Experimentally some are not.
+ */
+ efi_no_cet_ibt = memcmp(efi_rs->GetTime, "\xf3\x0f\x1e\xfa", 4) != 0;
}
static void __init efi_console_set_mode(void)
diff --git a/xen/common/efi/runtime.c b/xen/common/efi/runtime.c
index d2fdc28df3e0..ef54863542db 100644
--- a/xen/common/efi/runtime.c
+++ b/xen/common/efi/runtime.c
@@ -21,6 +21,7 @@ struct efi_rs_state {
* don't strictly need that.
*/
unsigned long __aligned(32) cr3;
+ unsigned long msr_s_cet;
#endif
};
@@ -61,6 +62,7 @@ UINTN __read_mostly efi_apple_properties_len;
/* Bit field representing available EFI features/properties. */
unsigned int efi_flags;
+bool __read_mostly efi_no_cet_ibt;
struct efi __read_mostly efi = {
.acpi = EFI_INVALID_TABLE_ADDR,
@@ -113,6 +115,17 @@ struct efi_rs_state efi_rs_enter(void)
switch_cr3_cr4(mfn_to_maddr(efi_l4_mfn), read_cr4());
+ /*
+ * If UEFI doesn't appear to be CET-IBT compatible, stash and clobber
+ * ENDBR_EN. Always read the current CET setting, because CET-SS isn't
+ * configured until very late on the BSP.
+ */
+ if ( cpu_has_xen_ibt && efi_no_cet_ibt )
+ {
+ rdmsrl(MSR_S_CET, state.msr_s_cet);
+ wrmsrl(MSR_S_CET, state.msr_s_cet & ~CET_ENDBR_EN);
+ }
+
return state;
}
@@ -122,6 +135,10 @@ void efi_rs_leave(struct efi_rs_state *state)
if ( !state->cr3 )
return;
+
+ if ( state->msr_s_cet )
+ wrmsrl(MSR_S_CET, state->msr_s_cet);
+
switch_cr3_cr4(state->cr3, read_cr4());
if ( is_pv_vcpu(curr) && !is_idle_vcpu(curr) )
{
diff --git a/xen/include/xen/efi.h b/xen/include/xen/efi.h
index 94a7e547f97b..8c14f7f18718 100644
--- a/xen/include/xen/efi.h
+++ b/xen/include/xen/efi.h
@@ -30,6 +30,7 @@ union compat_pf_efi_info;
struct xenpf_efi_runtime_call;
struct compat_pf_efi_runtime_call;
+extern bool efi_no_cet_ibt;
bool efi_enabled(unsigned int feature);
void efi_init_memory(void);
--
2.11.0
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |