Commit cf1d2ffc authored by Ard Biesheuvel's avatar Ard Biesheuvel
Browse files

efi: Discover BTI support in runtime services regions 



Add the generic plumbing to detect whether or not the runtime code
regions were constructed with BTI/IBT landing pads by the firmware,
permitting the OS to enable enforcement when mapping these regions into
the OS's address space.

Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
parent b0048092

arch/arm/include/asm/efi.h

+1 −1
Original line number Diff line number Diff line
@@ -20,7 +20,7 @@ void efi_init(void); 
void arm_efi_init(void);



int efi_create_mapping(struct mm_struct *mm, efi_memory_desc_t *md);

int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md);

int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md, bool);



#define arch_efi_call_virt_setup()	efi_virtmap_load()

#define arch_efi_call_virt_teardown()	efi_virtmap_unload()

arch/arm/kernel/efi.c

+3 −2
Original line number Diff line number Diff line
@@ -23,7 +23,8 @@ static int __init set_permissions(pte_t *ptep, unsigned long addr, void *data) 
}



int __init efi_set_mapping_permissions(struct mm_struct *mm,

				       efi_memory_desc_t *md)

				       efi_memory_desc_t *md,

				       bool ignored)

{

	unsigned long base, size;
@@ -71,7 +72,7 @@ int __init efi_create_mapping(struct mm_struct *mm, efi_memory_desc_t *md) 
	 * If stricter permissions were specified, apply them now.

	 */

	if (md->attribute & (EFI_MEMORY_RO | EFI_MEMORY_XP))

		return efi_set_mapping_permissions(mm, md);

		return efi_set_mapping_permissions(mm, md, false);

	return 0;

}

arch/arm64/include/asm/efi.h

+2 −1
Original line number Diff line number Diff line
@@ -27,7 +27,8 @@ bool efi_runtime_fixup_exception(struct pt_regs *regs, const char *msg) 
#endif



int efi_create_mapping(struct mm_struct *mm, efi_memory_desc_t *md);

int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md);

int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md,

				bool has_bti);



#define arch_efi_call_virt_setup()					\

({									\

arch/arm64/kernel/efi.c

+2 −1
Original line number Diff line number Diff line
@@ -110,7 +110,8 @@ static int __init set_permissions(pte_t *ptep, unsigned long addr, void *data) 
}



int __init efi_set_mapping_permissions(struct mm_struct *mm,

				       efi_memory_desc_t *md)

				       efi_memory_desc_t *md,

				       bool has_bti)

{

	BUG_ON(md->type != EFI_RUNTIME_SERVICES_CODE &&

	       md->type != EFI_RUNTIME_SERVICES_DATA);

arch/riscv/include/asm/efi.h

+1 −1
Original line number Diff line number Diff line
@@ -19,7 +19,7 @@ extern void efi_init(void); 
#endif



int efi_create_mapping(struct mm_struct *mm, efi_memory_desc_t *md);

int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md);

int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md, bool);



#define arch_efi_call_virt_setup()      ({		\

		sync_kernel_mappings(efi_mm.pgd);	\