Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp1271930pxb; Fri, 20 Aug 2021 01:46:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwBiOvICYYnObUfx8tgv9ABP00YUuaqUflWppGdo9StXlP3LaJ1ymyrXu3AmewO+vfN+/FC X-Received: by 2002:a6b:f416:: with SMTP id i22mr15003572iog.162.1629449173208; Fri, 20 Aug 2021 01:46:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629449173; cv=none; d=google.com; s=arc-20160816; b=INrsZdBpTARYbHhItDYSCv8OP6DVGiYRJXTilDXJhqB8+6grFJ8N6s2MRYMTsPPZw4 NkomKLHiTNEwhZg0I5PY4gqz7T44Mp97q8FYoJFKXIuXW4hBaX078gFto/3xj9d2dGLP uFAHkHpP0gEf9LzXXDKxdzSlpiqYZ8pY2dxdXfFWLwnjhgs3WPakgyHTvhizwUwAOaY6 NEqj4SMyNx6h8k4gwQehrh3U18/uoFS7McesnVwb4AAhRQI8jTvOvD2irbD6d4z9JtgV B1ESAMNGtNR7hzB1hzf2SnXuV34uDiNiGAqPhziOug7AiKQSRxpp9LC6OzjqgIC/SmVO BIiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :mime-version:accept-language:in-reply-to:references:message-id:date :thread-index:thread-topic:subject:cc:to:from; bh=Hhm+nNkOJi55iyXoIWk3k7vbbf9+YJNUFrmYVrNeups=; b=mpoPiEQs1p9Oh7pRlusOH2/c15M0igjoRb2kxbc/KZCSRI1gedLvYzdsjuu1beCgF2 Leipg5bkkPZ1KUclEg4kR4KrkJZKwM8n+vJ9zC0MKVPGP7DPJ/IsIfPmm7kvVOFurL/7 zjRZDYwqC69O0Y2xEUHGNaWk1euhNTLxZc69CaQPlp9w5jrPOxcsxHFEB0FXhL5+F5c4 lgP9Y22WSM9DhBL1O6I1hw69ukE4rk1Pa41cN6RX8OHs2X/wWPdOpmXCiUN0xawuPf3Q z3O/idH2yl/pcH4uwKJBf2BW0raTwgzuzBDs5yPtlMzsMs4ZjL5bbB4+O/3GntMM5Vtf baTA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u13si5985538jak.109.2021.08.20.01.46.01; Fri, 20 Aug 2021 01:46:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231757AbhHTIo2 convert rfc822-to-8bit (ORCPT + 99 others); Fri, 20 Aug 2021 04:44:28 -0400 Received: from eu-smtp-delivery-151.mimecast.com ([185.58.85.151]:42803 "EHLO eu-smtp-delivery-151.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229586AbhHTIo2 (ORCPT ); Fri, 20 Aug 2021 04:44:28 -0400 Received: from AcuMS.aculab.com (156.67.243.121 [156.67.243.121]) (Using TLS) by relay.mimecast.com with ESMTP id uk-mta-110-FCV_j8ILPgCNYjXu5aAAwg-1; Fri, 20 Aug 2021 09:43:48 +0100 X-MC-Unique: FCV_j8ILPgCNYjXu5aAAwg-1 Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) by AcuMS.aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) with Microsoft SMTP Server (TLS) id 15.0.1497.23; Fri, 20 Aug 2021 09:43:47 +0100 Received: from AcuMS.Aculab.com ([fe80::994c:f5c2:35d6:9b65]) by AcuMS.aculab.com ([fe80::994c:f5c2:35d6:9b65%12]) with mapi id 15.00.1497.023; Fri, 20 Aug 2021 09:43:47 +0100 From: David Laight To: 'Joerg Roedel' , "x86@kernel.org" CC: Thomas Gleixner , Ingo Molnar , Borislav Petkov , "hpa@zytor.com" , Joerg Roedel , Kees Cook , Andy Lutomirski , Uros Bizjak , Arvind Sankar , Ard Biesheuvel , "linux-kernel@vger.kernel.org" , Fabio Aiuto , "stable@vger.kernel.org" Subject: RE: [PATCH] x86/efi: Restore Firmware IDT in before ExitBootServices() Thread-Topic: [PATCH] x86/efi: Restore Firmware IDT in before ExitBootServices() Thread-Index: AQHXlZXa+jtHdymQB0W1fhKjcUB7Wqt8EPPg Date: Fri, 20 Aug 2021 08:43:47 +0000 Message-ID: References: <20210820073429.19457-1-joro@8bytes.org> In-Reply-To: <20210820073429.19457-1-joro@8bytes.org> Accept-Language: en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.202.205.107] MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=C51A453 smtp.mailfrom=david.laight@aculab.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Joerg Roedel > Sent: 20 August 2021 08:34 > > From: Joerg Roedel > > Commit 79419e13e808 ("x86/boot/compressed/64: Setup IDT in startup_32 > boot path") introduced an IDT into the 32 bit boot path of the > decompressor stub. But the IDT is set up before ExitBootServices() is > called and some UEFI firmwares rely on their own IDT. > > Save the firmware IDT on boot and restore it before calling into EFI > functions to fix boot failures introduced by above commit. Hmmm... If Linux needs its own IDT then temporarily substituting the old IDT prior to a UEFI call will cause 'grief' if a 'Linux' interrupt happens during the UEFI call. So I suspect you just can't make EFI calls after installing the Linux IDT. Looks like UEFI is no better than the traditional BIOS. Great fun trying to reliably switch from 32bit paged to 16bit segmented and back (especially on VIA C3) and discovering that that bios code enables interrupts - so all hell happens in the ISR entry path. It may be that the only safe way to make UEFI calls (after the very initial entry code) is using an emulator. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)