Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp1387442pxb; Fri, 20 Aug 2021 04:35:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy3B2Fcx3i7SE1IkHb8xhwaPVkio/wH9//9IxeoF2Nr4hGS9PwpapQ6uPs12dvH4QN2A+XA X-Received: by 2002:aa7:c1c4:: with SMTP id d4mr21559397edp.301.1629459317752; Fri, 20 Aug 2021 04:35:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629459317; cv=none; d=google.com; s=arc-20160816; b=B7DARoYNRtY1fMH7TiVjjZXfdNkAkbtNid3giKAXRgRCi9LQ12Z7WzFAuHtzX03Q6w /ngGPu0YhMGU4W9+RjXTj41KZ6hGRMN0qLxIce89r67fuZYP4XX9Ji/RrGi/VlGn7fve 0uuqjd2GfxqntOFRk+MNDrR37EgkA1UbpzaSnBXzPVsg7ov8umcOrCvvWGb/soEjjWDL 1MlbAVtho05SABfLAAlp/8V6RZscv7CjqGZlmXN7wYHpm01T2RfAdWqcCjEh3nQLdD9Y iHk6QmLdS1HWCTTYjjgiVdhT6nZ52RP2bYTC2Lz6bHn5AhHtAxwiQHJNmeIliNkc+5rm x/FA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=KQXkS9mXnPZ+2hdBi04FLv6M0CuQq8GXP59msSXono0=; b=AAwN37x8lnkYi3kwEP5YVblGBm5K64Pei3At68WBmvsWRjTUWjN4oR72dV7P0jLGYz GMMeAh5fq+6KFnmovA1hq0X0+GZEjFmHIV9g0rBntiZvIgDTTUXKA/AKoZpdN9oRUSQr ebIAj3ygD1Eg2V6eoNjpS0+jFvA7Swz97OY+lzBOMcoo5ikhkbdNnUMUBLS8nMup8Q8z V2pUrCaZMJHhWHXqRIm/tBa4inQ5+KQDO+JJzzFwdf2llr3etRIee0QwTQCj7iI39Aeq 2ep8FMii+fyFPVSfpk7nGGw/6c78CA+K+ztR+r0fV4zvwIqkDSKUDaV3HiNHml8klvRD bKOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=lpyvJeyA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id by8si6227765edb.111.2021.08.20.04.34.40; Fri, 20 Aug 2021 04:35:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=lpyvJeyA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239257AbhHTLc0 (ORCPT + 99 others); Fri, 20 Aug 2021 07:32:26 -0400 Received: from mail.kernel.org ([198.145.29.99]:47038 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237382AbhHTLc0 (ORCPT ); Fri, 20 Aug 2021 07:32:26 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 71ABD610CC; Fri, 20 Aug 2021 11:31:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1629459108; bh=KQXkS9mXnPZ+2hdBi04FLv6M0CuQq8GXP59msSXono0=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=lpyvJeyAhrYPFiN9a/qVPoEMLPuQOxMgpHSuB8t1hOgSqRsyY6Tm9alMOMCMQxd3X nLOPqx9WowKNRhamGBcFQZf9zJFzFUS9eHBKNdei/Py7k4qen+pNhj2/rmRbHqHslp 8DJh4vDGfz4lhQDl1OcOHxla69u74UKngfAsohCXparbuSJ/g0Mfyb84pk6UrnkjLA 3XN0ojtv5qRKZkf8ADbm4530ztpIlQQUdgtSLm26mFUbcJ9xnMetmzP4+FZWbG+lz1 uqHeWWNpBxhbnHxTJZq6nHlJVOQRe1LSfsupGR8GtlUJkyOZqXJ0kBY/mCoLuEIQoi q6TzX+cIgHNIQ== Received: by mail-ot1-f54.google.com with SMTP id w22-20020a056830411600b0048bcf4c6bd9so12740327ott.8; Fri, 20 Aug 2021 04:31:48 -0700 (PDT) X-Gm-Message-State: AOAM53236kv4A4+QcJROj1ww1llUKXMUzD2j2UbHydIiQHLZcj9Jmymk SEHo6v52mcpIAM0etZYp1foXh9ZmKXa3EdC9zHA= X-Received: by 2002:a9d:5c2:: with SMTP id 60mr15903635otd.77.1629459107634; Fri, 20 Aug 2021 04:31:47 -0700 (PDT) MIME-Version: 1.0 References: <20210820073429.19457-1-joro@8bytes.org> In-Reply-To: From: Ard Biesheuvel Date: Fri, 20 Aug 2021 13:31:36 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] x86/efi: Restore Firmware IDT in before ExitBootServices() To: Joerg Roedel Cc: David Laight , "x86@kernel.org" , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "hpa@zytor.com" , Joerg Roedel , Kees Cook , Andy Lutomirski , Uros Bizjak , Arvind Sankar , "linux-kernel@vger.kernel.org" , Fabio Aiuto , "stable@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 20 Aug 2021 at 12:19, Joerg Roedel wrote: > > On Fri, Aug 20, 2021 at 09:02:46AM +0000, David Laight wrote: > > So allocate and initialise the Linux IDT - so entries can be added. > > But don't execute 'lidt' until later on. > > The IDT is needed in this path to handle #VC exceptions caused by CPUID > instructions. So loading the IDT later is not an option. > That does raise a question, though. Does changing the IDT interfere with the ability of the UEFI boot services to receive and handle the timer interrupt? Because before ExitBootServices(), that is owned by the firmware, and UEFI heavily relies on it for everything (event handling, polling mode block/network drivers, etc) If restoring the IDT temporarily just papers over this by creating tiny windows where the timer interrupt starts working again, this is bad, and we need to figure out another way to address the original problem.