Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp3650477imw; Mon, 18 Jul 2022 11:59:06 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sOCBbhLblPoqmRKNB1KUTdqiZYLQbOchN1eh/lkuLf/PPRE0cvb1Hl/sCVw8z+TMr2tSTZ X-Received: by 2002:a17:907:d9e:b0:72b:394b:ad34 with SMTP id go30-20020a1709070d9e00b0072b394bad34mr27519954ejc.109.1658170746009; Mon, 18 Jul 2022 11:59:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658170746; cv=none; d=google.com; s=arc-20160816; b=upr9WdJv19uqmWj02YLt5SSAIgHUPiopvvKLetPIBKO1le0b41RGDnZC2goEWQD2P4 ndGbyhQ9aR4o3KgjlsoqaY18WmkO0Is8dNklw+Q9Dni/O3uKsW6KgmOQVjXJZwGvctlO 10Zg0Txz3dDHAuE4YALzUEaAc5wiZTaOPs5JARoiicYYcBx+BAI/eBMiOzfVK4V0Pr3K +LAgwTHFWgzxnGdgmujmtVQh41N0fsPL9nUg5ym7NDngsJ/RB0uR1SHVuwPnKsSF3YDI rdN0Kx3B0OgvWfaACGdk+469H+KTsp/x/24eEISHQQU6pzjEbbP3hPL1kX4pRJAfrT/Y Z9Yg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:dkim-signature; bh=IEi9Vz+G38C+o5hOJ1yrZT3rdapUJkl0ZlusWRAZA3Y=; b=fjGCLU3LR80FyrBeFTCy8Hpnt0zGTWkEbl1tuYmnasN5uQN87uObPBLp245/SF8jyq MwPcKCX9VPFULa8XWcGz3Ee9V2fIEggxMuNiKclbN0N8fMggCzmVyPk8Tllc9/QfDtfC 37cwIRQAw7HuEuz+BgKP4u2maVg9M8ioU/phY1/v0hu91qIABA4/zLP268CWCBS2IsXV M3UPiNI+K0R3yiSlHOqmJqH80i2e5zG60YwgKR68WYoKk+02bL61Q0qn+uiti0yFi71P o9JaucAn3x5rnETBphC/lNpMeRQY8Btr4fIoMDJIsgXn9Pb9sDOFvYr99w45h4eXP8KZ Pszw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=PBmt6395; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=BAT9hQXm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p8-20020a1709061b4800b0072b1433b2e7si12913537ejg.300.2022.07.18.11.58.41; Mon, 18 Jul 2022 11:59:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=PBmt6395; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=BAT9hQXm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234649AbiGRSqi (ORCPT + 99 others); Mon, 18 Jul 2022 14:46:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44962 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230171AbiGRSqh (ORCPT ); Mon, 18 Jul 2022 14:46:37 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2001:67c:2178:6::1d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 11E702E9C9; Mon, 18 Jul 2022 11:46:36 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id B8A6A2077E; Mon, 18 Jul 2022 18:46:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1658169994; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IEi9Vz+G38C+o5hOJ1yrZT3rdapUJkl0ZlusWRAZA3Y=; b=PBmt63953sU4ntvHe/O4lDUWhLNlStCouc89TG1qj4oyRYUikRKLT9nDc7a1FR9noEb7kd 3KTGn3YIqmNBinlxvIhO86rkmN0SuFmWjOauSSA77poxIzTdIx2s0piwJXjyhF47kGzrf5 oovfUqBNs8O5RF6X+Gc5L/rog70oYww= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1658169994; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IEi9Vz+G38C+o5hOJ1yrZT3rdapUJkl0ZlusWRAZA3Y=; b=BAT9hQXmWJEFK31Hvu6iX3BQ2einZEoUKLMmV5WZyxpH8E+RKirOwRW2k81ScjCkAkEycG xm425/Qt6Q7Q39Ag== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 9E9C813A37; Mon, 18 Jul 2022 18:46:34 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id h92nJoqq1WIOMAAAMHmgww (envelope-from ); Mon, 18 Jul 2022 18:46:34 +0000 Date: Mon, 18 Jul 2022 20:46:34 +0200 From: Borislav Petkov To: Linus Torvalds Cc: Peter Zijlstra , Thadeu Lima de Souza Cascardo , Linux Kernel Mailing List , linux-efi , the arch/x86 maintainers , Ard Biesheuvel , Thomas Gleixner , Greg Kroah-Hartman , Guenter Roeck , Josh Poimboeuf , stable , Andrew Cooper Subject: Re: [PATCH] efi/x86: use naked RET on mixed mode call wrapper Message-ID: References: <20220715194550.793957-1-cascardo@canonical.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 18, 2022 at 11:34:02AM -0700, Linus Torvalds wrote: > Why would we have to protect the kernel from EFI? Yes, we cleared this up on IRC in the meantime. This was raised as a concern in case we don't trust EFI. But we cannot not (double negation on purpose) trust EFI because it can do whatever it likes anyway, "underneath" the OS. I'm keeping the UNTRAIN_RET-in-C diff in my patches/ folder, though - I get the feeling we might need it soon for something else. :-) -- Regards/Gruss, Boris. SUSE Software Solutions Germany GmbH GF: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman (HRB 36809, AG Nürnberg)