x86/ibt: Disable IBT around firmware

Assume firmware isn't IBT clean and disable it across calls. Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Reviewed-by: Kees Cook <keescook@chromium.org> Acked-by: Josh Poimboeuf <jpoimboe@redhat.com> Link: https://lore.kernel.org/r/20220308154318.759989383@infradead.org
author: Peter Zijlstra <peterz@infradead.org> 2022-03-08 18:30:38 +0300
committer: Peter Zijlstra <peterz@infradead.org> 2022-03-15 12:32:40 +0300
commit: fe379fa4d199abc52d5b4a256e52cf94eff685cf (patch)
tree: 4466b0d16bc23c3b36f574ef17113bb3cbcfd497 /arch/x86/include/asm/efi.h
parent: 99c95c5d4f1027130d555fdb27b576520894827d (diff)
download: linux-fe379fa4d199abc52d5b4a256e52cf94eff685cf.tar.xz
1 files changed, 7 insertions, 2 deletions
diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h
index 03cb12775043..98938a68251c 100644
--- a/arch/x86/include/asm/efi.h
+++ b/arch/x86/include/asm/efi.h
@@ -7,6 +7,7 @@
 #include <asm/tlb.h>
 #include <asm/nospec-branch.h>
 #include <asm/mmu_context.h>
+#include <asm/ibt.h>
 #include <linux/build_bug.h>
 #include <linux/kernel.h>
 #include <linux/pgtable.h>
@@ -120,8 +121,12 @@ extern asmlinkage u64 __efi_call(void *fp, ...);
 	efi_enter_mm();							\
 })
 
-#define arch_efi_call_virt(p, f, args...)				\
-	efi_call((void *)p->f, args)					\
+#define arch_efi_call_virt(p, f, args...) ({				\
+	u64 ret, ibt = ibt_save();					\
+	ret = efi_call((void *)p->f, args);				\
+	ibt_restore(ibt);						\
+	ret;								\
+})
 
 #define arch_efi_call_virt_teardown()					\
 ({									\
author	Peter Zijlstra <peterz@infradead.org>	2022-03-08 18:30:38 +0300
committer	Peter Zijlstra <peterz@infradead.org>	2022-03-15 12:32:40 +0300
commit	fe379fa4d199abc52d5b4a256e52cf94eff685cf (patch)
tree	4466b0d16bc23c3b36f574ef17113bb3cbcfd497 /arch/x86/include/asm/efi.h
parent	99c95c5d4f1027130d555fdb27b576520894827d (diff)
download	linux-fe379fa4d199abc52d5b4a256e52cf94eff685cf.tar.xz