[PATCH V4 3/3] x86/efi: Introduce EFI_PAGE_FAULT_HANDLER

Thu, 06 Sep 2018 16:29:07 -0700 

From: Sai Praneeth <[email protected]>

There may exist some buggy UEFI firmware implementations that might
access efi regions other than EFI_RUNTIME_SERVICES_<CODE/DATA> even
after the kernel has assumed control of the platform. This violates UEFI
specification.

If selected, this debug option will print a warning message if the UEFI
firmware tries to access any memory region which it shouldn't. Along
with the warning, the efi page fault handler will also try to recover
from the page fault triggered by the firmware so that the machine
doesn't hang.

Suggested-by: Matt Fleming <[email protected]>
Based-on-code-from: Ricardo Neri <[email protected]>
Signed-off-by: Sai Praneeth Prakhya <[email protected]>
Cc: Al Stone <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Ingo Molnar <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Bhupesh Sharma <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Ard Biesheuvel <[email protected]>
---
 arch/x86/Kconfig | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index f1dbb4ee19d7..cc840710ae3e 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1957,6 +1957,24 @@ config EFI_MIXED
 
           If unsure, say N.
 
+config EFI_PAGE_FAULT_HANDLER
+       bool "EFI page fault handler support" if EXPERT
+       depends on EFI
+       help
+         Enable this debug feature so that the kernel can recover from page
+         faults caused by buggy firmware. Also,
+         1. If the page fault is caused by efi_reset_system(), then the
+            platform is rebooted through BIOS.
+         2. If the page fault is caused by any other efi runtime service,
+            then the kernel freezes efi_rts_wq (work queue that runs efi
+            runtime services) and schedules a new process. Also, it disables
+            EFI Runtime Services, so that it will never again call buggy
+            firmware.
+         Please see the UEFI specification for details on the expectations
+         of memory usage.
+
+         If unsure, say N.
+
 config SECCOMP
        def_bool y
        prompt "Enable seccomp to safely compute untrusted bytecode"
-- 
2.7.4

Reply via email to