On Sun, 4 Nov 2018, Sai Praneeth Prakhya wrote: > Ideally, after kernel assumes control of the platform, firmware > shouldn't access EFI boot services code/data regions. But, it's noticed > that this is not so true in many x86 platforms. Hence, during boot, > kernel reserves EFI boot services code/data regions [1] and maps [2] > them to efi_pgd so that call to set_virtual_address_map() doesn't fail. > After returning from set_virtual_address_map(), kernel frees the > reserved regions [3] but they still remain mapped. Hence, introduce > kernel_unmap_pages_in_pgd() which will later be used to unmap EFI boot > services code/data regions. > > While at it modify kernel_map_pages_in_pgd() by > 1. Adding __init modifier because it's always used *only* during boot. > 2. Add a warning if it's used after SMP is initialized because it uses > __flush_tlb_all() which flushes mappings only on current CPU. > > Unmapping EFI boot services code/data regions will result in clearing > PAGE_PRESENT bit and it shouldn't bother L1TF cases because it's already > handled by protnone_mask() at arch/x86/include/asm/pgtable-invert.h. > > [1] efi_reserve_boot_services() > [2] efi_map_region() -> __map_region() -> kernel_map_pages_in_pgd() > [3] efi_free_boot_services() > > Signed-off-by: Sai Praneeth Prakhya <[email protected]> > Cc: Borislav Petkov <[email protected]> > Cc: Ingo Molnar <[email protected]> > Cc: Andy Lutomirski <[email protected]> > Cc: Dave Hansen <[email protected]> > Cc: Bhupesh Sharma <[email protected]> > Cc: Thomas Gleixner <[email protected]> > Cc: Peter Zijlstra <[email protected]> > Cc: Ard Biesheuvel <[email protected]>
Reviewed-by: Thomas Gleixner <[email protected]>
