Re: [PATCH] efi/x86: use naked RET on mixed mode call wrapper
From: Andrew Cooper
Date: Mon Jul 18 2022 - 13:22:27 EST
On 18/07/2022 17:38, Peter Zijlstra wrote:
> On Mon, Jul 18, 2022 at 06:28:27PM +0200, Borislav Petkov wrote:
>> On Mon, Jul 18, 2022 at 01:41:37PM +0200, Peter Zijlstra wrote:
>>> diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
>>> index 10a3bfc1eb23..f934dcdb7c0d 100644
>>> --- a/arch/x86/include/asm/nospec-branch.h
>>> +++ b/arch/x86/include/asm/nospec-branch.h
>>> @@ -297,6 +297,8 @@ do { \
>>> alternative_msr_write(MSR_IA32_SPEC_CTRL, \
>>> spec_ctrl_current() | SPEC_CTRL_IBRS, \
>>> X86_FEATURE_USE_IBRS_FW); \
>>> + altnerative_msr_write(MSR_IA32_PRED_CMD, PRED_CMD_IBPB, \
>>> + X86_FEATURE_USE_IBPB_FW); \
>>> } while (0)
>> So I'm being told we need to untrain on return from EFI to protect the
>> kernel from it. Ontop of yours.
> I don't think there's any credible way we can protect against EFI taking
> over the system if it wants to. It runs at CPL0 and has access to the
> direct map. If EFI wants it can take over the system without trying.
I don't think an untrain is needed either. EFI RS can do anything it
wants, architecturally speaking, so the only threat is it acting as a
confused deputy.
The IBPB on the way in mitigates any BTC attacks against EFI-RS.
The "safe" BTB entry can be evicted due to competition or an alias, both
in kernel code or EFI code, but neither of these contexts will be
deliberately creating a malicious entry.
~Andrew