Re: [PATCH v2 0/3] x86: Extend LASS support to EFI configurations

Next message: Randy Dunlap: "Re: [PATCH v1 1/1] mtd: physmap: physmap-bt1-rom: Remove not-going-to-be-supported code for Baikal SoC"
Previous message: Edgecombe, Rick P: "Re: [PATCH] KVM: TDX: Set SIGNIFCANT_INDEX flag for supported CPUIDs"
Next in thread: Ard Biesheuvel: "Re: [PATCH v2 0/3] x86: Extend LASS support to EFI configurations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sohil Mehta

Date: Tue Feb 24 2026 - 13:46:22 EST

Hello x86 Maintainers, Ard,

On 1/20/2026 3:47 PM, Sohil Mehta wrote:
> Solution
> --------
> These patches take LASS out of the path of all EFI boot and runtime
> service interactions by:
>
> Patch 1: Deferring LASS enabling until userspace comes up, which
> ensures EFI has completed switching to virtual mode and all boot
> services memory has been freed [3].
>
> Patch 2: Temporarily disabling LASS every time a runtime service is
> executed after boot. Runtime services execute in a special efi_mm
> which doesn't have userspace mapped. So, the security implications of
> disabling LASS are fairly limited [4].
>

The patches now have tested-by tags from Maciej and Tony. Also, the
patches apply cleanly on v7.0-rc1. I am hoping to get some review
feedback on the patches before resending another version.

Ard, are you okay with patch 2 that disables LASS during EFI runtime calls?

x86 Maintainers, patch 1 introduces a common mechanism to defer
initializing features until userspace is about to come up. In the
future, enabling of features (such as SMAP, SMEP, UMIP) and CR pinning,
SPEC_CTRL MSR can be moved here.

Also, there is a possibility that the freeing of EFI boot services
memory might happen later based on the recent discussion at:
https://lore.kernel.org/lkml/20260223075219.2348035-1-rppt@xxxxxxxxxx/

Overall, the approach in patch 1 seems useful. The implementation is
based on a combination of late_initcall() and CPU hotplug callbacks.
Thoughts?