From 40ffff37b1f8c77043127d0fa399fa26a6011ac8 Mon Sep 17 00:00:00 2001
From: kettenis <kettenis@openbsd.org>
Date: Sat, 8 Jul 2023 07:18:39 +0000
Subject: [PATCH] Toggle IBT off during EFI runtime services calls.

While UEFI 2.10 has a way of indicating that runtime services use the
appropriate ENDBR64 instructions, firmware that's out int the wild doesn't
actually use that yet.  Once the landscape changes we may want to
reconsider toggling IBT off.

ok guenther@, kn@
---
 sys/arch/amd64/amd64/efi_machdep.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/sys/arch/amd64/amd64/efi_machdep.c b/sys/arch/amd64/amd64/efi_machdep.c
index 97be06b224b..7486ff106ac 100644
--- a/sys/arch/amd64/amd64/efi_machdep.c
+++ b/sys/arch/amd64/amd64/efi_machdep.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: efi_machdep.c,v 1.6 2023/04/30 17:24:24 kettenis Exp $	*/
+/*	$OpenBSD: efi_machdep.c,v 1.7 2023/07/08 07:18:39 kettenis Exp $	*/
 
 /*
  * Copyright (c) 2022 Mark Kettenis <kettenis@openbsd.org>
@@ -208,11 +208,15 @@ efi_enter(struct efi_softc *sc)
 	fpu_kernel_enter();
 
 	curpcb->pcb_onfault = (void *)efi_fault;
+	if (curcpu()->ci_feature_sefflags_edx & SEFF0EDX_IBT)
+		lcr4(rcr4() & ~CR4_CET);
 }
 
 void
 efi_leave(struct efi_softc *sc)
 {
+	if (curcpu()->ci_feature_sefflags_edx & SEFF0EDX_IBT)
+		lcr4(rcr4() | CR4_CET);
 	curpcb->pcb_onfault = NULL;
 
 	fpu_kernel_exit();
-- 
2.20.1