From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752580AbeBPSsk (ORCPT ); Fri, 16 Feb 2018 13:48:40 -0500 Received: from mga11.intel.com ([192.55.52.93]:15264 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751282AbeBPSsd (ORCPT ); Fri, 16 Feb 2018 13:48:33 -0500 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,520,1511856000"; d="asc'?scan'208";a="175920115" Date: Fri, 16 Feb 2018 10:48:32 -0800 From: Joe Konno To: Ard Biesheuvel Cc: Borislav Petkov , Matthew Garrett , Ingo Molnar , Andy Lutomirski , linux-efi@vger.kernel.org, Linux Kernel Mailing List , Jeremy Kerr , Andi Kleen , Tony Luck , Benjamin Drung , Peter Jones Subject: Re: [PATCH 0/2] efivars: reading variables can generate SMIs Message-ID: <20180216184832.sqreq5zhar3jqdae@jbkonno-saint14> References: <20180215182208.35003-1-joe.konno@linux.intel.com> <20180216105548.GA29042@pd.tnic> <20180216110821.GB29042@pd.tnic> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="xshtw7avu7dmxdg5" Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170609 (1.8.3) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --xshtw7avu7dmxdg5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 16, 2018 at 11:18:12AM +0000, Ard Biesheuvel wrote: > On 16 February 2018 at 11:08, Borislav Petkov wrote: > > On Fri, Feb 16, 2018 at 10:58:47AM +0000, Ard Biesheuvel wrote: > >> By your own reasoning above, that's a no-no as well. > > > > I'm sure we can come up with some emulation - the same way we did the > > BIOS emulation. > > > >> But thanks for your input. Anyone else got something constructive to c= ontribute? > > > > The not-breaking userspace is constructive contribution. The last > > paragraph is my usual rant. > > >=20 > Fair enough. And I am not disagreeing with you either. >=20 > So question to Joe: is it well defined which variables may exhibit > this behavior? For brevity's sake, "not yet." Folks-- e.g. firmware writers and equipment makers-- may use SMIs more (or less) than others. So, how many SMIs generated by the reference shell script can, and will, vary platform to platform. I and my colleagues are digging into this. > Given that UEFI variables are GUID scoped, would whitelisting certain > GUIDs (the ones userland currently relies on to be readable my > non-privileged users) and making everything else user-only solve this > problem as well? Perhaps. I don't want us chasing white rabbits just yet, but the whitelist is but one approach under consideration. We may see some other patches or RFCs about caching and/or shadowing variable values in efivarfs to reduce the number of direct EFI reads, with the goal of reducing how many SMIs are generated. Any obvious EFI variables that userspace tools have come to depend on-- those which normal, unprivileged users need to read-- are helpful inputs to this discussion. The discussion is double-ended: asking the "which variables almost always cause SMIs?" at the front and "which variables do normal, unprivileged tools need for standard operation?" at the back. Cheers, thanks for the feedback and consideration --xshtw7avu7dmxdg5 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJahyd6AAoJEI2IR9UvSqpmYF4P+gI6oe1l8WJIsfLDjokgjTsF +JcfSZcqHHFZUopYn3QcHMQZNc4vrVkMkV5wZRTEkVp3QU1x9fKeNeQxLRbkAIW8 mpjf4ksGCsPrKwVyYVB0AJTaluabSladzCrzzSh7kGlKW2UgYR5bdGox4KnXjNGM WSqPhIqSeK/Ojt5PCIlj5JNaEhjC3J+vEIOLwPs7FeLHMlaNiE1lLRqabGbZPLv/ JSfwStJ0Gu3WvjXgo8b7fy4tMwC14h1/ZVlj4xaX/2S3xtmZhccOBCD0iKxgXk2S RAxVBP+y9czJ8u91Y5ePLkOPQs4/B8LVhRmy+azrQDmBn2v8YWnj4kfQPRFqISz6 bJKdQLWpzgpcpPXeftzViEQLttVzERKZTdfjNao4H2i8S3pYcO6KT++hNEljVBQ0 rNJBcavfawk1bD3/5B869XJ0f5Noql2iqLvLH5iSS+bSU3f/hlpM2Pqpexqa3Pcj XJA4S+zlKQU9LJW3KhC5VzsBf+yik5hVW/JAF6ceNQ19DhDBVnrAP0VjS9TXQSuA +8X59VzCSnBs4FqSLn0kFHrmEQar83RFLBRD3I58YHgnNWcsS+eBmuwMr0+LxWrq aPXaTIuWfOXGFVq1cgZtKq5zJfoKz4qY88bL49+iQonx8y90AKRnGmUbASLXpXuX l7nWydx1DGw7nuLrK/TL =HYZS -----END PGP SIGNATURE----- --xshtw7avu7dmxdg5-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: Joe Konno Subject: Re: [PATCH 0/2] efivars: reading variables can generate SMIs Date: Fri, 16 Feb 2018 10:48:32 -0800 Message-ID: <20180216184832.sqreq5zhar3jqdae@jbkonno-saint14> References: <20180215182208.35003-1-joe.konno@linux.intel.com> <20180216105548.GA29042@pd.tnic> <20180216110821.GB29042@pd.tnic> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="xshtw7avu7dmxdg5" Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-efi-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Ard Biesheuvel Cc: Borislav Petkov , Matthew Garrett , Ingo Molnar , Andy Lutomirski , linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Linux Kernel Mailing List , Jeremy Kerr , Andi Kleen , Tony Luck , Benjamin Drung , Peter Jones List-Id: linux-efi@vger.kernel.org --xshtw7avu7dmxdg5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 16, 2018 at 11:18:12AM +0000, Ard Biesheuvel wrote: > On 16 February 2018 at 11:08, Borislav Petkov wrote: > > On Fri, Feb 16, 2018 at 10:58:47AM +0000, Ard Biesheuvel wrote: > >> By your own reasoning above, that's a no-no as well. > > > > I'm sure we can come up with some emulation - the same way we did the > > BIOS emulation. > > > >> But thanks for your input. Anyone else got something constructive to c= ontribute? > > > > The not-breaking userspace is constructive contribution. The last > > paragraph is my usual rant. > > >=20 > Fair enough. And I am not disagreeing with you either. >=20 > So question to Joe: is it well defined which variables may exhibit > this behavior? For brevity's sake, "not yet." Folks-- e.g. firmware writers and equipment makers-- may use SMIs more (or less) than others. So, how many SMIs generated by the reference shell script can, and will, vary platform to platform. I and my colleagues are digging into this. > Given that UEFI variables are GUID scoped, would whitelisting certain > GUIDs (the ones userland currently relies on to be readable my > non-privileged users) and making everything else user-only solve this > problem as well? Perhaps. I don't want us chasing white rabbits just yet, but the whitelist is but one approach under consideration. We may see some other patches or RFCs about caching and/or shadowing variable values in efivarfs to reduce the number of direct EFI reads, with the goal of reducing how many SMIs are generated. Any obvious EFI variables that userspace tools have come to depend on-- those which normal, unprivileged users need to read-- are helpful inputs to this discussion. The discussion is double-ended: asking the "which variables almost always cause SMIs?" at the front and "which variables do normal, unprivileged tools need for standard operation?" at the back. Cheers, thanks for the feedback and consideration --xshtw7avu7dmxdg5 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJahyd6AAoJEI2IR9UvSqpmYF4P+gI6oe1l8WJIsfLDjokgjTsF +JcfSZcqHHFZUopYn3QcHMQZNc4vrVkMkV5wZRTEkVp3QU1x9fKeNeQxLRbkAIW8 mpjf4ksGCsPrKwVyYVB0AJTaluabSladzCrzzSh7kGlKW2UgYR5bdGox4KnXjNGM WSqPhIqSeK/Ojt5PCIlj5JNaEhjC3J+vEIOLwPs7FeLHMlaNiE1lLRqabGbZPLv/ JSfwStJ0Gu3WvjXgo8b7fy4tMwC14h1/ZVlj4xaX/2S3xtmZhccOBCD0iKxgXk2S RAxVBP+y9czJ8u91Y5ePLkOPQs4/B8LVhRmy+azrQDmBn2v8YWnj4kfQPRFqISz6 bJKdQLWpzgpcpPXeftzViEQLttVzERKZTdfjNao4H2i8S3pYcO6KT++hNEljVBQ0 rNJBcavfawk1bD3/5B869XJ0f5Noql2iqLvLH5iSS+bSU3f/hlpM2Pqpexqa3Pcj XJA4S+zlKQU9LJW3KhC5VzsBf+yik5hVW/JAF6ceNQ19DhDBVnrAP0VjS9TXQSuA +8X59VzCSnBs4FqSLn0kFHrmEQar83RFLBRD3I58YHgnNWcsS+eBmuwMr0+LxWrq aPXaTIuWfOXGFVq1cgZtKq5zJfoKz4qY88bL49+iQonx8y90AKRnGmUbASLXpXuX l7nWydx1DGw7nuLrK/TL =HYZS -----END PGP SIGNATURE----- --xshtw7avu7dmxdg5--