linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Peter Jones <pjones@redhat.com>
To: "Luck, Tony" <tony.luck@intel.com>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Joe Konno <joe.konno@linux.intel.com>,
	Matthew Garrett <mjg59@google.com>,
	Ingo Molnar <mingo@kernel.org>, Andy Lutomirski <luto@kernel.org>,
	Borislav Petkov <bp@alien8.de>,
	"linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Jeremy Kerr <jk@ozlabs.org>, Andi Kleen <ak@linux.intel.com>,
	Benjamin Drung <benjamin.drung@profitbricks.com>
Subject: Re: [PATCH 0/2] efivars: reading variables can generate SMIs
Date: Fri, 16 Feb 2018 17:05:37 -0500	[thread overview]
Message-ID: <20180216220536.liew4p4kqmaxwmfh@redhat.com> (raw)
In-Reply-To: <3908561D78D1C84285E8C5FCA982C28F7B37942B@ORSMSX110.amr.corp.intel.com>

On Fri, Feb 16, 2018 at 09:09:30PM +0000, Luck, Tony wrote:
> > That said, I'm not sure how many non-root users run the toolkit to
> > extract their EFI certificates or check on the secure boot status of
> > the system, but I suspect it might be non-zero: I can see the tinfoil
> > hat people wanting at least to check the secure boot status when they
> > log in.
> 
> Another fix option might be to rate limit EFI calls for non-root users (on X86
> since only we have the SMI problem). That would:
> 
> 1) Avoid using memory to cache all the variables
> 2) Catch any other places where non-root users can call EFI

I could get behind that as well.  Currently the things I maintain do
approximately this many normal accesses with invocations you can do as a
user:

"efibootmgr -v" - six files we always try to read, plus one per Boot####
		  entry.
"fwupdate --info" - one file it always tries to read, one file for each
                    ESRT entry.
"dbxtool -l" - one file it always reads.
"mokutil --sb-state" - reads the same file twice.  I don't maintain
                       this, but I'll send a patch to Gary to make it
		       only read it once.  AFAICS all of the other
		       invocations you can currently do as a user
		       /legitimately/ read two files, though.

Some systems seem to *love* making a pile of Boot#### entries; I think
the most I've seen is something like 16.  So on that machine, one
"efibootmgr -v" invocation is ~22 efivars files read.  I've never seen a
machine that advertised more than 2 ESRT entries, but maybe we'll get
there some day.

-- 
  Peter

  parent reply	other threads:[~2018-02-16 22:05 UTC|newest]

Thread overview: 60+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-15 18:22 [PATCH 0/2] efivars: reading variables can generate SMIs Joe Konno
2018-02-15 18:22 ` [PATCH 1/2] fs/efivarfs: restrict inode permissions Joe Konno
2018-02-20 19:18   ` Andy Lutomirski
2018-02-20 21:18     ` Luck, Tony
2018-02-20 21:22       ` Matthew Garrett
2018-02-20 21:32         ` Luck, Tony
2018-02-20 21:35           ` Matthew Garrett
2018-02-20 22:01       ` Linus Torvalds
2018-02-20 23:30         ` Luck, Tony
2018-02-20 23:39           ` Matthew Garrett
2018-02-20 23:50             ` Luck, Tony
2018-02-21  0:49           ` Linus Torvalds
2018-02-21  1:05             ` Luck, Tony
2018-02-21  2:16               ` Linus Torvalds
2018-02-21  9:03                 ` Ard Biesheuvel
2018-02-21 18:02                   ` Linus Torvalds
2018-02-21 18:21                     ` Andi Kleen
2018-02-21 19:47                       ` Luck, Tony
2018-02-21 19:50                         ` Linus Torvalds
2018-02-21 19:58                           ` Luck, Tony
2018-02-21 20:40                             ` Linus Torvalds
2018-02-22  1:45                               ` [PATCH] efivarfs: Limit the rate for non-root to read files Luck, Tony
2018-02-22  1:58                                 ` Linus Torvalds
2018-02-22  5:34                                   ` Luck, Tony
2018-02-22 17:10                                     ` Eric W. Biederman
     [not found]                                     ` <CA+55aFy0hRexJkLbN7t31LjfGr4Ae0W5g6sBMqHHJi8aYuGKeA@mail.gmail.com>
     [not found]                                       ` <612E894E-62C8-4155-AED8-D53702EDC8DC@intel.com>
     [not found]                                         ` <CA+55aFxeBaTbwvbWqx1MKYjKKzLUs=1O43Bx2=JaO8qrnY-8HA@mail.gmail.com>
2018-02-22 17:15                                           ` [PATCH v2] " Luck, Tony
2018-02-22 17:39                                             ` Linus Torvalds
2018-02-22 17:54                                               ` Luck, Tony
2018-02-22 18:07                                                 ` Linus Torvalds
2018-02-22 18:08                                                   ` Ard Biesheuvel
2018-02-23 20:34                                                     ` Andy Lutomirski
2018-02-23 19:47                                         ` [PATCH] " Peter Jones
2018-02-21 19:52                       ` [PATCH 1/2] fs/efivarfs: restrict inode permissions Linus Torvalds
2018-02-24 20:06                   ` Alan Cox
2018-02-25 10:56                     ` Ard Biesheuvel
2018-02-21  0:49         ` Peter Jones
2018-02-20 23:19     ` Andy Lutomirski
2018-02-15 18:22 ` [PATCH 2/2] efi: restrict top-level attribute permissions Joe Konno
2018-02-16 10:41 ` [PATCH 0/2] efivars: reading variables can generate SMIs Ard Biesheuvel
2018-02-16 10:55   ` Borislav Petkov
2018-02-16 10:58     ` Ard Biesheuvel
2018-02-16 11:08       ` Borislav Petkov
2018-02-16 11:18         ` Ard Biesheuvel
2018-02-16 18:48           ` Joe Konno
2018-02-16 18:58             ` Borislav Petkov
2018-02-16 19:22             ` Peter Jones
2018-02-16 19:31               ` Ard Biesheuvel
2018-02-16 19:51                 ` Matthew Garrett
2018-02-16 19:32               ` Luck, Tony
2018-02-16 19:54                 ` Peter Jones
2018-02-16 20:51   ` James Bottomley
2018-02-16 21:09     ` Luck, Tony
2018-02-16 21:45       ` Andy Lutomirski
2018-02-16 21:58         ` Matthew Garrett
2018-02-16 22:02           ` Luck, Tony
2018-02-16 22:03             ` Matthew Garrett
2018-02-17 18:12               ` Andy Lutomirski
2018-02-16 22:05       ` Peter Jones [this message]
2018-02-17  9:36         ` Ard Biesheuvel
2018-02-17 16:17           ` Andi Kleen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180216220536.liew4p4kqmaxwmfh@redhat.com \
    --to=pjones@redhat.com \
    --cc=James.Bottomley@HansenPartnership.com \
    --cc=ak@linux.intel.com \
    --cc=ard.biesheuvel@linaro.org \
    --cc=benjamin.drung@profitbricks.com \
    --cc=bp@alien8.de \
    --cc=jk@ozlabs.org \
    --cc=joe.konno@linux.intel.com \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mingo@kernel.org \
    --cc=mjg59@google.com \
    --cc=tony.luck@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).