Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755235AbdDMRuJ (ORCPT ); Thu, 13 Apr 2017 13:50:09 -0400 Received: from esa4.dell-outbound.iphmx.com ([68.232.149.214]:63243 "EHLO esa4.dell-outbound.iphmx.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753820AbdDMRuF (ORCPT ); Thu, 13 Apr 2017 13:50:05 -0400 From: X-LoopCount0: from 10.175.216.249 X-IronPort-AV: E=Sophos;i="5.37,195,1488866400"; d="scan'208";a="94177768" To: CC: , , , , , , , , , Subject: RE: RFC: WMI Enhancements Thread-Topic: RFC: WMI Enhancements Thread-Index: AQHSs+HFfWGz3Na/pUazu2XvXvLesqHDPEIAgACGNAD//7EgQIAAVeQA//+siQCAAGaUgP//tIPwAArEfwAACnGroA== Date: Thu, 13 Apr 2017 17:49:49 +0000 Message-ID: References: <20170412230854.GA11963@fury> <20170413073228.GB1462@ozzy.nask.waw.pl> <0d4e6c4562fb4b85ad4c368ae73dbe06@ausx13mpc120.AMER.DELL.COM> <20170413170619.GF2064@fury> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.208.86.26] Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by mail.home.local id v3DHoKLi030841 Content-Length: 2463 Lines: 51 > -----Original Message----- > From: Andy Lutomirski [mailto:luto@kernel.org] > Sent: Thursday, April 13, 2017 12:44 PM > To: Limonciello, Mario > Cc: Darren Hart ; Andrew Lutomirski ; > Michał Kępień ; Rafael J. Wysocki ; Len > Brown ; Pali Rohár ; Corentin > Chary ; Andy Shevchenko > ; linux-kernel@vger.kernel.org; platform- > driver-x86@vger.kernel.org; linux-pm@vger.kernel.org > Subject: Re: RFC: WMI Enhancements > > On Thu, Apr 13, 2017 at 10:39 AM, wrote: > >> -----Original Message----- > >> From: Darren Hart [mailto:dvhart@infradead.org] > >> Sent: Thursday, April 13, 2017 12:06 PM > >> To: Limonciello, Mario > >> Cc: luto@kernel.org; kernel@kempniu.pl; rjw@rjwysocki.net; > >> len.brown@intel.com; pali.rohar@gmail.com; corentin.chary@gmail.com; > >> andriy.shevchenko@linux.intel.com; linux-kernel@vger.kernel.org; platform- > >> driver-x86@vger.kernel.org; linux-pm@vger.kernel.org > >> Subject: Re: RFC: WMI Enhancements > >> > > > Well the "most" interesting to me is the SMBIOS calling interface on the > > regular Dell GUID (WMBA IIRC). That's what is used to manipulate keyboard > > LED timeouts in dell-laptop (although through direct SMI today). > > > > It's also what is used for other SMBIOS calls like changing random BIOS settings > > that shouldn't be generically exposed in sysfs but should be controlled by > > manageability tools. > > > > Example: turning on/off legacy option ROM or changing legacy boot order. > > > > IIUC we basically can't expose the SMI--based interface to this entry > point to userspace because of its use of physical addressing. It is > reasonably safe to expose the WMI version? (IOW should be expect that > it doesn't enable kernel-mode or SMM code execution?) The SMI based entry is already exposed using dcdbas. The WMI version when executing a call that would be run as a SMI will copy the buffer to an area of memory that the BIOS has already been marked reserved to execute the SMI and copy the result out. > > TBH, I've occasionally considered writing a driver to expose SMM code > execution on systems with a known reliable exploit :) On Dell HW? I'm sure our security folks would be very interested in this.