Received: by 10.223.185.116 with SMTP id b49csp2361986wrg; Thu, 15 Feb 2018 10:24:01 -0800 (PST) X-Google-Smtp-Source: AH8x224blVlbCOYTASVJiwCYbLEABKanvD3LAmXMv6/4Zb5m0Lo9m5azm3HY1vpOWwp4zId0PW4X X-Received: by 10.99.178.68 with SMTP id t4mr2862423pgo.441.1518719041331; Thu, 15 Feb 2018 10:24:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518719041; cv=none; d=google.com; s=arc-20160816; b=ZdyfczOeRvoTKM5Om5qGAb1nKJLKu/w22u7OyG4Cks6NNNQTcLK+4tVwM6fubzE5va m2qr6XPcaMDz8DBkxUcgpxbmWjhdivf/Kay/StI/MuurPw8uqLd8em6dvJ7jB4S6SvM3 oNgWxgVs5TfAxBV8MTzBLEyu3LxtL2PIXdlWgjyzHQj+vXpDhg9slrLcmiITWW0ZUAqj lv1S11UWsCEwsS7LIH6i8i7SfyR88q7s82RVPHByFcv3Iu6p/S/s/ETMLgnTudiC1wEW O8LdxIVzL6P6WMX0fIv4QHduMhM2zXz1GJ+ELQ3QkgcyDirje6zZqguOSb/dEECY9ruX uJjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=/F0lWHb+kY6VxesgUQjb2NrD3ZI0gj+Ks/jKx/TIcac=; b=nlREs9D2VOYD0TkUPi86U8LkHGnS/xM5oKQNyQghnFmK6TjpSTqbLCt6vXGiWcqDhf MRtFtjOACs6bykzLDYVLoiQWu/GNreUZ9iXdBPSTaTy3W9Fo8lBHxjy6FETcYi2iMCQW AUX4gUZC3xLfiIEN9nB0Tj2YpDClenzlBd5ZkelSy1C+vVIQ4/hKye7zGktLaFFVIoYE M5+hL4gvhmgXR0G+XT0i6ticlF6ma2frHZ8gdT81AvaY6On4F1gfuCe0hgVeu0GFvMiK WvyuGG2MaGOhJeZ5vgSI+QzhjXErgple5gz900yPQHbKBXQyaBrz85dD0jjK4z6VW83D 5ttQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p2si292997pgd.118.2018.02.15.10.23.46; Thu, 15 Feb 2018 10:24:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1166326AbeBOSWL (ORCPT + 99 others); Thu, 15 Feb 2018 13:22:11 -0500 Received: from mga14.intel.com ([192.55.52.115]:3049 "EHLO mga14.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1163372AbeBOSWJ (ORCPT ); Thu, 15 Feb 2018 13:22:09 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Feb 2018 10:22:08 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,517,1511856000"; d="scan'208";a="35068984" Received: from jbkonno-saint14.jf.intel.com ([10.54.30.229]) by orsmga002.jf.intel.com with ESMTP; 15 Feb 2018 10:22:08 -0800 From: Joe Konno To: linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org Cc: ard.biesheuvel@linaro.org, matthew.garrett@nebula.com, jk@ozlabs.org, ak@linux.intel.com, tony.luck@intel.com Subject: [PATCH 0/2] efivars: reading variables can generate SMIs Date: Thu, 15 Feb 2018 10:22:06 -0800 Message-Id: <20180215182208.35003-1-joe.konno@linux.intel.com> X-Mailer: git-send-email 2.14.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Joe Konno It was pointed out that normal, unprivileged users reading certain EFI variables (through efivarfs) can generate SMIs. Given these nodes are created with 0644 permissions, normal users could generate a lot of SMIs. By restricting permissions a bit (patch 1), we can make it harder for normal users to generate spurious SMIs. A normal user could generate lots of SMIs by reading the efivarfs in a trivial loop: ``` while true; do cat /sys/firmware/efi/evivars/* > /dev/null done ``` Patch 1 in this series limits read and write permissions on efivarfs to the owner/superuser. Group and world cannot access. Patch 2 is for consistency and hygiene. If we restrict permissions for either efivarfs or efi/vars, the other interface should get the same treatment. Joe Konno (2): fs/efivarfs: restrict inode permissions efi: restrict top-level attribute permissions drivers/firmware/efi/efi.c | 10 ++++++---- fs/efivarfs/super.c | 4 ++-- 2 files changed, 8 insertions(+), 6 deletions(-) -- 2.14.1