Received: by 10.223.185.116 with SMTP id b49csp1024607wrg;
        Fri, 16 Feb 2018 11:01:53 -0800 (PST)
X-Google-Smtp-Source: AH8x226s0lyYWhtpSMtsQZjGTvZ+PynuzW5tAzD6Rw5VfEJMtcbY7bneTe3BZU/72k0BJ3PMGIjp
X-Received: by 2002:a17:902:424:: with SMTP id 33-v6mr6622543ple.57.1518807712965;
        Fri, 16 Feb 2018 11:01:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518807712; cv=none;
        d=google.com; s=arc-20160816;
        b=AjQofjD/SOP6VfgsgaypBb0rLhclTNeCVypzOVWcFIT1YsyIhHKMoWCAdjkp9YX7Ed
         Yo6HfSyIcFmLi1+xZtzTNpmACwo8Ar+tlwgWNaknbfC7kJAlyuY6CI2GFI2+ulgAWc8I
         3rkBS/hY+JBSADxK837YKTklLlE/Yqx5eXkxSmvp3F6RrKVxVaDwmUp2URY9n8/ZAysR
         1uvztAuUvHNdfq3KslHBwCDKsBHQHXNX651BLzPQPaXXiRtUFNVy3fhfEXlRUmu2TP0I
         TOzAMRXzNdW7BQ0QCPQ0hlYfvPYlJS7TLYSbCPAEwpflxtNqGlz7RWubMQmf3k4keDbL
         fDhg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=KGZqRJbbb51CMxeznHnTFTsQmVDX6Y5VBKsINauOf3o=;
        b=xHpdDqHcThjYWcHVa0SqxUlaEhSL2PpLQeIbXa7ceUyf1y8ixPSrkCOCFO7gNy1Il9
         xj2FB2CDGuOOI5HbmeepX8epUnVeOO/eFLAvo+nvkYTbHDhdMzLk4M8AMX6JlG27VIRn
         hMzLRXuLG8BYWU5DktHEVwA5Vpf2Ik9Yt1ws2lJEkMa8NhysxeF3BHravBSvKn3vR4GF
         4+chN38LwJuGcqP3CZurHq1chP8E8qkznvstou8DS44IuW5qLyc9VzatYlBQRxDMfWj/
         fjGZheHFl2E50p3KBA82PV8oRRfk/Cae0sN4KWRX2wNO/Rwcbk93bYpkn8g/LYgaxjAX
         d6sw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=MIwOMgxL;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 91-v6si92621pld.283.2018.02.16.11.01.32;
        Fri, 16 Feb 2018 11:01:52 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=MIwOMgxL;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S934685AbeBPK6u (ORCPT <rfc822;zoe.song.ucas@gmail.com>
        + 99 others); Fri, 16 Feb 2018 05:58:50 -0500
Received: from mail-io0-f172.google.com ([209.85.223.172]:35991 "EHLO
        mail-io0-f172.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S934609AbeBPK6s (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 16 Feb 2018 05:58:48 -0500
Received: by mail-io0-f172.google.com with SMTP id t22so3753664iob.3
        for <linux-kernel@vger.kernel.org>; Fri, 16 Feb 2018 02:58:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=KGZqRJbbb51CMxeznHnTFTsQmVDX6Y5VBKsINauOf3o=;
        b=MIwOMgxLBTd8K0psNrjc6t9LFSrIihgYAS+CF8S7Vqctkza/QL32M8zSC8nHDjMmfk
         6saK15ukUyYTpYWrx8DbBen0HH0J5pZIHSNZlVrBwWodSxzYXPIqMRjJh5+0Ei0uMdbO
         Ac0aKYvHRH72EW7C+T1nO1SVYUJ7lac3blkYo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=KGZqRJbbb51CMxeznHnTFTsQmVDX6Y5VBKsINauOf3o=;
        b=PgIK4HqnJHmMPk9/Rm5Ue0zR9mQWwmQ+C00LvKf1mQkicfKCgIIqAe53VCY6GEhWLc
         Ya7apo6odWWEzLOwORmTckGvwO/QhfRmEeeMWDlyHWdxYGfj7/EPhhu9zm5fjL2uPjZ8
         DIXyii92WVGYK67ilzwTyx9RuBlnbs9W9K95IfC0VXWAd35eNamo9lvZ2qh/63NKZWYg
         PqPiJGSeqP6y4be99yyX6POQ0mBrzgRrVYqhkbqVdB1nnCs59wWt0TRVikp0/uQEgOAh
         I0XrZMXnL7JugTI6Ls4FUjkvzTj7STyWc5HMyP2g8wZGfaayC8Q1y0l6kBAPCLMDcZHi
         Oo3A==
X-Gm-Message-State: APf1xPAWnz8ieD1yL1zrM3havrXGGUkE6T9QhMbkRTyzQM5sB/uO9qTa
        kBWxlD93clSHKLy7xk5V8BFDkSYfi0igIrv64BkJ+A==
X-Received: by 10.107.63.68 with SMTP id m65mr7989088ioa.107.1518778727986;
 Fri, 16 Feb 2018 02:58:47 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.138.209 with HTTP; Fri, 16 Feb 2018 02:58:47 -0800 (PST)
In-Reply-To: <20180216105548.GA29042@pd.tnic>
References: <20180215182208.35003-1-joe.konno@linux.intel.com>
 <CAKv+Gu80pJ5tbGoJqBm8CCKrEZXdkE83c944383KbQ5jREUC0Q@mail.gmail.com> <20180216105548.GA29042@pd.tnic>
From:   Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date:   Fri, 16 Feb 2018 10:58:47 +0000
Message-ID: <CAKv+Gu8qm2wFxY56-eRLkLZB6fRUCmZbZo=4cvo5e4JDFh01Gg@mail.gmail.com>
Subject: Re: [PATCH 0/2] efivars: reading variables can generate SMIs
To:     Borislav Petkov <bp@alien8.de>
Cc:     Joe Konno <joe.konno@linux.intel.com>,
        Matthew Garrett <mjg59@google.com>,
        Ingo Molnar <mingo@kernel.org>,
        Andy Lutomirski <luto@kernel.org>, linux-efi@vger.kernel.org,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Jeremy Kerr <jk@ozlabs.org>, Andi Kleen <ak@linux.intel.com>,
        Tony Luck <tony.luck@intel.com>,
        Benjamin Drung <benjamin.drung@profitbricks.com>,
        Peter Jones <pjones@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 16 February 2018 at 10:55, Borislav Petkov <bp@alien8.de> wrote:
> On Fri, Feb 16, 2018 at 10:41:45AM +0000, Ard Biesheuvel wrote:
>> On 15 February 2018 at 18:22, Joe Konno <joe.konno@linux.intel.com> wrote:
>> > From: Joe Konno <joe.konno@intel.com>
>> >
>> > It was pointed out that normal, unprivileged users reading certain EFI
>> > variables (through efivarfs) can generate SMIs. Given these nodes are created
>> > with 0644 permissions, normal users could generate a lot of SMIs. By
>> > restricting permissions a bit (patch 1), we can make it harder for normal users
>> > to generate spurious SMIs.
>> >
>> > A normal user could generate lots of SMIs by reading the efivarfs in a trivial
>> > loop:
>> >
>> > ```
>> > while true; do
>> >     cat /sys/firmware/efi/evivars/* > /dev/null
>> > done
>> > ```
>> >
>> > Patch 1 in this series limits read and write permissions on efivarfs to the
>> > owner/superuser. Group and world cannot access.
>> >
>> > Patch 2 is for consistency and hygiene. If we restrict permissions for either
>> > efivarfs or efi/vars, the other interface should get the same treatment.
>> >
>>
>> I am inclined to apply this as a fix, but I will give the x86 guys a
>> chance to respond as well.
>
> That stinking pile EFI never ceases to amaze me...
>
> Just one question: by narrowing permissions this way, aren't you
> breaking some userspace which reads those?
>
> And if you do, then that's a no-no.
>
> Which then would mean that you'd have to come up with some caching
> scheme to protect the firmware from itself.
>
> Or we could simply admit that EFI is a piece of crap, kill it and
> start anew, this time much more conservatively and not add a whole OS
> underneath the actual OS.
>

By your own reasoning above, that's a no-no as well.

But thanks for your input. Anyone else got something constructive to contribute?