Received: by 10.223.185.116 with SMTP id b49csp1045918wrg;
        Fri, 16 Feb 2018 11:24:42 -0800 (PST)
X-Google-Smtp-Source: AH8x227L+t2TB29mR7MrYY813zTYlNL5WMXPCzjk5VswJUjYOJixB6bUcMWg1Ae2kGOgCU2gEA7x
X-Received: by 10.98.160.142 with SMTP id p14mr5341158pfl.134.1518809082127;
        Fri, 16 Feb 2018 11:24:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518809082; cv=none;
        d=google.com; s=arc-20160816;
        b=Ef9kvdrvAxjkTJUQFVJ4tZ2c8WsLsoXWNPa2SraRTiEiDCPtN+wU1zK+MiG3kR9PCn
         OBxy0+johOcH3o1uLej566IrC3o7NNRHLF/OdsNMAAeResPtfbobQ9Ga59X0erBnw3QU
         TRRRdiA74xuq2hQBpGFWIC0S6agEH5XGx9dhNkGPJ7RnP2UTQdLUXvPorb6+c/ml/WKI
         mDaSmviSwXdFvE7ocaqSN3FfkodiItYLo0TvFn1IRsBkXmpdgfSspd4REZrcJvbDDAYI
         CAmJarBte4+zRIpO8M+vuR2xae3Hsfx+QzoooCEHxkS6oXLZ18dFVest1olRMqlJ2Vji
         0Dpg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=Lmodji8ElCD0lbW+HFHS6CPt//vbHIMWH6InVQCrACI=;
        b=TSmbBs/+qcIWAgckfk2dSaWwU3zTfL83sd6tMO4YpG2UWqOp+OgHw7J9HiKCp+AOao
         RYyQ9YFDQKNhqGgVCEratKItq1zMOWp2FVObPfUi3m4T1qjw0zZxutdqArZRFI8zercg
         uCqGbrxXC5htStQ1Tce6mmJHcuuXQOUFY/lE+NnYIkHEII3cXCarPHfiTeUI30SoPpre
         Pib4HSoVFrYoM/6RAKV6rh+1y2JAyYEIXHSqWKNxIyNQxjGJGHXwzSR8rM/F5bwZA37b
         xnoBHh+1IIcffoTuYOE4Sm8vNJtyJsZdS4wHuTiRoRYp2CZdXYslHeBwoDHqMrDZBOaR
         taXA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id r7si1689249pgs.227.2018.02.16.11.24.27;
        Fri, 16 Feb 2018 11:24:42 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752553AbeBPSsj (ORCPT <rfc822;tibaldi.amos@gmail.com>
        + 99 others); Fri, 16 Feb 2018 13:48:39 -0500
Received: from mga11.intel.com ([192.55.52.93]:15264 "EHLO mga11.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751282AbeBPSsd (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 16 Feb 2018 13:48:33 -0500
X-Amp-Result: UNKNOWN
X-Amp-Original-Verdict: FILE UNKNOWN
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
  by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Feb 2018 10:48:33 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.46,520,1511856000"; 
   d="asc'?scan'208";a="175920115"
Received: from jbkonno-saint14.jf.intel.com (HELO jbkonno-saint14) ([10.54.30.229])
  by orsmga004.jf.intel.com with ESMTP; 16 Feb 2018 10:48:32 -0800
Date:   Fri, 16 Feb 2018 10:48:32 -0800
From:   Joe Konno <joe.konno@linux.intel.com>
To:     Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc:     Borislav Petkov <bp@alien8.de>, Matthew Garrett <mjg59@google.com>,
        Ingo Molnar <mingo@kernel.org>,
        Andy Lutomirski <luto@kernel.org>, linux-efi@vger.kernel.org,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Jeremy Kerr <jk@ozlabs.org>, Andi Kleen <ak@linux.intel.com>,
        Tony Luck <tony.luck@intel.com>,
        Benjamin Drung <benjamin.drung@profitbricks.com>,
        Peter Jones <pjones@redhat.com>
Subject: Re: [PATCH 0/2] efivars: reading variables can generate SMIs
Message-ID: <20180216184832.sqreq5zhar3jqdae@jbkonno-saint14>
References: <20180215182208.35003-1-joe.konno@linux.intel.com>
 <CAKv+Gu80pJ5tbGoJqBm8CCKrEZXdkE83c944383KbQ5jREUC0Q@mail.gmail.com>
 <20180216105548.GA29042@pd.tnic>
 <CAKv+Gu8qm2wFxY56-eRLkLZB6fRUCmZbZo=4cvo5e4JDFh01Gg@mail.gmail.com>
 <20180216110821.GB29042@pd.tnic>
 <CAKv+Gu_SD6yWJMGbTwGUWXtrgZKPkpANNaGe1PUruTG9j0yhcg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
        protocol="application/pgp-signature"; boundary="xshtw7avu7dmxdg5"
Content-Disposition: inline
In-Reply-To: <CAKv+Gu_SD6yWJMGbTwGUWXtrgZKPkpANNaGe1PUruTG9j0yhcg@mail.gmail.com>
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


--xshtw7avu7dmxdg5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Feb 16, 2018 at 11:18:12AM +0000, Ard Biesheuvel wrote:
> On 16 February 2018 at 11:08, Borislav Petkov <bp@alien8.de> wrote:
> > On Fri, Feb 16, 2018 at 10:58:47AM +0000, Ard Biesheuvel wrote:
> >> By your own reasoning above, that's a no-no as well.
> >
> > I'm sure we can come up with some emulation - the same way we did the
> > BIOS emulation.
> >
> >> But thanks for your input. Anyone else got something constructive to c=
ontribute?
> >
> > The not-breaking userspace is constructive contribution. The last
> > paragraph is my usual rant.
> >
>=20
> Fair enough. And I am not disagreeing with you either.
>=20
> So question to Joe: is it well defined which variables may exhibit
> this behavior?

For brevity's sake, "not yet." Folks-- e.g. firmware writers and
equipment makers-- may use SMIs more (or less) than others. So, how many
SMIs generated by the reference shell script can, and will, vary
platform to platform. I and my colleagues are digging into this.

> Given that UEFI variables are GUID scoped, would whitelisting certain
> GUIDs (the ones userland currently relies on to be readable my
> non-privileged users) and making everything else user-only solve this
> problem as well?

Perhaps. I don't want us chasing white rabbits just yet, but the
whitelist is but one approach under consideration. We may see some other
patches or RFCs about caching and/or shadowing variable values in
efivarfs to reduce the number of direct EFI reads, with the goal of
reducing how many SMIs are generated.

Any obvious EFI variables that userspace tools have come to depend on--
those which normal, unprivileged users need to read-- are helpful inputs
to this discussion.

The discussion is double-ended: asking the "which variables almost
always cause SMIs?" at the front and "which variables do normal,
unprivileged tools need for standard operation?" at the back.


Cheers, thanks for the feedback and consideration

--xshtw7avu7dmxdg5
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJahyd6AAoJEI2IR9UvSqpmYF4P+gI6oe1l8WJIsfLDjokgjTsF
+JcfSZcqHHFZUopYn3QcHMQZNc4vrVkMkV5wZRTEkVp3QU1x9fKeNeQxLRbkAIW8
mpjf4ksGCsPrKwVyYVB0AJTaluabSladzCrzzSh7kGlKW2UgYR5bdGox4KnXjNGM
WSqPhIqSeK/Ojt5PCIlj5JNaEhjC3J+vEIOLwPs7FeLHMlaNiE1lLRqabGbZPLv/
JSfwStJ0Gu3WvjXgo8b7fy4tMwC14h1/ZVlj4xaX/2S3xtmZhccOBCD0iKxgXk2S
RAxVBP+y9czJ8u91Y5ePLkOPQs4/B8LVhRmy+azrQDmBn2v8YWnj4kfQPRFqISz6
bJKdQLWpzgpcpPXeftzViEQLttVzERKZTdfjNao4H2i8S3pYcO6KT++hNEljVBQ0
rNJBcavfawk1bD3/5B869XJ0f5Noql2iqLvLH5iSS+bSU3f/hlpM2Pqpexqa3Pcj
XJA4S+zlKQU9LJW3KhC5VzsBf+yik5hVW/JAF6ceNQ19DhDBVnrAP0VjS9TXQSuA
+8X59VzCSnBs4FqSLn0kFHrmEQar83RFLBRD3I58YHgnNWcsS+eBmuwMr0+LxWrq
aPXaTIuWfOXGFVq1cgZtKq5zJfoKz4qY88bL49+iQonx8y90AKRnGmUbASLXpXuX
l7nWydx1DGw7nuLrK/TL
=HYZS
-----END PGP SIGNATURE-----

--xshtw7avu7dmxdg5--