Received: by 10.223.185.116 with SMTP id b49csp1068752wrg; Fri, 16 Feb 2018 11:52:36 -0800 (PST) X-Google-Smtp-Source: AH8x227gr7IveTPA90rWngeUh/A9TUCpVKv6ZpnSDm6OWg67f6h9jLXJDMskOp3l9CzlR3ZNMS7t X-Received: by 2002:a17:902:7404:: with SMTP id g4-v6mr6750806pll.235.1518810756486; Fri, 16 Feb 2018 11:52:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518810756; cv=none; d=google.com; s=arc-20160816; b=JTJQ3qelD9EC3jCG0kXaGp+m1CmmoTOB7tEpFWf/FsZJrJnA1eUYKDz1Q/2v5S7ELD o2rjM2CQBlthQvfDwLPx1liW3jqkCCOJ0HmGI3ZulKL582eGLoCzCiX0FFAUUPoTG8SA Zh7Hw0UD2WjocpO5MyXQmai1OKsEHHX1N+N9ipnRSx9fUYDV9gWlULzmw1r+w+F32FUg 2GVbw4v6Xabx6ApnRodQ39+PzJ2UAwCbxQCswgsMxIjtdNRsvConCBbsGuofVJILgmc2 vz5O8Uwo6ZC8m2O9mJE3cH/RKe8teW+Ti1V/n1+twkYZWi052dUFvhMdvPlvPXBbV5nX wSiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=Anu7kkb7Bfg/+A70VkFDod96GqB060etoSsRmN3GJd4=; b=c+ouu/FTBwQfOmajFaCL1fgw9RccqJ5SRRQzxWf6YwKWmWZA/E+8f5mit89rQrRPcJ n3fnLTbqbGXpOKWNig4KoMKUiRFfLzjsfZu8Zqlo8tE2qkN0p+RpjVKe7ozAEfZblUBV D8PF2ci5XGSx1/XcwOmSE9UWIjsYAJyIhe0rQbYqSg3d7iZvti5xstgXI9MELk/aJXNR iGKE3X/6/R3T0EXlxr0m5NY9wFjWoywn2Ln0JGeZY229eGLFqczqLRv6v5H2KKeidOR6 yu91flhHe6RGf1ZySTqtnDMDKUvl8OEn2r0KnS01WNLAlZgAviMOC+YvPTuhm+sIay9E zQvg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=aLNcZ5uF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p18-v6si1739880plo.388.2018.02.16.11.52.21; Fri, 16 Feb 2018 11:52:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=aLNcZ5uF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750920AbeBPTvl (ORCPT + 99 others); Fri, 16 Feb 2018 14:51:41 -0500 Received: from mail-io0-f181.google.com ([209.85.223.181]:39205 "EHLO mail-io0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750782AbeBPTvj (ORCPT ); Fri, 16 Feb 2018 14:51:39 -0500 Received: by mail-io0-f181.google.com with SMTP id b34so2430177ioj.6 for ; Fri, 16 Feb 2018 11:51:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Anu7kkb7Bfg/+A70VkFDod96GqB060etoSsRmN3GJd4=; b=aLNcZ5uFOiJYny+k/F7du4rg+7/RZKqc7U5VxWJCDV9WhbEdG/2ECMDqQo97AgWlwV 71YlMbiFHvBaMZkwF68BKZ3xEPm31n5Xth1qjdqdpKvy24SRtjJ9tN/1DXV3Y8GUESge l4Z6T6piPy0jrZyZhetZzeHDyoy0flvC+sQNZY4Azot/gqOUCFVFcJOdWksA8G1X8oc+ 9mvsAqVXAOkZW59ibyLtozGe/ChKCJju0xZuLfGU9TonmrPdXX8czkwTeUmxZFjKZPyo s8G+KEM3Ccbn0WtO/fw1j1Qi49vfPzk2tMjfGAT2eDBYBxSy0fttryRcy/FFj7n0lxbG SpbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Anu7kkb7Bfg/+A70VkFDod96GqB060etoSsRmN3GJd4=; b=e+pidFWQeVIKSYufxEwV5TQ1RaTA9FoTJy1iY8ovtZRQxt6cR/DWFz7GO8AiH4L7nQ ab7+IqZteyyVHTUjj/eZ5sJYSKkcll8nQV04Mz6S1W/V8m+bgdeDQod7I7qNFEztV5CS h3guSkElGKVzfb5OQsOOY/mFDd8mOTkGEpRGuBCw/VXufRRo7MbIPApDy11lhZrZy3j7 KQuGYsTncSKOwSp2pnCbY1x/wAmpw2cEXuSNdEV4t8kSdwB8niPgyYAa5B0/R2LgbdjJ lKJUcJNVeifSPNfFcIYJs4ydUaWYTFlmf8dUl0kIy299ThWW3sILJ2iCH0/jRCYgnoEC 5dgQ== X-Gm-Message-State: APf1xPDC2mypBYP/+KASy4RGK+QeFeLfeGnMS60u6+P5kGNmpeQlNcDF yzjNtaBVDmmBwQUQ/x5O1v411akTv8sFgYhDlgqYmw== X-Received: by 10.107.180.71 with SMTP id d68mr8207290iof.244.1518810698245; Fri, 16 Feb 2018 11:51:38 -0800 (PST) MIME-Version: 1.0 References: <20180215182208.35003-1-joe.konno@linux.intel.com> <20180216105548.GA29042@pd.tnic> <20180216110821.GB29042@pd.tnic> <20180216184832.sqreq5zhar3jqdae@jbkonno-saint14> <20180216192220.wljl23g533sc3oxg@redhat.com> In-Reply-To: From: Matthew Garrett Date: Fri, 16 Feb 2018 19:51:27 +0000 Message-ID: Subject: Re: [PATCH 0/2] efivars: reading variables can generate SMIs To: Ard Biesheuvel Cc: pjones@redhat.com, joe.konno@linux.intel.com, bp@alien8.de, mingo@kernel.org, luto@kernel.org, linux-efi , Linux Kernel Mailing List , jk@ozlabs.org, ak@linux.intel.com, tony.luck@intel.com, benjamin.drung@profitbricks.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 16, 2018 at 11:31 AM Ard Biesheuvel wrote: > This is why I was leaning towards applying these patches: not breaking > userland is an important rule, but it does not imply every aspect of > behavior observable by userland is set in stone. In other words, I > agree with Peter that making this change does not *break* userland in > a way anyone is likely to care deeply about. In some modes tpmtotp will run as non-root and expect to be able to read an EFI variable.