Received: by 10.223.185.116 with SMTP id b49csp1072099wrg; Fri, 16 Feb 2018 11:57:19 -0800 (PST) X-Google-Smtp-Source: AH8x224FKpbi8sDEz1Mk86AkQVDdm8ld2rhlZSrOomOQY1J8B7mvnJ5q2Rp46yWwdvCvH9WClwDZ X-Received: by 2002:a17:902:b2c6:: with SMTP id x6-v6mr6770889plw.285.1518811039750; Fri, 16 Feb 2018 11:57:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518811039; cv=none; d=google.com; s=arc-20160816; b=LD37WXsIcNj/RrVCOSQCAJO9z765S/LkwVoCbvd41LxwWCLWEELqkL7sw3S17KPkLu 997DP8vZfo+EnAfi2dfPr8gi1L01W8Hgwwp8LdUttXWhHD738NK8SOu2CBd20r3AXBXF rpru3n/uugmBZ/PRsJj5sdkMejanZZ/Z4IzovRjIkRCUTm3Sy0aPsRrjs5pnLZrnB05Z n+9ygwwlGpHuWJ6nJ3y+6HXdm9OzRBxW9h4NdOdaIaB2k/gWtLwKvhn9ziMKtV3yf0Xb ExfmV+HTzLzmnG78f7rnsH924uGmpRgnXK8Nokzk6UqgeY9e3wptI3ql0f6cSn+UKwZ/ wrZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=mOdY+PIJPqYDubsK0QVjqrJLt3pd6agTMd5oo/YpLlI=; b=HHlovhp0SxRYVgxd0mGcgsljLsaVe7k1UUoHn7z792K88saDJgquilBuVDS4IuJex0 JxKXUDa1hgB7B89uJTVa3OQ6wfCm/YnMbW4Clutw5eZJJmUzG10d6pucK9UXClScVhG2 2DtBrmhD6OuBhRjlZA8F/oNiP3qmvD47hlv2z4Ft67OuWMyhqIKgfDT9obQw5Y7aTNpq BGrYlYDN3kTrwRHX1fdmVxSgL5a61owoR7KhaPuFKDxR7gF0neaLpJ8iY5OStNOOYuxB 3mXvllTIsMquiMQI6N9YwiSg2+1Ej1mD4K1Nc36vU+cJl0P3dUBM2uHOqIEnUbyMesp2 95qw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q69si1809783pfa.300.2018.02.16.11.57.05; Fri, 16 Feb 2018 11:57:19 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751162AbeBPTy5 (ORCPT + 99 others); Fri, 16 Feb 2018 14:54:57 -0500 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:41612 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750763AbeBPTyy (ORCPT ); Fri, 16 Feb 2018 14:54:54 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 62A26404085B; Fri, 16 Feb 2018 19:54:53 +0000 (UTC) Received: from redhat.com (dhcp-10-20-1-221.bss.redhat.com [10.20.1.221]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C54BE215672D; Fri, 16 Feb 2018 19:54:52 +0000 (UTC) Date: Fri, 16 Feb 2018 14:54:51 -0500 From: Peter Jones To: "Luck, Tony" Cc: Joe Konno , Ard Biesheuvel , Borislav Petkov , Matthew Garrett , Ingo Molnar , Andy Lutomirski , "linux-efi@vger.kernel.org" , Linux Kernel Mailing List , Jeremy Kerr , Andi Kleen , Benjamin Drung Subject: Re: [PATCH 0/2] efivars: reading variables can generate SMIs Message-ID: <20180216195450.apea25yhxzrfhkjm@redhat.com> References: <20180215182208.35003-1-joe.konno@linux.intel.com> <20180216105548.GA29042@pd.tnic> <20180216110821.GB29042@pd.tnic> <20180216184832.sqreq5zhar3jqdae@jbkonno-saint14> <20180216192220.wljl23g533sc3oxg@redhat.com> <3908561D78D1C84285E8C5FCA982C28F7B37917B@ORSMSX110.amr.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <3908561D78D1C84285E8C5FCA982C28F7B37917B@ORSMSX110.amr.corp.intel.com> User-Agent: NeoMutt/20171215 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Fri, 16 Feb 2018 19:54:53 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Fri, 16 Feb 2018 19:54:53 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'pjones@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 16, 2018 at 07:32:17PM +0000, Luck, Tony wrote: > > tl;dr: I think changing everything to 0600 is probably completely fine, > > and whitelisting is probably pointless. > > But do you speak for all users? No, I just write their tools :) > It will just take one person complaining that efibootmgr no longer > shows them what it used to show to bring down the wrath of Linus on > our (specifically Joe's) head for breaking user space. The userland use case is gazing idly at the values without intending to do anything about them. And most of this is firmware config and firmware/OS interaction. Honestly it should never have been user readable to begin with. But also, we had a bug for quite some time where efibootmgr created everything as 0600, and as a result non-root users couldn't do e.g. "efibootmgr -v" and see the paths of new entries until a reboot occurred. Nobody ever reported it in bugzilla.redhat.com or efibootmgr or efivar's github issues pages. One person noticed it while commenting about another issue, but didn't see it as related to his actual issue or being a bug so much as "weird" that listing worked as non-root before changing something but not after. Another user asked about getting permission denied while setting the boot order on askubuntu here: https://askubuntu.com/questions/688317/getting-permission-denied-errors-from-efibootmgr The response was exactly that you have to run it as root. I think it's telling that nobody said anything about reading vs writing. > I've got someone about to start looking at making efivarfs read and save > the values during mount, so all the read-only options can continue to work > without making EFI calls. > > This will cost some memory (say 20-30 variables at up to 1K each). 71 variables on my laptop, and the 1K restriction went away a *loooong* time ago. It was fully excised from the userland tools in 2013. On my laptop, 4 of those 71 variables are >5000 bytes. The total storage of all of the data in the variables is 38kB. I still think changing it to 0600 and calling this done is the right thing to do. -- Peter