Received: by 10.223.185.116 with SMTP id b49csp1072099wrg;
        Fri, 16 Feb 2018 11:57:19 -0800 (PST)
X-Google-Smtp-Source: AH8x224FKpbi8sDEz1Mk86AkQVDdm8ld2rhlZSrOomOQY1J8B7mvnJ5q2Rp46yWwdvCvH9WClwDZ
X-Received: by 2002:a17:902:b2c6:: with SMTP id x6-v6mr6770889plw.285.1518811039750;
        Fri, 16 Feb 2018 11:57:19 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518811039; cv=none;
        d=google.com; s=arc-20160816;
        b=LD37WXsIcNj/RrVCOSQCAJO9z765S/LkwVoCbvd41LxwWCLWEELqkL7sw3S17KPkLu
         997DP8vZfo+EnAfi2dfPr8gi1L01W8Hgwwp8LdUttXWhHD738NK8SOu2CBd20r3AXBXF
         rpru3n/uugmBZ/PRsJj5sdkMejanZZ/Z4IzovRjIkRCUTm3Sy0aPsRrjs5pnLZrnB05Z
         n+9ygwwlGpHuWJ6nJ3y+6HXdm9OzRBxW9h4NdOdaIaB2k/gWtLwKvhn9ziMKtV3yf0Xb
         ExfmV+HTzLzmnG78f7rnsH924uGmpRgnXK8Nokzk6UqgeY9e3wptI3ql0f6cSn+UKwZ/
         wrZQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=mOdY+PIJPqYDubsK0QVjqrJLt3pd6agTMd5oo/YpLlI=;
        b=HHlovhp0SxRYVgxd0mGcgsljLsaVe7k1UUoHn7z792K88saDJgquilBuVDS4IuJex0
         JxKXUDa1hgB7B89uJTVa3OQ6wfCm/YnMbW4Clutw5eZJJmUzG10d6pucK9UXClScVhG2
         2DtBrmhD6OuBhRjlZA8F/oNiP3qmvD47hlv2z4Ft67OuWMyhqIKgfDT9obQw5Y7aTNpq
         BGrYlYDN3kTrwRHX1fdmVxSgL5a61owoR7KhaPuFKDxR7gF0neaLpJ8iY5OStNOOYuxB
         3mXvllTIsMquiMQI6N9YwiSg2+1Ej1mD4K1Nc36vU+cJl0P3dUBM2uHOqIEnUbyMesp2
         95qw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q69si1809783pfa.300.2018.02.16.11.57.05;
        Fri, 16 Feb 2018 11:57:19 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751162AbeBPTy5 (ORCPT <rfc822;morganleezd2003@gmail.com>
        + 99 others); Fri, 16 Feb 2018 14:54:57 -0500
Received: from mx3-rdu2.redhat.com ([66.187.233.73]:41612 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1750763AbeBPTyy (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 16 Feb 2018 14:54:54 -0500
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id 62A26404085B;
        Fri, 16 Feb 2018 19:54:53 +0000 (UTC)
Received: from redhat.com (dhcp-10-20-1-221.bss.redhat.com [10.20.1.221])
        by smtp.corp.redhat.com (Postfix) with ESMTPS id C54BE215672D;
        Fri, 16 Feb 2018 19:54:52 +0000 (UTC)
Date:   Fri, 16 Feb 2018 14:54:51 -0500
From:   Peter Jones <pjones@redhat.com>
To:     "Luck, Tony" <tony.luck@intel.com>
Cc:     Joe Konno <joe.konno@linux.intel.com>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Borislav Petkov <bp@alien8.de>,
        Matthew Garrett <mjg59@google.com>,
        Ingo Molnar <mingo@kernel.org>,
        Andy Lutomirski <luto@kernel.org>,
        "linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Jeremy Kerr <jk@ozlabs.org>, Andi Kleen <ak@linux.intel.com>,
        Benjamin Drung <benjamin.drung@profitbricks.com>
Subject: Re: [PATCH 0/2] efivars: reading variables can generate SMIs
Message-ID: <20180216195450.apea25yhxzrfhkjm@redhat.com>
References: <20180215182208.35003-1-joe.konno@linux.intel.com>
 <CAKv+Gu80pJ5tbGoJqBm8CCKrEZXdkE83c944383KbQ5jREUC0Q@mail.gmail.com>
 <20180216105548.GA29042@pd.tnic>
 <CAKv+Gu8qm2wFxY56-eRLkLZB6fRUCmZbZo=4cvo5e4JDFh01Gg@mail.gmail.com>
 <20180216110821.GB29042@pd.tnic>
 <CAKv+Gu_SD6yWJMGbTwGUWXtrgZKPkpANNaGe1PUruTG9j0yhcg@mail.gmail.com>
 <20180216184832.sqreq5zhar3jqdae@jbkonno-saint14>
 <20180216192220.wljl23g533sc3oxg@redhat.com>
 <3908561D78D1C84285E8C5FCA982C28F7B37917B@ORSMSX110.amr.corp.intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <3908561D78D1C84285E8C5FCA982C28F7B37917B@ORSMSX110.amr.corp.intel.com>
User-Agent: NeoMutt/20171215
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Fri, 16 Feb 2018 19:54:53 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Fri, 16 Feb 2018 19:54:53 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'pjones@redhat.com' RCPT:''
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Feb 16, 2018 at 07:32:17PM +0000, Luck, Tony wrote:
> > tl;dr: I think changing everything to 0600 is probably completely fine,
> > and whitelisting is probably pointless.  
> 
> But do you speak for all users?

No, I just write their tools :)

> It will just take one person complaining that efibootmgr no longer
> shows them what it used to show to bring down the wrath of Linus on
> our (specifically Joe's) head for breaking user space.

The userland use case is gazing idly at the values without intending to
do anything about them.  And most of this is firmware config and
firmware/OS interaction.  Honestly it should never have been user
readable to begin with.

But also, we had a bug for quite some time where efibootmgr created
everything as 0600, and as a result non-root users couldn't do e.g.
"efibootmgr -v" and see the paths of new entries until a reboot
occurred.  Nobody ever reported it in bugzilla.redhat.com or efibootmgr
or efivar's github issues pages.  One person noticed it while commenting
about another issue, but didn't see it as related to his actual issue or
being a bug so much as "weird" that listing worked as non-root before
changing something but not after.

Another user asked about getting permission denied while setting the
boot order on askubuntu here:
https://askubuntu.com/questions/688317/getting-permission-denied-errors-from-efibootmgr
The response was exactly that you have to run it as root.  I think it's
telling that nobody said anything about reading vs writing.

> I've got someone about to start looking at making efivarfs read and save
> the values during mount, so all the read-only options can continue to work
> without making EFI calls.
> 
> This will cost some memory (say 20-30 variables at up to 1K each).

71 variables on my laptop, and the 1K restriction went away a *loooong*
time ago.  It was fully excised from the userland tools in 2013.  On my
laptop, 4 of those 71 variables are >5000 bytes.  The total storage of
all of the data in the variables is 38kB.

I still think changing it to 0600 and calling this done is the right
thing to do.

-- 
  Peter