Received: by 10.223.185.116 with SMTP id b49csp1168882wrg; Fri, 16 Feb 2018 13:46:32 -0800 (PST) X-Google-Smtp-Source: AH8x2250ijiXs/UJKUztCf3QEPwnAwWnid5waUXDq9KAhNi0xcfRHBYuIQHvkZG1JAL8X9bDYKY7 X-Received: by 10.99.143.28 with SMTP id n28mr6168864pgd.254.1518817592350; Fri, 16 Feb 2018 13:46:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518817592; cv=none; d=google.com; s=arc-20160816; b=IkkyOb53FxTD/whYR6bfeYKlGx81ntlUi1TjtY91jDXlq0eg8qY8BpdWWpIBJiJwFR xWLVNMi3IwB6K4u5d5CBblM2PwvLSUw2tsHAutjMLWwCyX8K5hRDK+jGedjTQUi705Kv eKHxjro320pM/SZGOSqozPQiTmYdOGeAZNzmX7eXMEjvsLPrifSJWBaE7SXXCkUNmfQH frXp6F/TdisxKIEjsLt4CE3CVOF2QL0hLeI39IaeEbndSLgTJMtsGzYR7vVG7l1qjNBw lJ9uXiVUYS/gS35Mq6omOnyRMHQpS/MExL7d3kYyvEg3OBljuTE0016BGbCDMiBpNs5g 5RNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dmarc-filter :arc-authentication-results; bh=VcGAELBYL2+umwYCwl8JUQKElIvJKXpJRgRmKe0H7zk=; b=ERwaQxcnnDZ+R4qsPrwujKlCkUDc17Z9MvB0CTpszvg60/+1wv3N2TsEbjTE1SLKvh Ywn7fB6pRMPj59t2Mln3b1/rLh+MBK+MIduuomVBWLInlW63njuWTTvUH2chggOenZ1l oNKb+o1nrmAngw2Vx84tjE1oiKaa/SACyumqs05K6oOha8TXSGiFMr3hkZWcN4741ntA tgX52S80EIjwFQDiGmIiA3pRR6CZZHDYZX8+IoJiWGy3O2erbektPjbePzbiG6mUMtBO aouliHCiyyAMukcmb+wHFuLmLlZhp4Va//PNXDJOBlKzCdHenwz7mFEdJTpRpUZ6Ibjn YxcA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p18-v6si1876364plo.388.2018.02.16.13.46.18; Fri, 16 Feb 2018 13:46:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750869AbeBPVpm (ORCPT + 99 others); Fri, 16 Feb 2018 16:45:42 -0500 Received: from mail.kernel.org ([198.145.29.99]:36238 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750763AbeBPVpk (ORCPT ); Fri, 16 Feb 2018 16:45:40 -0500 Received: from mail-io0-f170.google.com (mail-io0-f170.google.com [209.85.223.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 493F7217D4 for ; Fri, 16 Feb 2018 21:45:40 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 493F7217D4 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org Received: by mail-io0-f170.google.com with SMTP id d13so5575308iog.5 for ; Fri, 16 Feb 2018 13:45:40 -0800 (PST) X-Gm-Message-State: APf1xPCpHvTyhx9gA7wEyfKNXJORPgSNcrqTF3+8HgYuuqaB5B/VEVPB N519usHEuy8XJosJnwSkGeCOKC1yy3AYUrsNChq3Kw== X-Received: by 10.107.153.79 with SMTP id b76mr10155350ioe.192.1518817539566; Fri, 16 Feb 2018 13:45:39 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.137.84 with HTTP; Fri, 16 Feb 2018 13:45:19 -0800 (PST) In-Reply-To: <3908561D78D1C84285E8C5FCA982C28F7B37942B@ORSMSX110.amr.corp.intel.com> References: <20180215182208.35003-1-joe.konno@linux.intel.com> <1518814319.4419.10.camel@HansenPartnership.com> <3908561D78D1C84285E8C5FCA982C28F7B37942B@ORSMSX110.amr.corp.intel.com> From: Andy Lutomirski Date: Fri, 16 Feb 2018 21:45:19 +0000 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 0/2] efivars: reading variables can generate SMIs To: "Luck, Tony" Cc: James Bottomley , Ard Biesheuvel , Joe Konno , Matthew Garrett , Ingo Molnar , Andy Lutomirski , Borislav Petkov , "linux-efi@vger.kernel.org" , Linux Kernel Mailing List , Jeremy Kerr , Andi Kleen , Benjamin Drung , Peter Jones Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 16, 2018 at 9:09 PM, Luck, Tony wrote: >> That said, I'm not sure how many non-root users run the toolkit to >> extract their EFI certificates or check on the secure boot status of >> the system, but I suspect it might be non-zero: I can see the tinfoil >> hat people wanting at least to check the secure boot status when they >> log in. > > Another fix option might be to rate limit EFI calls for non-root users (on X86 > since only we have the SMI problem). That would: > > 1) Avoid using memory to cache all the variables > 2) Catch any other places where non-root users can call EFI I'm going to go out on a limb and suggest that the fact that unprivileged users can read efi variables at all is a mistake regardless of SMI issues. Also, chmod() just shouldn't work on efi variables, and the mode passed to creat() should be ignored. After all, there's no backing store for the mode.