Received: by 10.223.185.116 with SMTP id b49csp1185727wrg; Fri, 16 Feb 2018 14:06:57 -0800 (PST) X-Google-Smtp-Source: AH8x227Bxcbrb80zJv0wPEnAgo3mgNsEWcIC6cZ2oPgXszt+Roc7pGYP70yk1ODnAh3sybvVptk9 X-Received: by 10.101.97.175 with SMTP id i15mr6124838pgv.55.1518818817787; Fri, 16 Feb 2018 14:06:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518818817; cv=none; d=google.com; s=arc-20160816; b=AWjjurY4Jxn0JnK0N15TmyQj8H84xFdex82a2rIwTtyMjeQY62H9ERuBQcTH3XUEsK jEgQjbR+x/unlCMOqx19AAH4/qHGL9eg/2UWrLj8TQOxmunoTMpWxvgQeCuu5WVF3BCV Vjsc7btxyeaRRFMoEi4WIp9c3HzYDwI5OdJYf+oigjCY0w6gN1qpe9mJZoeOY47Gi3Bx 0TmOvpijg9+XdADlGdztTFKrdiNuteynZSpAe9xUhC8YaNS7q3lo3kobD4G9Ixy9si9y 4/G56tbIwHRFsHVtp2TiQZ81YsHSCksbTJ+kRhBxlzdyIedPXPaBRvn8pFMtYeiz70J6 /xOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=egH6PI9EGc1nI0027uWpijNWsBgvhXgkN9eBMKaWdR8=; b=GsRdoQs4kVyyq79NWBXrsXU4QDnOUvKvrfw6Nwux8ORG6IXk7jLq3/9dOExwWDU+TG JqHjbQxdT4fh3n2ikDEOGSOIRrA6Y2+lPsxi+Yifi2foS9JE/p98JrS5R874iyqNp3qb Z2Idbk75lIKkUsA9kq+kHAmC1GMdcggf7er8PwGQnVRpICBuTZwJMiydEtTVwmdK/a6c dnqwwVr8k5NOb+twasf0O+f0BDAcOyUkslFcOymC9N5R5gsnfrQ4oXX0VQA9/FlqHhbH PP5073neLbfKhKoVcmsieJ72g1t/uKJxFHkYju27efXp8geL2UbvWhGLx3pLpDviEuun ZMng== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r5si211830pgt.92.2018.02.16.14.06.43; Fri, 16 Feb 2018 14:06:57 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750933AbeBPWFn (ORCPT + 99 others); Fri, 16 Feb 2018 17:05:43 -0500 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:51540 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750780AbeBPWFl (ORCPT ); Fri, 16 Feb 2018 17:05:41 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C543D407519B; Fri, 16 Feb 2018 22:05:40 +0000 (UTC) Received: from redhat.com (dhcp-10-20-1-221.bss.redhat.com [10.20.1.221]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 03B90213AEE2; Fri, 16 Feb 2018 22:05:38 +0000 (UTC) Date: Fri, 16 Feb 2018 17:05:37 -0500 From: Peter Jones To: "Luck, Tony" Cc: James Bottomley , Ard Biesheuvel , Joe Konno , Matthew Garrett , Ingo Molnar , Andy Lutomirski , Borislav Petkov , "linux-efi@vger.kernel.org" , Linux Kernel Mailing List , Jeremy Kerr , Andi Kleen , Benjamin Drung Subject: Re: [PATCH 0/2] efivars: reading variables can generate SMIs Message-ID: <20180216220536.liew4p4kqmaxwmfh@redhat.com> References: <20180215182208.35003-1-joe.konno@linux.intel.com> <1518814319.4419.10.camel@HansenPartnership.com> <3908561D78D1C84285E8C5FCA982C28F7B37942B@ORSMSX110.amr.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <3908561D78D1C84285E8C5FCA982C28F7B37942B@ORSMSX110.amr.corp.intel.com> User-Agent: NeoMutt/20171215 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Fri, 16 Feb 2018 22:05:40 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Fri, 16 Feb 2018 22:05:40 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'pjones@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 16, 2018 at 09:09:30PM +0000, Luck, Tony wrote: > > That said, I'm not sure how many non-root users run the toolkit to > > extract their EFI certificates or check on the secure boot status of > > the system, but I suspect it might be non-zero: I can see the tinfoil > > hat people wanting at least to check the secure boot status when they > > log in. > > Another fix option might be to rate limit EFI calls for non-root users (on X86 > since only we have the SMI problem). That would: > > 1) Avoid using memory to cache all the variables > 2) Catch any other places where non-root users can call EFI I could get behind that as well. Currently the things I maintain do approximately this many normal accesses with invocations you can do as a user: "efibootmgr -v" - six files we always try to read, plus one per Boot#### entry. "fwupdate --info" - one file it always tries to read, one file for each ESRT entry. "dbxtool -l" - one file it always reads. "mokutil --sb-state" - reads the same file twice. I don't maintain this, but I'll send a patch to Gary to make it only read it once. AFAICS all of the other invocations you can currently do as a user /legitimately/ read two files, though. Some systems seem to *love* making a pile of Boot#### entries; I think the most I've seen is something like 16. So on that machine, one "efibootmgr -v" invocation is ~22 efivars files read. I've never seen a machine that advertised more than 2 ESRT entries, but maybe we'll get there some day. -- Peter