Received: by 10.223.185.116 with SMTP id b49csp1103460wrg; Tue, 20 Feb 2018 13:24:02 -0800 (PST) X-Google-Smtp-Source: AH8x227N9jD3/LRoVVb4Bc1qL8DfX/NVKKdcVV3CLdxlDShTHcyw66H1BcCVPs6AI2JVRFNms3Rs X-Received: by 10.99.155.1 with SMTP id r1mr792118pgd.422.1519161842373; Tue, 20 Feb 2018 13:24:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519161842; cv=none; d=google.com; s=arc-20160816; b=hrXjYYbd6qcTlXgtmWN98AU8B+TnYQtn9gg+8V1WaMYLPbrGTpLZN5UhAQvGDY0+w3 snAk87EsTOKfBQ+Slsw5eKL07HhwPxztdwprWo5VHXzq8wFEv8FZPx7q7jKiDyVQ7e9L 7fAsHovgtMeKmqrGyBPwflhFltLF1FfcrQ90Zvx2ZNQ1U3zqS3f52LKUVmnqkeCaCG2T YxhLQS82+w9344Rp5x7dHCHqDiOqf91wRXIjRGijQq5Dk6nTKQWb+rP0Oy4wg3J0GV3O 85fmccsj2iNVrnDfKIi5RW/Ss6H81OgILHiRNpovla6LgHquvS0+lDZWNnshzf0wvMnm 9vAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=DXS/Q3qNRMoWX2q3sLOoGK3gMw29Jn/kyosAHUjBC7A=; b=zeJNQtIBtS8MYL0CFT6eG+A3ZYLAtNiOynhWoPOmz+jN4ohs6vL0xrhjIp63CTqPpq npBIP6sVFS+UTw3zN1bbEAceZ9BiBVZRorEyd9T8BRX8fTPtFnQclRIkatAqXh0IfVcf 85GLcJB2dqXdfBHVMiPm2C9Hhnx5B1YKNsKkcNzGr6MkcJwV0vhsHWFJHbbhlzb/SDqA C0ISmODMKecwGE2Zn/UkKw87haI66ES8PV9+1Se6gMI2ms8Uxgdu5fBkU2pa2vRxvTCH aNIzXOST92iQrtGqYV4WuuNu8nUeniI3irVKObJ/YGTO5JBwm6QsZBu8UHl0iZiYcEU4 Mm7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=qmO/bFrW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p12-v6si406692pls.66.2018.02.20.13.23.38; Tue, 20 Feb 2018 13:24:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=qmO/bFrW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751470AbeBTVWm (ORCPT + 99 others); Tue, 20 Feb 2018 16:22:42 -0500 Received: from mail-io0-f181.google.com ([209.85.223.181]:46191 "EHLO mail-io0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750799AbeBTVWl (ORCPT ); Tue, 20 Feb 2018 16:22:41 -0500 Received: by mail-io0-f181.google.com with SMTP id p78so16474683iod.13 for ; Tue, 20 Feb 2018 13:22:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DXS/Q3qNRMoWX2q3sLOoGK3gMw29Jn/kyosAHUjBC7A=; b=qmO/bFrWpfe5gIdIK0nrHUtMVocRYnmVRG+1UWXhxrArEic7cUrjBYt4onNvEs5nEz meb/lnh28rRUaubFOOcpbOAcVwf5gnnD570n8IwQrCvvluXvVzxSuaM1Rhc4fhEgzvkP q6o/oNrGGFSc+h9sNynjrwr5Z2Bow8SPSMfJKf5UcQTuVFzcE4MQJZd1HKrcWfBimWrm qzo1acTKUEPsIn13qnKgZGfnd5jo+Gd0TW8i8B/C/ZqfS0bilAxsUsDIB1xukHhVkE3o +a2QPP/FdhI12TKKL6vAl4+sONu8HD1dG7PsbZk5V9xN3Dw7CwX440lIBXtB5W/Auf2i e1KQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DXS/Q3qNRMoWX2q3sLOoGK3gMw29Jn/kyosAHUjBC7A=; b=HIVxPF+nTURnUeBwRTSoBL0AzEJdYU3lsCR0ShWuwOijknqaPJ+iS694tpiRcUtqrI Vwd75YzawFEOl/tT3jb+3Ir20LEbTxc2tx0/dkz3BK/1LSUFO/Ncl2k4kLdlDgYfIPea qg1MT+m9wlyX8XpYmiljbgCA65NBJxC1K28LyxjzNCcHpKY3rJr7p1cPOv8zIbGQSm5W TvKh33YqUyUYwBzQEvoajtNs8u9oQdpsCPTG1jOm15svKr3ENxrG+3EYaGhATtfBzrva 3rf63E4EiOFUr+d3PQzHLyzM7QIXO9pQEresd1kAg6wcrG3TiCYbGY7HGyhRiEv+4stZ 8ztg== X-Gm-Message-State: APf1xPC+f97BtTveIQZeRnAh5E3LR2ERHCoANvYvlX1k+eCNI3V89lbt jOZZlaQkduHZJfo8XbLkSko7pnjYMiiu/qytyk2KxA== X-Received: by 10.107.180.71 with SMTP id d68mr1419463iof.244.1519161760611; Tue, 20 Feb 2018 13:22:40 -0800 (PST) MIME-Version: 1.0 References: <20180215182208.35003-1-joe.konno@linux.intel.com> <20180215182208.35003-2-joe.konno@linux.intel.com> <6680a760-eb30-4daf-2dad-a9628f1c15a8@kernel.org> <20180220211849.fqjb6rdmypl6opir@agluck-desk> In-Reply-To: <20180220211849.fqjb6rdmypl6opir@agluck-desk> From: Matthew Garrett Date: Tue, 20 Feb 2018 21:22:29 +0000 Message-ID: Subject: Re: [PATCH 1/2] fs/efivarfs: restrict inode permissions To: tony.luck@intel.com Cc: Linus Torvalds , joe.konno@linux.intel.com, linux-efi , Linux Kernel Mailing List , Ard Biesheuvel , matthew.garrett@nebula.com, Jeremy Kerr , ak@linux.intel.com, pjones@redhat.com, luto@kernel.org, James Bottomley Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 20, 2018 at 1:18 PM Luck, Tony wrote: > Does this rate an exception to the "don't break userspace" for a security issue? To be clear, when you say "security" is this in reference to it being a denial of service, or are you worried about other interactions that may cause wider security issues?