Received: by 10.223.185.116 with SMTP id b49csp1110960wrg;
        Tue, 20 Feb 2018 13:33:54 -0800 (PST)
X-Google-Smtp-Source: AH8x225CJwVKLvljiBgF6vLQrWG4ZP887dj1n3BSsL4BR5q3oOUr3VEOlT+DuzynN+xYH7LYCnVA
X-Received: by 10.99.165.9 with SMTP id n9mr795672pgf.324.1519162434214;
        Tue, 20 Feb 2018 13:33:54 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519162434; cv=none;
        d=google.com; s=arc-20160816;
        b=bnfRTpNvpP9kyWcEE6bVNK1kndzvmBO6/ENRexKoxoz2VxbynFen8VLlb34w8UNRFp
         24CRZwCtO2De7qOfA1xXYAsRgiyDQFQ02QqFifG4aEVPmBiPWhteXCKvj3AqpfJfcfRA
         zDg5OfEEbokMHqwnVodhtQuufIn+WeVbF+5XJ136Jxr4SM8zvbP0TKYlk2TwCbV6quag
         SS0o0dpYHaTRFOLaAKL1EUSzYx/QYRC3yAfw3rt/aqVmHaK1QKz6X1qq9j8rN27MCo6k
         9kXjFBd6QnAnPxBZATpxaO5Pvqqu1A3oWkU8zQSj//SBOndCHNo/dhdVwsoZKkvWIFG6
         73gw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=9D5dSRgkIPqfI/vV1XII1olR3kAItvcpKCcLXjf1s9k=;
        b=siE8JLE27M7WPwugq0iexYpwL4lFrYLCZq77VvogUatIcFdHr9GODoUB0+R1shG47h
         fJHltFW3yuXoku6wBoZQ3k428kz9f0vWeQowo/TQrVpdeNQmKGP9mHKvxgW4/9/o2NPq
         DzF2ZS60wJW5Hlpo55WYjt8fTDrAPPeQgABMUe5hyuo6fF7pbjaCKluztNtMjUag35PD
         /vLs/ha4zJwAS/nhrg4GoTyKro21ps6XSAqt7OBgAfFFbdWrCOLYE7I8SsYXNrwoctcH
         hG6cfA+o8nXmYNiF9pDoSh2UPiF8Npj7WA/sOa9bZGqHBuZJJ5ubOuFsNP6pq10i8rZi
         q/Ig==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d12si1728687pfh.72.2018.02.20.13.33.40;
        Tue, 20 Feb 2018 13:33:54 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751437AbeBTVcw (ORCPT <rfc822;xiaochao379261131@gmail.com>
        + 99 others); Tue, 20 Feb 2018 16:32:52 -0500
Received: from mga07.intel.com ([134.134.136.100]:45163 "EHLO mga07.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1750710AbeBTVcv (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 20 Feb 2018 16:32:51 -0500
X-Amp-Result: UNSCANNABLE
X-Amp-File-Uploaded: False
Received: from orsmga006.jf.intel.com ([10.7.209.51])
  by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Feb 2018 13:32:50 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.46,541,1511856000"; 
   d="scan'208";a="19826239"
Received: from agluck-desk.sc.intel.com (HELO agluck-desk) ([10.3.52.160])
  by orsmga006.jf.intel.com with ESMTP; 20 Feb 2018 13:32:50 -0800
Date:   Tue, 20 Feb 2018 13:32:47 -0800
From:   "Luck, Tony" <tony.luck@intel.com>
To:     Matthew Garrett <mjg59@google.com>
Cc:     Linus Torvalds <torvalds@linux-foundation.org>,
        joe.konno@linux.intel.com, linux-efi <linux-efi@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        matthew.garrett@nebula.com, Jeremy Kerr <jk@ozlabs.org>,
        ak@linux.intel.com, pjones@redhat.com, luto@kernel.org,
        James Bottomley <james.bottomley@hansenpartnership.com>
Subject: Re: [PATCH 1/2] fs/efivarfs: restrict inode permissions
Message-ID: <20180220213246.43y2vbiiikqyx2ys@agluck-desk>
References: <20180215182208.35003-1-joe.konno@linux.intel.com>
 <20180215182208.35003-2-joe.konno@linux.intel.com>
 <6680a760-eb30-4daf-2dad-a9628f1c15a8@kernel.org>
 <20180220211849.fqjb6rdmypl6opir@agluck-desk>
 <CACdnJusL1Vj_rvhZY+0_KZkrk=fwnQcr1y+vxOBmUXa4xdHHsg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CACdnJusL1Vj_rvhZY+0_KZkrk=fwnQcr1y+vxOBmUXa4xdHHsg@mail.gmail.com>
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Feb 20, 2018 at 09:22:29PM +0000, Matthew Garrett wrote:
> On Tue, Feb 20, 2018 at 1:18 PM Luck, Tony <tony.luck@intel.com> wrote:
> 
> > Does this rate an exception to the "don't break userspace" for a security
> issue?
> 
> To be clear, when you say "security" is this in reference to it being a
> denial of service, or are you worried about other interactions that may
> cause wider security issues?

The immediate problem is the denial of service attack.  I have
a nagging worry that allowing a user to cause an SMI at a precise
time might also be a problem. But I don't know how that could be
leveraged in some other attack.

Making the efivar files 0600 would stop the user from causing the
SMIs. The rate limit solution could include a random delay to make
it tricky to use any attack that relies on an SMI during some specific
code sequence.

-Tony