Received: by 10.223.185.116 with SMTP id b49csp1085462wrg; Wed, 21 Feb 2018 11:51:50 -0800 (PST) X-Google-Smtp-Source: AH8x225gYlmIbKAEjmNS2HNRGdW9EC4Ye+CRvYsyXspUJWbLCavObCHFFs/Do6YedyhqGMt55BY9 X-Received: by 10.101.75.70 with SMTP id k6mr3680395pgt.335.1519242710489; Wed, 21 Feb 2018 11:51:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519242710; cv=none; d=google.com; s=arc-20160816; b=Z+8it+vPR1ZNEaC7N489k7nzKFUJydhCIxt/14lN/UBOXLqeFiuvFP5eWtREGvrLvd 9+78rhRyRjs8mTyJ618fUrYKCL+/uPgjnZbo3MnSLS7D9a2XMYow0o0gee+AQrFESWCQ 86JQ4tOC5fWjmlc1ZEqbtcA7oIBDWiQ03aG4MraYJT3aFk1iUCP5B3ghNnvi4i704qKE /7+rwlqQo3FIsbyzAt1gSVXwmNMc9qHB+PzqGXNradFLreTTazKUicfRLihi0LHyImZ4 Hj6o2MaSOanfnyqpTuqPEC8iHToJ3UwC5gEE8mBOHw1cJdLj1JclGtkKwzZ/EkM4cIJ8 I0uA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=A48Niiy9E5YCVvrXXPkcuhd8nCmB2NJfuEi3MHYm65g=; b=HXxlONcHORLdPJEWsMViM3S0yc1yDS+W5rRQzObUx5vVuP9yuTbEyJSTuuF89GSViD dJTEGxUo+SbwWTWW/LXt7PSYunEJVvmhJpwmG8++L57CxldYWd+jJk2tkuCETMd+OV9u Kp+RSb8X+H4TBavuh0kBx7357RRVDGdgUZ0IjFTeL1F2Z/MmEMKqXh0jnC5zCyP5eHSM xl04+VoEBQIe16sCsu/ldWb6uGtsvJHazWRruSkl7n3DgetJeoOW/3toFIm18gJMHit0 LsMTagrCLlazQUpF2gBz3RYc86YsGJnIVQc59u5BE8eVLBU0SoZ9p9Q2EhdUYQaQcBWU TFrw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=ob+fumG/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h1-v6si27431plh.766.2018.02.21.11.51.36; Wed, 21 Feb 2018 11:51:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=ob+fumG/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751418AbeBUTu3 (ORCPT + 99 others); Wed, 21 Feb 2018 14:50:29 -0500 Received: from mail-io0-f195.google.com ([209.85.223.195]:43388 "EHLO mail-io0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750752AbeBUTu1 (ORCPT ); Wed, 21 Feb 2018 14:50:27 -0500 Received: by mail-io0-f195.google.com with SMTP id l12so3380882ioc.10; Wed, 21 Feb 2018 11:50:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=A48Niiy9E5YCVvrXXPkcuhd8nCmB2NJfuEi3MHYm65g=; b=ob+fumG/iHA4qkGpWQWt7sfhxmdbdvjBISO1fK7dg4esq1402KemMHOhZS2G58cbp5 AsF4yhdlYxorqqRrzI6L13XkL5hMLj/q3zm8HLhUXh09/sXvDLPdWa9M5sAczfZGvnvc BC9tZl3mTr6F0MelpOMrlR+yFYwxqnGrMbUBayUGFCqVN9Yg8xSP8ZyocKCd1bxIdW0p 8+HvL4Lz6LEYKH0B6GOTpfbr3AXn4z5sbke0HkG1Dvk7Yus267Nq+XO+0iUNdXp0nYkG Zp2sbyyQtRac8gIIvnqKdcXNuvv+eeJ6pNkIq3tQxltl2gCVkR5wCcWPTs4Qmuxzheyp EvrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=A48Niiy9E5YCVvrXXPkcuhd8nCmB2NJfuEi3MHYm65g=; b=AveNeOCeg+EfsxiqVDlwspAIfveVi7oDGuqtB8vSYbP+T5nXPkyLhrN9eyd8NxOKeS 9mGetlvJB9kTf8Qmj/5k972jhofylVT0EaQsBYoGs9V7mxdJ9v0cmjAru+7oeKXy7Nvv N6VIVSP/pzK+WSe3ot+S6BJow9UwzzzrkVzYxRhi61Wki2VZS9T+G/3DRIVzMBPug8hu jdoZgSAPqyKw3c6FNlgqk8BydPSW2u/2AmaxBcM4O+g2Cpo9rmkXXzua6GTVEFFrbnB9 uWaZf8WZfEPHCNtRyHAIDgU6ihfrss3crivzB2a57sOqIyehIGy+vzcC9FIkbl2L4Qsa 5Xwg== X-Gm-Message-State: APf1xPCk7vEJ88OLlkaVjucbLLhP2aE4A92sR0j8a27wXCcNMLRdJUso uBkhMTeHupwHqA3zupwmpnnG4/VTz61V1hGisQE= X-Received: by 10.107.22.1 with SMTP id 1mr5885023iow.238.1519242626251; Wed, 21 Feb 2018 11:50:26 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.135.221 with HTTP; Wed, 21 Feb 2018 11:50:25 -0800 (PST) In-Reply-To: <20180221194731.t7jowrmicvaggu3x@agluck-desk> References: <6680a760-eb30-4daf-2dad-a9628f1c15a8@kernel.org> <20180220211849.fqjb6rdmypl6opir@agluck-desk> <20180220233008.55rfm7zw62hrao5p@agluck-desk> <3908561D78D1C84285E8C5FCA982C28F7B37DE1B@ORSMSX110.amr.corp.intel.com> <20180221182104.GI3231@tassilo.jf.intel.com> <20180221194731.t7jowrmicvaggu3x@agluck-desk> From: Linus Torvalds Date: Wed, 21 Feb 2018 11:50:25 -0800 X-Google-Sender-Auth: SDblSfNArSaFjyIfBhgqMrpHZDo Message-ID: Subject: Re: [PATCH 1/2] fs/efivarfs: restrict inode permissions To: "Luck, Tony" Cc: Andi Kleen , Ard Biesheuvel , Joe Konno , "linux-efi@vger.kernel.org" , Linux Kernel Mailing List , Matthew Garrett , Jeremy Kerr , Matthew Garrett , Peter Jones , Andy Lutomirski , James Bottomley Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 21, 2018 at 11:47 AM, Luck, Tony wrote: > > The EFI calls are all about checking system configuration. A thing > that only a handful of users do on a very occasional basis. I don't > see much harm if my "efibootmgr -v" call is slowed down a bit (or even > a lot) because you are using a bunch of the available ratelimit reading > the efivars. > It's not about slowing down. It's about "user Xyz is messing with the system and reading efi vars all the time" resulting in "user 'torvalds' is installing a kernel, and actually wants to read efi vars, but can't". if you don't make it per-user, you're just replacing one DoS attack with another one! Linus