lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 22 Feb 2018 09:54:12 -0800
From:   "Luck, Tony" <tony.luck@...el.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Andi Kleen <ak@...ux.intel.com>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        Joe Konno <joe.konno@...ux.intel.com>,
        "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Jeremy Kerr <jk@...abs.org>,
        Matthew Garrett <mjg59@...gle.com>,
        Peter Jones <pjones@...hat.com>,
        Andy Lutomirski <luto@...nel.org>,
        James Bottomley <james.bottomley@...senpartnership.com>
Subject: Re: [PATCH v2] efivarfs: Limit the rate for non-root to read files

On Thu, Feb 22, 2018 at 09:39:10AM -0800, Linus Torvalds wrote:
> I'm certainly ok with this. I'm assuming this has been tested

I read some files using "dd bs=1" as root and non-root.  Root still
goes fast, non-root is limited. Both see the same data. I can ^C the
non-root version and the dd quits as expected:

$ dd if=DefSetup-e8a99903-302c-4851-a6be-ab2731873b2f of=/dev/null bs=1
^C301+0 records in
300+0 records out
300 bytes copied, 3.10487 s, 0.1 kB/s


> and gives nice warnings too?

They seemed very spammy before so I turned them off with this:

+               ratelimit_set_flags(&new->ratelimit, RATELIMIT_MSG_ON_RELEASE);

They looked like this:

[  176.607182] efivarfs_file_read: 42 callbacks suppressed
[  177.611064] efivarfs_file_read: 42 callbacks suppressed
[  178.614931] efivarfs_file_read: 41 callbacks suppressed
[  179.622986] efivarfs_file_read: 42 callbacks suppressed
[  180.630920] efivarfs_file_read: 42 callbacks suppressed
[  181.634839] efivarfs_file_read: 42 callbacks suppressed
[  182.646729] efivarfs_file_read: 42 callbacks suppressed
[  183.658679] efivarfs_file_read: 42 callbacks suppressed
[  184.678664] efivarfs_file_read: 43 callbacks suppressed
[  185.698571] efivarfs_file_read: 43 callbacks suppressed
[  186.703129] efivarfs_file_read: 42 callbacks suppressed
[  187.718510] efivarfs_file_read: 43 callbacks suppressed

With the new "while/nap" change there would still be one message
per second, but the number of callbacks suppressed should be 1
(unless the user has many threads doing reads).

Maybe it is good to know that an application is doing something
stupid and we should drop that line from the patch and let the
warnings flow?

-Tony

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ