| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87efld9cht.fsf@xmission.com>
Date: Thu, 22 Feb 2018 11:10:22 -0600
From: ebiederm@...ssion.com (Eric W. Biederman)
To: "Luck\, Tony" <tony.luck@...el.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Andi Kleen <ak@...ux.intel.com>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Joe Konno <joe.konno@...ux.intel.com>,
"linux-efi\@vger.kernel.org" <linux-efi@...r.kernel.org>,
"Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>,
Jeremy Kerr <jk@...abs.org>,
Matthew Garrett <mjg59@...gle.com>,
Peter Jones <pjones@...hat.com>,
"Andy Lutomirski" <luto@...nel.org>,
James Bottomley <james.bottomley@...senpartnership.com>
Subject: Re: [PATCH] efivarfs: Limit the rate for non-root to read files
"Luck, Tony" <tony.luck@...el.com> writes:
>> - add a per-user mutex, and do the usleep inside of it, so that
>> anybody who tries to do a thousand threads will just be serialized by
>> the mutex.
>>
>> Note that the mutex needs to be per-user, because otherwise it will be
>> a DoS for the other users.
>
> I can try that tomorrow (adding the per-user mutex to struct user_struct
> right next to the ratelimit I added.
Another possibility is to cache the files in the page cache. That will
reduce re-reads of the same data to the maximum extent.
If efi has a chance of changing variables behind our back we might want
something that would have a timeout on how long the data is cached,
and we probably want to make the caching policy write-trough not
write-back.
I just suggest this as it seems like a much more tried and true solution.
Eric
Powered by blists - more mailing lists