All of lore.kernel.org
 help / color / mirror / Atom feed
From: Matthew Garrett <mjg59@srcf.ucam.org>
To: Darren Hart <dvhart@infradead.org>
Cc: "Linus Torvalds" <torvalds@linux-foundation.org>,
	"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
	"Mario Limonciello" <mario_limonciello@dell.com>,
	"Pali Rohár" <pali.rohar@gmail.com>,
	"Andy Shevchenko" <andriy.shevchenko@linux.intel.com>,
	"Rafael Wysocki" <rjw@rjwysocki.net>,
	"Andy Lutomirski" <luto@amacapital.net>,
	LKML <linux-kernel@vger.kernel.org>,
	platform-driver-x86@vger.kernel.org
Subject: Re: WMI and Kernel:User interface
Date: Mon, 19 Jun 2017 22:24:01 +0100	[thread overview]
Message-ID: <20170619212401.GA11774@srcf.ucam.org> (raw)
In-Reply-To: <20170509231639.GB11404@fury>

On Tue, May 09, 2017 at 04:16:39PM -0700, Darren Hart wrote:

> To address this, I have proposed [3] that exporting WMI be opt-in, only done at
> the request of and in collaboration with a vendor, with the kernel platform
> driver given the opportunity to filter requests. This filtering would need to be
> at the method and argument inspection level, such as checking for specific bits
> in the input buffer, and rejecting the request if they conflict with an in
> kernel usage (that's worst case, in some cases just GUID or method ID could be
> sufficient).

WMI calls generally end up triggering system management mode, and SMM is 
a mess of insecure code. People have been putting extensive effort into 
avoiding mechanisms that allow root to escalate to higher privilege 
levels - this is almost certainly the opposite of that. If the filtering 
is sufficient to guarantee that no invalid input will ever hit the 
firmware then that's not a problem, but that doesn't seem meaningfully 
less complicated than just writing a proper driver in the first place.

As things stand, I think this is functionality that would have to be 
disabled by the lockdown patchset, which means that it's functionality 
that wouldn't exist for the majority of non-server platforms (and an 
increasing number of server platforms).
-- 
Matthew Garrett | mjg59@srcf.ucam.org

      parent reply	other threads:[~2017-06-19 22:28 UTC|newest]

Thread overview: 44+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-05-09 23:16 WMI and Kernel:User interface Darren Hart
2017-05-10  5:13 ` Greg Kroah-Hartman
2017-05-10  6:11   ` Darren Hart
2017-05-10 22:02     ` Mario.Limonciello
2017-05-10 22:02       ` Mario.Limonciello
2017-05-10 22:11       ` Darren Hart
2017-05-10 22:50       ` Andy Lutomirski
2017-05-10 23:23         ` Darren Hart
2017-05-10 23:27       ` Darren Hart
2017-06-03 19:50   ` Darren Hart
2017-06-09  6:41     ` Greg Kroah-Hartman
2017-06-10  0:46       ` Darren Hart
2017-06-10 10:36         ` Pali Rohár
2017-06-12 17:02           ` Darren Hart
2017-06-12 22:17             ` Pali Rohár
2017-06-13  1:24               ` Darren Hart
2017-06-13  7:05                 ` Christoph Hellwig
2017-06-13 12:07                   ` Pali Rohár
2017-06-13 15:44                     ` Darren Hart
2017-06-13 16:05                       ` Greg Kroah-Hartman
2017-06-13 16:24                         ` Darren Hart
2017-06-13 15:38                   ` Darren Hart
2017-06-13 15:50                     ` Greg Kroah-Hartman
2017-06-13 15:56                       ` Andy Lutomirski
2017-06-13 16:12                         ` Mario.Limonciello
2017-06-13 16:12                           ` Mario.Limonciello
2017-06-13 16:57                           ` Greg KH
2017-06-13 17:43                             ` Pali Rohár
2017-06-13 16:39                         ` Darren Hart
2017-06-13 16:22                       ` Darren Hart
2017-06-13 16:52                         ` Greg Kroah-Hartman
2017-06-13 17:07                           ` Darren Hart
2017-06-14  4:38                             ` Greg Kroah-Hartman
2017-06-19 22:10                               ` Andy Lutomirski
2017-06-20  3:37                                 ` Darren Hart
2017-06-20  7:29                                   ` Pali Rohár
2017-06-13 17:16                     ` Pali Rohár
2017-06-13 17:40                       ` Darren Hart
2017-06-13 18:00                         ` Pali Rohár
2017-06-13 18:09                           ` Darren Hart
2017-06-14  0:28                         ` Bernd Petrovitsch
2017-06-13 12:51                 ` Pali Rohár
2017-06-13 16:07                   ` Darren Hart
2017-06-19 21:24 ` Matthew Garrett [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170619212401.GA11774@srcf.ucam.org \
    --to=mjg59@srcf.ucam.org \
    --cc=andriy.shevchenko@linux.intel.com \
    --cc=dvhart@infradead.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mario_limonciello@dell.com \
    --cc=pali.rohar@gmail.com \
    --cc=platform-driver-x86@vger.kernel.org \
    --cc=rjw@rjwysocki.net \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.