public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Matthew Garrett <mjg59@srcf.ucam.org>
To: Darren Hart <dvhart@infradead.org>
Cc: "Linus Torvalds" <torvalds@linux-foundation.org>,
	"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
	"Mario Limonciello" <mario_limonciello@dell.com>,
	"Pali Rohár" <pali.rohar@gmail.com>,
	"Andy Shevchenko" <andriy.shevchenko@linux.intel.com>,
	"Rafael Wysocki" <rjw@rjwysocki.net>,
	"Andy Lutomirski" <luto@amacapital.net>,
	LKML <linux-kernel@vger.kernel.org>,
	platform-driver-x86@vger.kernel.org
Subject: Re: WMI and Kernel:User interface
Date: Mon, 19 Jun 2017 22:24:01 +0100	[thread overview]
Message-ID: <20170619212401.GA11774@srcf.ucam.org> (raw)
In-Reply-To: <20170509231639.GB11404@fury>

On Tue, May 09, 2017 at 04:16:39PM -0700, Darren Hart wrote:

> To address this, I have proposed [3] that exporting WMI be opt-in, only done at
> the request of and in collaboration with a vendor, with the kernel platform
> driver given the opportunity to filter requests. This filtering would need to be
> at the method and argument inspection level, such as checking for specific bits
> in the input buffer, and rejecting the request if they conflict with an in
> kernel usage (that's worst case, in some cases just GUID or method ID could be
> sufficient).

WMI calls generally end up triggering system management mode, and SMM is 
a mess of insecure code. People have been putting extensive effort into 
avoiding mechanisms that allow root to escalate to higher privilege 
levels - this is almost certainly the opposite of that. If the filtering 
is sufficient to guarantee that no invalid input will ever hit the 
firmware then that's not a problem, but that doesn't seem meaningfully 
less complicated than just writing a proper driver in the first place.

As things stand, I think this is functionality that would have to be 
disabled by the lockdown patchset, which means that it's functionality 
that wouldn't exist for the majority of non-server platforms (and an 
increasing number of server platforms).
-- 
Matthew Garrett | mjg59@srcf.ucam.org

      parent reply	other threads:[~2017-06-19 22:28 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-05-09 23:16 WMI and Kernel:User interface Darren Hart
2017-05-10  5:13 ` Greg Kroah-Hartman
2017-05-10  6:11   ` Darren Hart
2017-05-10 22:02     ` Mario.Limonciello
2017-05-10 22:11       ` Darren Hart
2017-05-10 22:50       ` Andy Lutomirski
2017-05-10 23:23         ` Darren Hart
2017-05-10 23:27       ` Darren Hart
2017-06-03 19:50   ` Darren Hart
2017-06-09  6:41     ` Greg Kroah-Hartman
2017-06-10  0:46       ` Darren Hart
2017-06-10 10:36         ` Pali Rohár
2017-06-12 17:02           ` Darren Hart
2017-06-12 22:17             ` Pali Rohár
2017-06-13  1:24               ` Darren Hart
2017-06-13  7:05                 ` Christoph Hellwig
2017-06-13 12:07                   ` Pali Rohár
2017-06-13 15:44                     ` Darren Hart
2017-06-13 16:05                       ` Greg Kroah-Hartman
2017-06-13 16:24                         ` Darren Hart
2017-06-13 15:38                   ` Darren Hart
2017-06-13 15:50                     ` Greg Kroah-Hartman
2017-06-13 15:56                       ` Andy Lutomirski
2017-06-13 16:12                         ` Mario.Limonciello
2017-06-13 16:57                           ` Greg KH
2017-06-13 17:43                             ` Pali Rohár
2017-06-13 16:39                         ` Darren Hart
2017-06-13 16:22                       ` Darren Hart
2017-06-13 16:52                         ` Greg Kroah-Hartman
2017-06-13 17:07                           ` Darren Hart
2017-06-14  4:38                             ` Greg Kroah-Hartman
2017-06-19 22:10                               ` Andy Lutomirski
2017-06-20  3:37                                 ` Darren Hart
2017-06-20  7:29                                   ` Pali Rohár
2017-06-13 17:16                     ` Pali Rohár
2017-06-13 17:40                       ` Darren Hart
2017-06-13 18:00                         ` Pali Rohár
2017-06-13 18:09                           ` Darren Hart
2017-06-14  0:28                         ` Bernd Petrovitsch
2017-06-13 12:51                 ` Pali Rohár
2017-06-13 16:07                   ` Darren Hart
2017-06-19 21:24 ` Matthew Garrett [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170619212401.GA11774@srcf.ucam.org \
    --to=mjg59@srcf.ucam.org \
    --cc=andriy.shevchenko@linux.intel.com \
    --cc=dvhart@infradead.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mario_limonciello@dell.com \
    --cc=pali.rohar@gmail.com \
    --cc=platform-driver-x86@vger.kernel.org \
    --cc=rjw@rjwysocki.net \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox