• Luck, Tony's avatar
    efivarfs: Limit the rate for non-root to read files · bef3efbe
    Luck, Tony authored
    Each read from a file in efivarfs results in two calls to EFI
    (one to get the file size, another to get the actual data).
    
    On X86 these EFI calls result in broadcast system management
    interrupts (SMI) which affect performance of the whole system.
    A malicious user can loop performing reads from efivarfs bringing
    the system to its knees.
    
    Linus suggested per-user rate limit to solve this.
    
    So we add a ratelimit structure to "user_struct" and initialize
    it for the root user for no limit. When allocating user_struct for
    other users we set the limit to 100 per second. This could be used
    for other places that want to limit the rate of some detrimental
    user action.
    
    In efivarfs if the limit is exceeded when reading, we take an
    interruptible nap for 50ms and check the rate limit again.
    Signed-off-by: 's avatarTony Luck <tony.luck@intel.com>
    Acked-by: 's avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
    Signed-off-by: 's avatarLinus Torvalds <torvalds@linux-foundation.org>
    bef3efbe
Name
Last commit
Last update
Documentation Loading commit data...
LICENSES Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.cocciconfig Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...