Re: [PATCH] efivarfs: Limit the rate for non-root to read files

From: Eric W. Biederman
Date: Thu Feb 22 2018 - 12:10:57 EST

Next message: Andy Shevchenko: "Re: [PATCH 1/2] pci: endpoint: Free func_name after last usage"
Previous message: Peter Zijlstra: "Re: uprobes/perf: KASAN: use-after-free in uprobe_perf_close"
In reply to: Luck, Tony: "RE: [PATCH] efivarfs: Limit the rate for non-root to read files"
Next in thread: Luck, Tony: "[PATCH v2] efivarfs: Limit the rate for non-root to read files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Luck, Tony" <tony.luck@xxxxxxxxx> writes:

>> - add a per-user mutex, and do the usleep inside of it, so that
>> anybody who tries to do a thousand threads will just be serialized by
>> the mutex.
>>
>> Note that the mutex needs to be per-user, because otherwise it will be
>> a DoS for the other users.
>
> I can try that tomorrow (adding the per-user mutex to struct user_struct
> right next to the ratelimit I added.

Another possibility is to cache the files in the page cache. That will
reduce re-reads of the same data to the maximum extent.

If efi has a chance of changing variables behind our back we might want
something that would have a timeout on how long the data is cached,
and we probably want to make the caching policy write-trough not
write-back.

I just suggest this as it seems like a much more tried and true solution.

Eric

Next message: Andy Shevchenko: "Re: [PATCH 1/2] pci: endpoint: Free func_name after last usage"
Previous message: Peter Zijlstra: "Re: uprobes/perf: KASAN: use-after-free in uprobe_perf_close"
In reply to: Luck, Tony: "RE: [PATCH] efivarfs: Limit the rate for non-root to read files"
Next in thread: Luck, Tony: "[PATCH v2] efivarfs: Limit the rate for non-root to read files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]