Re: [PATCH] efivarfs: Limit the rate for non-root to read files

2018-02-23 Thread Peter Jones
On Thu, Feb 22, 2018 at 06:11:14AM +, Luck, Tony wrote: >> On Feb 21, 2018, at 21:52, Linus Torvalds wrote: >> >> Does the error return actually break real users? Not "I can do did >> things and it acts differently" things, but actual users... > > Probably not. Peter Jones said that

Re: [PATCH] efivarfs: Limit the rate for non-root to read files

2018-02-23 Thread Peter Jones
On Thu, Feb 22, 2018 at 06:11:14AM +, Luck, Tony wrote: >> On Feb 21, 2018, at 21:52, Linus Torvalds wrote: >> >> Does the error return actually break real users? Not "I can do did >> things and it acts differently" things, but actual users... > > Probably not. Peter Jones said that

Re: [PATCH] efivarfs: Limit the rate for non-root to read files

2018-02-22 Thread Eric W. Biederman
"Luck, Tony" writes: >> - add a per-user mutex, and do the usleep inside of it, so that >> anybody who tries to do a thousand threads will just be serialized by >> the mutex. >> >> Note that the mutex needs to be per-user, because otherwise it will be >> a DoS for the other

Re: [PATCH] efivarfs: Limit the rate for non-root to read files

2018-02-22 Thread Eric W. Biederman
"Luck, Tony" writes: >> - add a per-user mutex, and do the usleep inside of it, so that >> anybody who tries to do a thousand threads will just be serialized by >> the mutex. >> >> Note that the mutex needs to be per-user, because otherwise it will be >> a DoS for the other users. > > I can try

RE: [PATCH] efivarfs: Limit the rate for non-root to read files

2018-02-21 Thread Luck, Tony
> - just make it return -EAGAIN instead of sleeping (which probably > just works fine and doesn't break anything and is simple) It is very simple. But it does break things :-(. If I read one of these files using "dd bs=1", that used to read the whole file (while generating lots of SMI). With the

RE: [PATCH] efivarfs: Limit the rate for non-root to read files

2018-02-21 Thread Luck, Tony
> - just make it return -EAGAIN instead of sleeping (which probably > just works fine and doesn't break anything and is simple) It is very simple. But it does break things :-(. If I read one of these files using "dd bs=1", that used to read the whole file (while generating lots of SMI). With the

Re: [PATCH] efivarfs: Limit the rate for non-root to read files

2018-02-21 Thread Linus Torvalds
On Wed, Feb 21, 2018 at 5:45 PM, Luck, Tony wrote: > > Linus suggested per-user rate limit to solve this. Note that you also need to serialize per user, because otherwise.. > + if (!__ratelimit(>f_cred->user->ratelimit)) > + usleep_range(1, 1);

Re: [PATCH] efivarfs: Limit the rate for non-root to read files

2018-02-21 Thread Linus Torvalds
On Wed, Feb 21, 2018 at 5:45 PM, Luck, Tony wrote: > > Linus suggested per-user rate limit to solve this. Note that you also need to serialize per user, because otherwise.. > + if (!__ratelimit(>f_cred->user->ratelimit)) > + usleep_range(1, 1); ..this doesn't really