| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20081022144944.GC21612@us.ibm.com> Date: Wed, 22 Oct 2008 09:49:44 -0500 From: "Serge E. Hallyn" <serue@...ibm.com> To: Rajiv Andrade <srajiv@...ux.vnet.ibm.com> Cc: Mimi Zohar <zohar@...ux.vnet.ibm.com>, linux-kernel@...r.kernel.org, James Morris <jmorris@...ei.org>, David Safford <safford@...son.ibm.com>, Serge Hallyn <serue@...ux.vnet.ibm.com> Subject: Re: [PATCH 1/3] integrity: TPM internel kernel interface Quoting Rajiv Andrade (srajiv@...ux.vnet.ibm.com): > On Tue, 2008-10-14 at 17:23 -0500, Serge E. Hallyn wrote: > > Quoting Mimi Zohar (zohar@...ux.vnet.ibm.com): > > > The internal TPM kernel interface did not protect itself from > > > the removal of the TPM driver, while being used. We continue > > > to protect the tpm_chip_list using the driver_lock as before, > > > and are using an rcu lock to protect readers. The internal TPM > > > > I still would like to see this spelled out somewhere - correct me > > if I'm wrong but none of the patches sent so far have this spelled > > out in in-line comments, do they? > > > > It does look sane: > > > > 1. writes to tpm_chip_list are protected by driver_lock > > 2. readers of the list are protected by rcu > > 3. chips which are read from the tpm_chip_list, if they > > are used outside of the rcu_read_lock(), are pinned > > using get_device(chip->dev) before releasing the > > rcu_read_lock. > > > > Like I say it looks sane, but something like the above summary > > could stand to be in a comment on top of tpm.c or something. > > > No problem, I'll submit a patch containing a proper comment section to > be applied on top of these, maybe after they get accepted. Great, thanks. > > > kernel interface now protects itself from the driver being > > > removed by incrementing the module reference count. > > > > > > Resubmitting integrity-tpm-internal-kernel-interface.patch, which > > > was previously Signed-off-by Kylene Hall. > > > Updated per feedback: > > > > > > Adds the following support: > > > - make internal kernel interface to transmit TPM commands global > > > - adds reading a pcr value > > > - adds extending a pcr value > > > - adds lookup the tpm_chip for given chip number and type > > > > > > Signed-off-by: Mimi Zohar <zohar@...ux.vnet.ibm.com> > > > Signed-off-by: Rajiv Andrade <srajiv@...ux.vnet.ibm.com> > > > > Now there are other, existing callers of tpm_transmit. Are they > > all protected by sysfs pinning the kobject and thereby the device, > > for the duration of the call? > > > > They aren't called through sysfs, but are still protected. These new > functions get chip data consistently by using rcu_read. Then, after > computing what's intended to be written back to the chip, tpm_transmit > sends the new data while using tpm_mutex, so both operations are > performed without the risk of a race condition. Can you show me where the refcount for dev is incremented (under the rcu_read_lock), either in sysfs code or tpm code? I'm not finding it, but it may just be done in some subtle way that I'm glossing over. thanks, -serge -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists