lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Thu, 23 Oct 2014 10:30:19 +0300
From:	Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:	Jason Gunthorpe <jgunthorpe@...idianresearch.com>
Cc:	Peter Huewe <peterhuewe@....de>, Ashley Lai <ashley@...leylai.com>,
	Marcel Selhorst <tpmdd@...horst.net>,
	tpmdd-devel@...ts.sourceforge.net, linux-kernel@...r.kernel.org,
	linux-api@...r.kernel.org, josh.triplett@...el.com,
	christophe.ricard@...il.com, jason.gunthorpe@...idianresearch.com
Subject: Re: [PATCH v1 3/3] tpm: fix multiple race conditions in tpm_ppi.c

Thanks for the excellent review comments. I'll do another spin an try to
incorporate most them.

/Jarkko

On Wed, Oct 22, 2014 at 11:26:46AM -0600, Jason Gunthorpe wrote:
> On Wed, Oct 22, 2014 at 07:23:56PM +0300, Jarkko Sakkinen wrote:
> > Traversal of the ACPI device tree was not done right. It should lookup
> > PPI only under the ACPI device that it is associated. Otherwise, it could
> > match to a wrong PPI interface if there are two TPM devices in the device
> > tree.
> > 
> > Removed global ACPI handle and version string from tpm_ppi.c as this
> > is racy. Instead they should be associated with the chip.
> > 
> > Moved code just a tiny bit towards two-phase allocation to implement
> > fix for the PPI race conditions.
> 
> Not this version..
> 
> > Added missing copyright platter to tpm_ppi.c.
> > 
> > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
> 
> Reviewed-by: Jason Gunthorpe <jgunthorpe@...idianresearch.com>
> 
> I like this one the most of the three I've seen :)
> 
> Did you also look in tpm_acpi.c to see if it needs to use
> acpi_dev_handle somehow too?
> 
> > +	union acpi_object *obj;
> > +	struct kobject *parent = &chip->dev->kobj;
> 
> Nit, this variable is only used once, it would be clearer to inline
> 
> > +	/* Cache PPI version string. */
> > +	obj = acpi_evaluate_dsm_typed(chip->acpi_dev_handle, tpm_ppi_uuid,
> > +				      TPM_PPI_REVISION_ID, TPM_PPI_FN_VERSION,
> > +				      NULL, ACPI_TYPE_STRING);
> > +       if (obj) {
> > +               strlcpy(chip->ppi_version, obj->string.pointer,
> > +                       PPI_VERSION_LEN + 1);
> > +               ACPI_FREE(obj);
> > +       } else
> > +               return -ENOMEM;
> > +
> > +       return chip->acpi_dev_handle ?
> > +               sysfs_create_group(parent, &ppi_attr_grp) : 0;
> 
> The above sequence can just be:
> 
> if (!obj)
>    return -ENOMEM;
> 
> strlcpy(chip->ppi_version, obj->string.pointer, sizeof(chip->ppi_version));
> ACPI_FREE(obj);
> 
> return sysfs_create_group(&chip->dev->kobj, &ppi_attr_grp);
> 
> Which is more idiomatic. Also remove TPM_PPI_VERSION_LEN, sizeof is better.
> 
> I know nothing about acpi, but is ENOMEM the right code? I would think
> acpi_evalute_dsm_typed would also fail if tpm_ppi_uuid is not found??
> 
> > +	return chip->acpi_dev_handle ?
> > +		sysfs_create_group(parent, &ppi_attr_grp) : 0;
> 
> dev_handle is already checked to be non 0
> 
> > +void tpm_remove_ppi(struct tpm_chip *chip)
> > +	struct kobject *parent = &chip->dev->kobj;
> 
> Also used only once
> 
> Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists