| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9F48E1A823B03B4790B7E6E69430724D9D7B1E84@EXCH2010A.sit.fraunhofer.de> Date: Wed, 7 Oct 2015 10:04:40 +0000 From: "Fuchs, Andreas" <andreas.fuchs@....fraunhofer.de> To: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com> CC: "tpmdd-devel@...ts.sourceforge.net" <tpmdd-devel@...ts.sourceforge.net>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, David Howells <dhowells@...hat.com>, "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>, "open list:KEYS-TRUSTED" <linux-security-module@...r.kernel.org>, "open list:KEYS-TRUSTED" <keyrings@...r.kernel.org>, James Morris <james.l.morris@...cle.com>, "David Safford" <safford@...ibm.com>, "akpm@...ux-foundation.org" <akpm@...ux-foundation.org>, "Serge E. Hallyn" <serge@...lyn.com>, "josh@...htripplet.org" <josh@...htripplet.org>, "richard.l.maliszewski@...el.com" <richard.l.maliszewski@...el.com>, "monty.wiseman@...el.com" <monty.wiseman@...el.com>, "will.c.arthur@...el.com" <will.c.arthur@...el.com> Subject: RE: [tpmdd-devel] [PATCH 4/4] keys, trusted: seal/unseal with TPM 2.0 chips > > > > I looked at Patch 3/4 and it seems you default to -EPERM on TPM2_Create()- > > > > and TPM2_Load()-failures ? > > > > You might want to test against rc == TPM_RC_OBJECT_MEMORY and return -EBUSY > > > > in those cases. Would you agree ? > > > > (P.S. I can cross-post there if that's prefered ?) > > > > > > Have to check the return values. I posted this patch set already in > > > early July. You are the first reviewer in three months for this patch > > > set. > > > > > > I think the reason was that for TPM 1.x returned -EPERM in all error > > > scenarios and I didn't want to endanger behaviour of command-line tools > > > such as 'keyctl'. I would keep it that way unless you can guarantee that > > > command-line tools will continue work correctly if I change it to > > > -EBUSY. > > > > > > Anyway, I will recheck this part of the patch set but likely are not > > > going to do any changes because I don't want to break the user space. > > > > > > I will consider revising the patch set with keyhandle required as an > > > explicit option. > > > > Hmm... Will the old keyctl work without modification with the 2.0 patches > > anyways ? > > Yes it does and it should. I've been using keyctl utility to test my > patch set. > > > The different keyHandle values and missing default keyHandle will yield > > "differences" anyways, I'd say. > > IMHO, we should get it as correct as possible given that TPM 2.0 is still > > very young. > > > > Is adding "additional" ReturnCodes considered ABI-incompatible breaking > > anyways ? > > Yes they are if they make the user space utiltiy malfunction. AFAICT, keyctl just perror()s. Which is what I would have hoped. So it guess it should work with -EBUSY. Example-Trace of calls for key_adding: http://anonscm.debian.org/cgit/collab-maint/keyutils.git/tree/keyutils.c#n43 http://anonscm.debian.org/cgit/collab-maint/keyutils.git/tree/keyctl.c#n379 http://anonscm.debian.org/cgit/collab-maint/keyutils.git/tree/keyctl.c#n131 Wish I could test it myself. I understand, if you don't want to test my thoughts on this. I just cannot perform the tests myself right now... :-( Cheers, Andreas-- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists