| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Jul 2016 23:53:14 +0300 From: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com> To: Jason Gunthorpe <jgunthorpe@...idianresearch.com> Cc: Peter Huewe <peterhuewe@....de>, linux-security-module@...r.kernel.org, Marcel Selhorst <tpmdd@...horst.net>, "moderated list:TPM DEVICE DRIVER" <tpmdd-devel@...ts.sourceforge.net>, open list <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] tpm: fix a race condition tpm2_unseal_trusted() On Wed, Jul 20, 2016 at 10:48:18AM -0600, Jason Gunthorpe wrote: > On Wed, Jul 20, 2016 at 03:16:32AM +0300, Jarkko Sakkinen wrote: > > Unseal and load operations should be done as an atomic unit. This > > commit fixes the issue by moving TPM mutex handling to tpm_try_get_ops() > > and tpm_put_ops(), which is probably more logical place for it anyway. > > No.. > > 'get_ops' is to be used to hold a persisent kref to a single tpm. It > cannot block other tpm access. > > Eg a upper protocol might get_ops to for a long period to ensure it > consistently talks to the same TPM in a multi-tpm system. > > We need something else to solve whatever you are concerned with > here.. The only use cases I see at the moment for it work this way: 1. Call tpm_try_get_ops. 2. Send a TPM command. 3. Call tpm_put_ops. I did not find any other form of use. The only use is to make sure that there are no transactions running before the ops are cleared. Or did I overlook something perhaps? Trusted key unseal operation with TPM2 is broken into two operations: 1. Load the given key blob. 2. Unseal the data. Without locking and unlocking mutex only once there is a race condition. /Jarkko
Powered by blists - more mailing lists