| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170103184627.GA26706@obsidianresearch.com>
Date: Tue, 3 Jan 2017 11:46:27 -0700
From: Jason Gunthorpe <jgunthorpe@...idianresearch.com>
To: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
Cc: tpmdd-devel@...ts.sourceforge.net,
linux-security-module@...r.kernel.org,
Peter Huewe <peterhuewe@....de>,
Marcel Selhorst <tpmdd@...horst.net>,
open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH RFC 4/4] tpm: add the infrastructure for TPM space for
TPM 2.0
On Tue, Jan 03, 2017 at 02:37:30AM +0200, Jarkko Sakkinen wrote:
> On Mon, Jan 02, 2017 at 02:09:53PM -0700, Jason Gunthorpe wrote:
> > On Mon, Jan 02, 2017 at 03:22:10PM +0200, Jarkko Sakkinen wrote:
> > > Added a ioctl for creating a TPM space. The space is isolated from the
> > > other users of the TPM. Only a process holding the file with the handle
> > > can access the objects and only objects that are created through that
> > > file handle can be accessed.
> >
> > I don't understand this comment. /dev/tpmX is forced to be
> > single-process-open, so how can there ever be more than 1 FD for it?
> >
> > Since the space is tied to that single fd these patches just create a
> > way for the single user-space process to auto-cleanup if it crashes?
> >
> > Is that the entire intent of this design? I guess it is OK as a
> > stepping point..
>
> is_open is cleared in tpm_ioc_new_space.
That is no good, it is racy if the intention is to use multiple
clients, and any single client that doesn't support the new API blocks
all access.
Jason
Powered by blists - more mailing lists