lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 13 Mar 2017 22:12:35 +0200
From:   Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:     Jason Gunthorpe <jgunthorpe@...idianresearch.com>
Cc:     tpmdd-devel@...ts.sourceforge.net,
        linux-security-module@...r.kernel.org,
        Jerry Snitselaar <jsnitsel@...hat.com>, gang.wei@...el.com,
        Peter Huewe <peterhuewe@....de>,
        Marcel Selhorst <tpmdd@...horst.net>,
        open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] tpm_crb: request and relinquish locality 0

On Mon, Mar 13, 2017 at 10:34:52AM -0600, Jason Gunthorpe wrote:
> On Sat, Mar 11, 2017 at 03:02:14PM +0200, Jarkko Sakkinen wrote:
> > Added two new callbacks to struct tpm_class_ops:
> > 
> > - request_locality
> > - relinquish_locality
> > 
> > These are called before sending and receiving data from the TPM.  We
> > update also tpm_tis_core to use these callbacks. Small modification to
> > request_locality() is done so that it returns -EBUSY instead of locality
> > number when check_locality() fails.
> 
> Make sense
> 
> I think you may as well do the other two drivers, even though you
> can't run them the transformation looks safe enough to me.
> 
> > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
> >  drivers/char/tpm/tpm-interface.c |  9 +++++++++
> >  drivers/char/tpm/tpm_crb.c       | 41 +++++++++++++++++++++++++++++++++++++++-
> >  drivers/char/tpm/tpm_tis_core.c  | 12 ++++--------
> >  include/linux/tpm.h              |  3 ++-
> >  4 files changed, 55 insertions(+), 10 deletions(-)
> > 
> > diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> > index e38c792..9c56581 100644
> > +++ b/drivers/char/tpm/tpm-interface.c
> > @@ -407,6 +407,12 @@ ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space,
> >  	if (chip->dev.parent)
> >  		pm_runtime_get_sync(chip->dev.parent);
> >  
> > +	if (chip->ops->request_locality)  {
> > +		rc = chip->ops->request_locality(chip, 0);
> > +		if (rc)
> > +			goto out;
> 
> If request_locality fails we probably shouldn't call
> relinquish_locality on the unwind path..
> 
> I think you should also put a relinquish_locality inside tpm_remove ?

Right. I was wondering why release_locality is called inside
tpm_tis_remove().

So is the idea of checking pendingRequest such that the release
part is "lazy" and not like what I'm doing in tpm_crb (always
relinquish).

Is that done for performance reasons? Should I do the same (pr
similar in tpm_crb?

> > +	int (*request_locality)(struct tpm_chip *chip, int loc);
> > +	void (*relinquish_locality)(struct tpm_chip *chip, int loc,
> > bool force);
> 
> Let us document what force is supposed to do...
> 
> I'm not sure why we have it?
> 
> Jason

I guess since it is lazy in tpm_tis_core the force is done in
tpm_tis_remove so that you always relinquish the locality even
if someone is not requesting it, right?

Where should this be documented, to the header?

/Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ