lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1532026030.3198.2.camel@HansenPartnership.com>
Date:   Thu, 19 Jul 2018 11:47:10 -0700
From:   James Bottomley <James.Bottomley@...senPartnership.com>
To:     Tadeusz Struk <tadeusz.struk@...el.com>,
        jarkko.sakkinen@...ux.intel.com
Cc:     jgg@...pe.ca, linux-integrity@...r.kernel.org,
        linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] tpm: add support for partial reads

On Thu, 2018-07-19 at 10:54 -0700, Tadeusz Struk wrote:
> On 07/19/2018 10:19 AM, James Bottomley wrote:
> > That's just an implementation, though, what's the use case?
> 
> Hi James,
> The use case is described in the TCTI spec [1] in the
> "3.2.5.2 receive" section.

Well, yes, but I think we've all agreed that the /dev/tpm and
/dev/tpmrmX aren't TCTI interfaces, although you can layer TCTI on top
of them, so why not simply do fragmentation on top if you need it?

The reason for not doing it in the interface is that it alters the ABI.
 Before this patch we had a hard packet boundary: one packet per read,
one per write and a -EFAULT if you fail to provide a correctly sized
buffer.  Now if you provide a buffer too small but don't know about the
fragmentation you're going to misprocess a packet (because you think
you got a whole reply but you didn't) and then you get a -EBUSY on your
next command which you don't know how to handle.  The only way out is
to update the applications to handle the new behaviour, which is a no-
no in Linux ABI terms.

It might be possible to layer the behaviour you want compatibly into
the current device structure (say an ioctl to switch to the fragment
behaviour) but I've got to ask why we'd go to the complexity without a
use case?

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ