[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ee9e7fb0-e3f1-4fb3-da12-84ca746989bd@huawei.com>
Date: Thu, 21 Mar 2019 14:25:26 +0100
From: Roberto Sassu <roberto.sassu@...wei.com>
To: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
Dan Williams <dan.j.williams@...il.com>
CC: <zohar@...ux.ibm.com>, <david.safford@...com>,
<monty.wiseman@...com>, <matthewgarrett@...gle.com>,
<linux-integrity@...r.kernel.org>,
<linux-security-module@...r.kernel.org>,
<keyrings@...r.kernel.org>,
"Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>,
<silviu.vlasceanu@...wei.com>,
linux-nvdimm <linux-nvdimm@...ts.01.org>
Subject: Re: [PATCH v10, RESEND 5/6] KEYS: trusted: explicitly use tpm_chip
structure from tpm_default_chip()
On 3/21/2019 2:15 PM, Jarkko Sakkinen wrote:
> On Mon, Mar 18, 2019 at 03:35:08PM -0700, Dan Williams wrote:
>> On Wed, Feb 6, 2019 at 10:30 AM Roberto Sassu <roberto.sassu@...wei.com> wrote:
>>>
>>> When crypto agility support will be added to the TPM driver, users of the
>>> driver have to retrieve the allocated banks from chip->allocated_banks and
>>> use this information to prepare the array of tpm_digest structures to be
>>> passed to tpm_pcr_extend().
>>>
>>> This patch retrieves a tpm_chip pointer from tpm_default_chip() so that the
>>> pointer can be used to prepare the array of tpm_digest structures.
>>>
>>> Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
>>> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
>>> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
>>> ---
>>> security/keys/trusted.c | 38 ++++++++++++++++++++++++--------------
>>> 1 file changed, 24 insertions(+), 14 deletions(-)
>>>
>>> diff --git a/security/keys/trusted.c b/security/keys/trusted.c
>>> index 4d98f4f87236..5b852263eae1 100644
>>> --- a/security/keys/trusted.c
>>> +++ b/security/keys/trusted.c
>>> @@ -34,6 +34,7 @@
>>>
>>> static const char hmac_alg[] = "hmac(sha1)";
>>> static const char hash_alg[] = "sha1";
>>> +static struct tpm_chip *chip;
>>>
>>> struct sdesc {
>>> struct shash_desc shash;
>>> @@ -362,7 +363,7 @@ int trusted_tpm_send(unsigned char *cmd, size_t buflen)
>>> int rc;
>>>
>>> dump_tpm_buf(cmd);
>>> - rc = tpm_send(NULL, cmd, buflen);
>>> + rc = tpm_send(chip, cmd, buflen);
>>> dump_tpm_buf(cmd);
>>> if (rc > 0)
>>> /* Can't return positive return codes values to keyctl */
>>> @@ -384,10 +385,10 @@ static int pcrlock(const int pcrnum)
>>>
>>> if (!capable(CAP_SYS_ADMIN))
>>> return -EPERM;
>>> - ret = tpm_get_random(NULL, hash, SHA1_DIGEST_SIZE);
>>> + ret = tpm_get_random(chip, hash, SHA1_DIGEST_SIZE);
>>> if (ret != SHA1_DIGEST_SIZE)
>>> return ret;
>>> - return tpm_pcr_extend(NULL, pcrnum, hash) ? -EINVAL : 0;
>>> + return tpm_pcr_extend(chip, pcrnum, hash) ? -EINVAL : 0;
>>> }
>>>
>>> /*
>>> @@ -400,7 +401,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
>>> unsigned char ononce[TPM_NONCE_SIZE];
>>> int ret;
>>>
>>> - ret = tpm_get_random(NULL, ononce, TPM_NONCE_SIZE);
>>> + ret = tpm_get_random(chip, ononce, TPM_NONCE_SIZE);
>>> if (ret != TPM_NONCE_SIZE)
>>> return ret;
>>>
>>> @@ -496,7 +497,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
>>> if (ret < 0)
>>> goto out;
>>>
>>> - ret = tpm_get_random(NULL, td->nonceodd, TPM_NONCE_SIZE);
>>> + ret = tpm_get_random(chip, td->nonceodd, TPM_NONCE_SIZE);
>>> if (ret != TPM_NONCE_SIZE)
>>> goto out;
>>> ordinal = htonl(TPM_ORD_SEAL);
>>> @@ -606,7 +607,7 @@ static int tpm_unseal(struct tpm_buf *tb,
>>>
>>> ordinal = htonl(TPM_ORD_UNSEAL);
>>> keyhndl = htonl(SRKHANDLE);
>>> - ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
>>> + ret = tpm_get_random(chip, nonceodd, TPM_NONCE_SIZE);
>>> if (ret != TPM_NONCE_SIZE) {
>>> pr_info("trusted_key: tpm_get_random failed (%d)\n", ret);
>>> return ret;
>>> @@ -751,7 +752,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
>>> int i;
>>> int tpm2;
>>>
>>> - tpm2 = tpm_is_tpm2(NULL);
>>> + tpm2 = tpm_is_tpm2(chip);
>>> if (tpm2 < 0)
>>> return tpm2;
>>>
>>> @@ -920,7 +921,7 @@ static struct trusted_key_options *trusted_options_alloc(void)
>>> struct trusted_key_options *options;
>>> int tpm2;
>>>
>>> - tpm2 = tpm_is_tpm2(NULL);
>>> + tpm2 = tpm_is_tpm2(chip);
>>> if (tpm2 < 0)
>>> return NULL;
>>>
>>> @@ -970,7 +971,7 @@ static int trusted_instantiate(struct key *key,
>>> size_t key_len;
>>> int tpm2;
>>>
>>> - tpm2 = tpm_is_tpm2(NULL);
>>> + tpm2 = tpm_is_tpm2(chip);
>>> if (tpm2 < 0)
>>> return tpm2;
>>>
>>> @@ -1011,7 +1012,7 @@ static int trusted_instantiate(struct key *key,
>>> switch (key_cmd) {
>>> case Opt_load:
>>> if (tpm2)
>>> - ret = tpm_unseal_trusted(NULL, payload, options);
>>> + ret = tpm_unseal_trusted(chip, payload, options);
>>> else
>>> ret = key_unseal(payload, options);
>>> dump_payload(payload);
>>> @@ -1021,13 +1022,13 @@ static int trusted_instantiate(struct key *key,
>>> break;
>>> case Opt_new:
>>> key_len = payload->key_len;
>>> - ret = tpm_get_random(NULL, payload->key, key_len);
>>> + ret = tpm_get_random(chip, payload->key, key_len);
>>> if (ret != key_len) {
>>> pr_info("trusted_key: key_create failed (%d)\n", ret);
>>> goto out;
>>> }
>>> if (tpm2)
>>> - ret = tpm_seal_trusted(NULL, payload, options);
>>> + ret = tpm_seal_trusted(chip, payload, options);
>>> else
>>> ret = key_seal(payload, options);
>>> if (ret < 0)
>>> @@ -1225,17 +1226,26 @@ static int __init init_trusted(void)
>>> {
>>> int ret;
>>>
>>> + chip = tpm_default_chip();
>>> + if (!chip)
>>> + return -ENOENT;
>>
>> This change causes a regression loading the encrypted_keys module on
>> systems that don't have a tpm.
>>
>> Module init functions should not have hardware dependencies.
>>
>> The effect is that the libnvdimm module, which is an encrypted_keys
>> user, fails to load, but up until this change encrypted_keys did not
>> have a hard dependency on TPM presence.
>
> Sorry for the latency. I was in flu for couple of days.
>
> I missed that addition in the review process albeit this patch set
> went numerous rounds. Apologies about ths. Also the return value is
> wrong. Should be -ENODEV but it doesn't matter because this needs to
> be removed anyway.
>
> Roberto, can you submit a fix ASAP that:
Ok, I will do it now.
Roberto
> 1. Allows the module to initialize even if the chip is not found.
> 2. In the beginning of each function (before tpm_is_tpm2()) you
> should check if chip is NULL and return -ENODEV if it is.
>
> Add also these tags before your signed-off-by:
>
> Cc: stable@...r.kernel.org
> Fixes: 240730437deb ("KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()")
> Reported-by: Dan Williams <dan.j.williams@...il.com>
> Suggested-by: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
>
> /Jarkko
>
--
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Bo PENG, Jian LI, Yanli SHI
Powered by blists - more mailing lists