lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 4 Oct 2019 22:01:04 +0300
From:   Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:     James Bottomley <James.Bottomley@...senPartnership.com>
Cc:     linux-integrity@...r.kernel.org, Mimi Zohar <zohar@...ux.ibm.com>,
        Jerry Snitselaar <jsnitsel@...hat.com>,
        Sumit Garg <sumit.garg@...aro.org>,
        Stefan Berger <stefanb@...ux.vnet.ibm.com>,
        Peter Huewe <peterhuewe@....de>,
        Jason Gunthorpe <jgg@...pe.ca>, Arnd Bergmann <arnd@...db.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3 2/2] tpm: Detach page allocation from tpm_buf

On Fri, Oct 04, 2019 at 09:37:42AM -0700, James Bottomley wrote:
> On Thu, 2019-10-03 at 21:51 +0300, Jarkko Sakkinen wrote:
> > As has been seen recently, binding the buffer allocation and tpm_buf
> > together is sometimes far from optimal.
> 
> Can you elaborate on this a bit more?  I must have missed the
> discussion.
> 
> >  The buffer might come from the caller namely when tpm_send() is used
> > by another subsystem. In addition we can stability in call sites w/o
> > rollback (e.g. power events)>
> > 
> > Take allocation out of the tpm_buf framework and make it purely a
> > wrapper for the data buffer.
> 
> What you're doing here is taking a single object with a single lifetime
> and creating two separate objects with separate lifetimes and a
> dependency.  The problem with doing that is that it always creates
> subtle and hard to debug corner cases where the dependency gets
> violated, so it's usually better to simplify the object lifetimes by
> reducing the dependencies and combining as many dependent objects as
> possible into a single object with one lifetime.  Bucking this trend
> for a good reason is OK, but I think a better reason than "is sometimes
> far from optimal" is needed.

Right, I see your point. We can just say instead in a comment that
tpm_buf_init() is optional if you need to allocate the buffer and
do not provide your own.

Thanks for the remark. I have to agree with this.

/Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ