| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <D3GPGYHWPGFL.1S13HXY9ALZCU@kernel.org> Date: Thu, 15 Aug 2024 21:44:01 +0300 From: "Jarkko Sakkinen" <jarkko@...nel.org> To: "Jonathan McDowell" <noodles@...th.li>, <linux-integrity@...r.kernel.org> Cc: <linux-kernel@...r.kernel.org>, "Peter Huewe" <peterhuewe@....de>, "Jason Gunthorpe" <jgg@...pe.ca> Subject: Re: [RFC] [PATCH] tpm: Clean up TPM space after command failure On Wed Aug 14, 2024 at 7:19 PM EEST, Jonathan McDowell wrote: > We've been seeing a problem where TPM commands time out, which if > they're the last command before the TPM device is closed causes a leak > of transient handles. They can be seen and cleaned up (with a flush > context) if the /dev/tpm0 device is used instead of /dev/tpmrm0, but it > seems like we should be doing this automatically on the transmit error > path. Patch below adds a tpm2_flush_space on error to avoid this. > > Does this seem reasonable? The other query is whether tpm2_del_space > should cleanup the contexts as well, rather than just the sessions. > > (Obviously in an ideal world we wouldn't see the timeouts at all, and > I'm still trying to work on getting to the bottom of these, which are > generally infrequent, but happening enough across our fleet that we were > able to observe this handle leak.) Seems reasonable without this story ;-) I get that this is here because of query np. > > From: Jonathan McDowell <noodles@...a.com> > > tpm_dev_transmit prepares the TPM space before attempting command > transmission. However if the command fails no rollback of this > preparation is done. This can result in transient handles being leaked > if the device is subsequently closed with no further commands performed. > > Fix this by flushing the space in the event of command transmission > failure. > > Signed-off-by: Jonathan McDowell <noodles@...a.com> I would consider fixes tag for this even! I think it can be classified as a minor bug. I implemented this feature together with James Bottomley so would be nice to get some feedback also from him (as a sanity check)> > > --- Just as a tip: if you put stuff here like supplemental commets the won't get included when the commit is finally applied (also a popular place for change log). > drivers/char/tpm/tpm-dev-common.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/char/tpm/tpm-dev-common.c b/drivers/char/tpm/tpm-dev-common.c > index 30b4c288c1bb..c3fbbf4d3db7 100644 > --- a/drivers/char/tpm/tpm-dev-common.c > +++ b/drivers/char/tpm/tpm-dev-common.c > @@ -47,6 +47,8 @@ static ssize_t tpm_dev_transmit(struct tpm_chip *chip, struct tpm_space *space, > > if (!ret) > ret = tpm2_commit_space(chip, space, buf, &len); > + else > + tpm2_flush_space(chip); > > out_rc: > return ret ? ret : len; Can you send v2 with fixes tag and James as cc. Since you have such a long cover letter you could possibly: git format-patch -1 -v2 --cover-letter Then just move that text in front to 00/01. BR, Jarkko
Powered by blists - more mailing lists