| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aF2QbDmxzGJS903j@kernel.org>
Date: Thu, 26 Jun 2025 21:24:44 +0300
From: Jarkko Sakkinen <jarkko@...nel.org>
To: Jason Gunthorpe <jgg@...pe.ca>
Cc: linux-kernel@...r.kernel.org, keyrings@...r.kernel.org,
Jarkko Sakkinen <jarkko.sakkinen@...nsys.com>,
Peter Huewe <peterhuewe@....de>,
James Bottomley <James.Bottomley@...senpartnership.com>,
Mimi Zohar <zohar@...ux.ibm.com>,
David Howells <dhowells@...hat.com>,
Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
"open list:TPM DEVICE DRIVER" <linux-integrity@...r.kernel.org>,
"open list:SECURITY SUBSYSTEM" <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH] tpm: Create cleanup class for tpm_buf
On Thu, Jun 26, 2025 at 11:49:15AM -0300, Jason Gunthorpe wrote:
> On Thu, Jun 26, 2025 at 12:37:56AM +0300, Jarkko Sakkinen wrote:
> > @@ -323,7 +323,7 @@ unsigned long tpm1_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
> > */
> > static int tpm1_startup(struct tpm_chip *chip)
> > {
> > - struct tpm_buf buf;
> > + CLASS(tpm_buf, buf)();
> > int rc;
> >
> > dev_info(&chip->dev, "starting up the TPM manually\n");
> > @@ -335,7 +335,6 @@ static int tpm1_startup(struct tpm_chip *chip)
> > tpm_buf_append_u16(&buf, TPM_ST_CLEAR);
> >
> > rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to start the TPM");
> > - tpm_buf_destroy(&buf);
> > return rc;
> > }
>
> So, Linus has spoken negatively about just converting existing code to
> use cleanup.h, fearful it would introduce more bugs.
I did not do this for the sake of conversion. It's just that tpm_buf is
a pretty good fit for such construct, as it is always in function scope
and always heap allocated.
> I would certainly split this into more patches, and it would be nice
> if something mechanical like coccinelle could do the change.
I took this a bit in further:
https://lore.kernel.org/linux-integrity/aF2NNHilFfZwBoxA@kernel.org/T/#t
I did that few dozen times while developing this, running always at
minimum:
1. https://codeberg.org/jarkko/linux-tpmdd-test/src/branch/main/board/pc_x86_64/test_tpm2_kselftest.exp.in
2. https://codeberg.org/jarkko/linux-tpmdd-test/src/branch/main/board/pc_x86_64/test_tpm2_trusted.exp.in
A few times I run some ad-hoc tests too.
And despite 89% is mechanical work there was at least a dozen code
blocks where you need to understand the context too. So actually with
this careful manual work was not that bad idea in the end.
>
> At least I would add the class and drop the tpm_buf_destroy() as one
> patch, and another would be to cleanup any empty gotos.
>
> Also, I think the style guide for cleanup.h is to not use the
> variable block, so it should be more like:
>
> CLASS(tpm_buf, buf)();
> if (!tpm_buf)
> return -ENOMEM;
>
> AFAICT, but that seems to be some kind of tribal knowledge.
This was improved in v2 :-) If you have some proposal how you'd
liked that version to be splitted, please give feedback.
>
> Jason
BR, Jarkko
Powered by blists - more mailing lists