From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755130AbcGTUxU (ORCPT ); Wed, 20 Jul 2016 16:53:20 -0400 Received: from mga03.intel.com ([134.134.136.65]:4647 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751749AbcGTUxT (ORCPT ); Wed, 20 Jul 2016 16:53:19 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.28,396,1464678000"; d="scan'208";a="1025842632" Date: Wed, 20 Jul 2016 23:53:14 +0300 From: Jarkko Sakkinen To: Jason Gunthorpe Cc: Peter Huewe , linux-security-module@vger.kernel.org, Marcel Selhorst , "moderated list:TPM DEVICE DRIVER" , open list Subject: Re: [PATCH] tpm: fix a race condition tpm2_unseal_trusted() Message-ID: <20160720205314.GA6525@intel.com> References: <1468973792-17598-1-git-send-email-jarkko.sakkinen@linux.intel.com> <20160720164818.GA21460@obsidianresearch.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160720164818.GA21460@obsidianresearch.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jul 20, 2016 at 10:48:18AM -0600, Jason Gunthorpe wrote: > On Wed, Jul 20, 2016 at 03:16:32AM +0300, Jarkko Sakkinen wrote: > > Unseal and load operations should be done as an atomic unit. This > > commit fixes the issue by moving TPM mutex handling to tpm_try_get_ops() > > and tpm_put_ops(), which is probably more logical place for it anyway. > > No.. > > 'get_ops' is to be used to hold a persisent kref to a single tpm. It > cannot block other tpm access. > > Eg a upper protocol might get_ops to for a long period to ensure it > consistently talks to the same TPM in a multi-tpm system. > > We need something else to solve whatever you are concerned with > here.. The only use cases I see at the moment for it work this way: 1. Call tpm_try_get_ops. 2. Send a TPM command. 3. Call tpm_put_ops. I did not find any other form of use. The only use is to make sure that there are no transactions running before the ops are cleared. Or did I overlook something perhaps? Trusted key unseal operation with TPM2 is broken into two operations: 1. Load the given key blob. 2. Unseal the data. Without locking and unlocking mutex only once there is a race condition. /Jarkko From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jarkko Sakkinen Subject: Re: [PATCH] tpm: fix a race condition tpm2_unseal_trusted() Date: Wed, 20 Jul 2016 23:53:14 +0300 Message-ID: <20160720205314.GA6525@intel.com> References: <1468973792-17598-1-git-send-email-jarkko.sakkinen@linux.intel.com> <20160720164818.GA21460@obsidianresearch.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <20160720164818.GA21460-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tpmdd-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org To: Jason Gunthorpe Cc: "moderated list:TPM DEVICE DRIVER" , linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, open list List-Id: tpmdd-devel@lists.sourceforge.net On Wed, Jul 20, 2016 at 10:48:18AM -0600, Jason Gunthorpe wrote: > On Wed, Jul 20, 2016 at 03:16:32AM +0300, Jarkko Sakkinen wrote: > > Unseal and load operations should be done as an atomic unit. This > > commit fixes the issue by moving TPM mutex handling to tpm_try_get_ops() > > and tpm_put_ops(), which is probably more logical place for it anyway. > > No.. > > 'get_ops' is to be used to hold a persisent kref to a single tpm. It > cannot block other tpm access. > > Eg a upper protocol might get_ops to for a long period to ensure it > consistently talks to the same TPM in a multi-tpm system. > > We need something else to solve whatever you are concerned with > here.. The only use cases I see at the moment for it work this way: 1. Call tpm_try_get_ops. 2. Send a TPM command. 3. Call tpm_put_ops. I did not find any other form of use. The only use is to make sure that there are no transactions running before the ops are cleared. Or did I overlook something perhaps? Trusted key unseal operation with TPM2 is broken into two operations: 1. Load the given key blob. 2. Unseal the data. Without locking and unlocking mutex only once there is a race condition. /Jarkko ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev