From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> To: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Cc: tpmdd-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org, Peter Huewe <peterhuewe@gmx.de>, Marcel Selhorst <tpmdd@selhorst.net>, open list <linux-kernel@vger.kernel.org> Subject: Re: [PATCH RFC 1/4] tpm: migrate struct tpm_buf to struct tpm_chip Date: Wed, 4 Jan 2017 14:29:58 +0200 [thread overview] Message-ID: <20170104122958.nlbprc6uk37xrcju@intel.com> (raw) In-Reply-To: <20170103191328.GB26706@obsidianresearch.com> On Tue, Jan 03, 2017 at 12:13:28PM -0700, Jason Gunthorpe wrote: > On Tue, Jan 03, 2017 at 02:57:37AM +0200, Jarkko Sakkinen wrote: > > On Mon, Jan 02, 2017 at 02:01:01PM -0700, Jason Gunthorpe wrote: > > > On Mon, Jan 02, 2017 at 03:22:07PM +0200, Jarkko Sakkinen wrote: > > > > Since there is only one thread using TPM chip at a time to transmit data > > > > we can migrate struct tpm_buf to struct tpm_chip. This makes the use of > > > > it more fail safe as the buffer is allocated from heap when the device > > > > is created and not for every transaction. > > > > > > Eh? What? I don't think that is the case.. > > > > > > We don't serialize until we hit tramsit_cmd at which point the buffer > > > is already being used and cannot be shared between threads. > > > > There is a regression in the patch. All functions that use 'tr_buf' > > should take tpm_mutex first and use TPM_TRANSMIT_UNLOCKED. There's > > also a similar regression in TPM space patch that I have to correct. > > No, you can't steal TPM_TRANSMIT_UNLOCKED and tpm_mutex for this, that > is to allow a chain of commands to execute atomicly, so a new lock is > needed just for the tr_buf. > > > > Why would the resource manager need a single global tpm buffer? That > > > seems like a big regression from where we have been going. I don't > > > think this is a good idea to go down this road. > > > > What? 'tr_buf' is not specifically for resource manager. This commit > > makes creating TPM commands more fail-safe because there is no need > > to allocate page for every transmit. > > That doesn't seem all that important, honestly. There kernel does not > fail single page allocations without a lot of duress. > > > For RM decorations this is really important because I rather would have > > them fail as rarely as possible. If this would become a scalability > > issue then the granularity could be reconsidered. > > Why? The RM design already seems to have the prepare/commit/abort > kind of model so it can already fail. What does it matter if the > caller can fail before getting that far? Yeah, I just noticed it :-) That kind of formed by accident when I experimented with various models of rolling back in an error situation. > It seems like alot of dangerous churn to introduce a new locking model > without a really good reason... OK, thanks for the feedback. I understad your arguments but as this was an RFC patch set I don't want to go more details like these but I take your advice seriously. I'll start preparing the first non-RFC version. I'm happy that the beef (i.e. the stuff in tpm2-space.c) has been well accepted! > Jason /Jarkko
WARNING: multiple messages have this Message-ID (diff)
From: Jarkko Sakkinen <jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org> To: Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org> Cc: linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org, open list <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org> Subject: Re: [PATCH RFC 1/4] tpm: migrate struct tpm_buf to struct tpm_chip Date: Wed, 4 Jan 2017 14:29:58 +0200 [thread overview] Message-ID: <20170104122958.nlbprc6uk37xrcju@intel.com> (raw) In-Reply-To: <20170103191328.GB26706-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org> On Tue, Jan 03, 2017 at 12:13:28PM -0700, Jason Gunthorpe wrote: > On Tue, Jan 03, 2017 at 02:57:37AM +0200, Jarkko Sakkinen wrote: > > On Mon, Jan 02, 2017 at 02:01:01PM -0700, Jason Gunthorpe wrote: > > > On Mon, Jan 02, 2017 at 03:22:07PM +0200, Jarkko Sakkinen wrote: > > > > Since there is only one thread using TPM chip at a time to transmit data > > > > we can migrate struct tpm_buf to struct tpm_chip. This makes the use of > > > > it more fail safe as the buffer is allocated from heap when the device > > > > is created and not for every transaction. > > > > > > Eh? What? I don't think that is the case.. > > > > > > We don't serialize until we hit tramsit_cmd at which point the buffer > > > is already being used and cannot be shared between threads. > > > > There is a regression in the patch. All functions that use 'tr_buf' > > should take tpm_mutex first and use TPM_TRANSMIT_UNLOCKED. There's > > also a similar regression in TPM space patch that I have to correct. > > No, you can't steal TPM_TRANSMIT_UNLOCKED and tpm_mutex for this, that > is to allow a chain of commands to execute atomicly, so a new lock is > needed just for the tr_buf. > > > > Why would the resource manager need a single global tpm buffer? That > > > seems like a big regression from where we have been going. I don't > > > think this is a good idea to go down this road. > > > > What? 'tr_buf' is not specifically for resource manager. This commit > > makes creating TPM commands more fail-safe because there is no need > > to allocate page for every transmit. > > That doesn't seem all that important, honestly. There kernel does not > fail single page allocations without a lot of duress. > > > For RM decorations this is really important because I rather would have > > them fail as rarely as possible. If this would become a scalability > > issue then the granularity could be reconsidered. > > Why? The RM design already seems to have the prepare/commit/abort > kind of model so it can already fail. What does it matter if the > caller can fail before getting that far? Yeah, I just noticed it :-) That kind of formed by accident when I experimented with various models of rolling back in an error situation. > It seems like alot of dangerous churn to introduce a new locking model > without a really good reason... OK, thanks for the feedback. I understad your arguments but as this was an RFC patch set I don't want to go more details like these but I take your advice seriously. I'll start preparing the first non-RFC version. I'm happy that the beef (i.e. the stuff in tpm2-space.c) has been well accepted! > Jason /Jarkko ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
next prev parent reply other threads:[~2017-01-04 12:30 UTC|newest] Thread overview: 134+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-01-02 13:22 [PATCH RFC 0/4] RFC: in-kernel resource manager Jarkko Sakkinen 2017-01-02 13:22 ` Jarkko Sakkinen 2017-01-02 13:22 ` [PATCH RFC 1/4] tpm: migrate struct tpm_buf to struct tpm_chip Jarkko Sakkinen 2017-01-02 13:22 ` Jarkko Sakkinen 2017-01-02 21:01 ` Jason Gunthorpe 2017-01-02 21:01 ` Jason Gunthorpe 2017-01-03 0:57 ` Jarkko Sakkinen 2017-01-03 19:13 ` Jason Gunthorpe 2017-01-03 19:13 ` Jason Gunthorpe 2017-01-04 12:29 ` Jarkko Sakkinen [this message] 2017-01-04 12:29 ` Jarkko Sakkinen 2017-01-02 13:22 ` [PATCH RFC 2/4] tpm: validate TPM 2.0 commands Jarkko Sakkinen 2017-01-02 13:22 ` Jarkko Sakkinen [not found] ` <20170102132213.22880-3-jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org> 2017-01-04 18:04 ` Stefan Berger 2017-01-04 18:19 ` [tpmdd-devel] " James Bottomley 2017-01-04 18:19 ` James Bottomley [not found] ` <1483553976.2561.38.camel-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 2017-01-04 18:59 ` Stefan Berger [not found] ` <OF3FD1DF4F.FB87C3F2-ON0025809E.00682E9B-8525809E.00684A8A-8eTO7WVQ4XIsd+ienQ86orlN3bxYEBpz@public.gmane.org> 2017-01-04 19:05 ` James Bottomley [not found] ` <1483556735.2561.53.camel-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 2017-01-04 19:22 ` Stefan Berger [not found] ` <OFDFABBD23.E5E1F639-ON0025809E.006924C4-8525809E.006A7568-8eTO7WVQ4XIsd+ienQ86orlN3bxYEBpz@public.gmane.org> 2017-01-09 22:17 ` Jarkko Sakkinen [not found] ` <20170109221700.q7tq362rd6r23d5b-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org> 2017-01-09 22:39 ` Stefan Berger 2017-01-04 18:44 ` [tpmdd-devel] " Jason Gunthorpe 2017-01-04 18:44 ` Jason Gunthorpe 2017-01-02 13:22 ` [PATCH RFC 3/4] tpm: export tpm2_flush_context_cmd Jarkko Sakkinen 2017-01-02 13:22 ` Jarkko Sakkinen 2017-01-02 13:22 ` [PATCH RFC 4/4] tpm: add the infrastructure for TPM space for TPM 2.0 Jarkko Sakkinen 2017-01-02 13:22 ` Jarkko Sakkinen 2017-01-02 21:09 ` Jason Gunthorpe 2017-01-02 21:09 ` Jason Gunthorpe 2017-01-03 0:37 ` Jarkko Sakkinen 2017-01-03 18:46 ` Jason Gunthorpe 2017-01-03 18:46 ` Jason Gunthorpe 2017-01-04 12:43 ` Jarkko Sakkinen 2017-01-04 12:43 ` Jarkko Sakkinen 2017-01-03 19:16 ` Jason Gunthorpe 2017-01-03 19:16 ` Jason Gunthorpe 2017-01-04 12:45 ` Jarkko Sakkinen 2017-01-04 12:45 ` Jarkko Sakkinen [not found] ` <20170102132213.22880-5-jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org> 2017-01-04 17:50 ` Stefan Berger 2017-01-09 22:11 ` [tpmdd-devel] " Jarkko Sakkinen 2017-01-02 16:36 ` [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager James Bottomley 2017-01-02 19:33 ` Jarkko Sakkinen 2017-01-02 19:33 ` Jarkko Sakkinen 2017-01-02 21:40 ` [tpmdd-devel] " James Bottomley 2017-01-02 21:40 ` James Bottomley 2017-01-03 5:26 ` [tpmdd-devel] " James Bottomley 2017-01-03 13:41 ` Jarkko Sakkinen 2017-01-03 13:41 ` Jarkko Sakkinen 2017-01-03 16:14 ` [tpmdd-devel] " James Bottomley 2017-01-03 16:14 ` James Bottomley 2017-01-03 18:36 ` [tpmdd-devel] " Jarkko Sakkinen 2017-01-03 18:36 ` Jarkko Sakkinen 2017-01-03 19:14 ` [tpmdd-devel] " Jarkko Sakkinen 2017-01-03 19:14 ` Jarkko Sakkinen 2017-01-03 19:34 ` [tpmdd-devel] " James Bottomley 2017-01-03 19:34 ` James Bottomley 2017-01-03 21:54 ` [tpmdd-devel] " Jason Gunthorpe 2017-01-03 21:54 ` Jason Gunthorpe 2017-01-04 12:58 ` [tpmdd-devel] " Jarkko Sakkinen 2017-01-04 12:58 ` Jarkko Sakkinen 2017-01-04 16:55 ` [tpmdd-devel] " Jason Gunthorpe 2017-01-04 16:55 ` Jason Gunthorpe 2017-01-04 5:47 ` [tpmdd-devel] " Andy Lutomirski 2017-01-04 13:00 ` Jarkko Sakkinen 2017-01-03 13:51 ` Jarkko Sakkinen 2017-01-03 13:51 ` Jarkko Sakkinen 2017-01-03 16:36 ` [tpmdd-devel] " James Bottomley 2017-01-03 16:36 ` James Bottomley 2017-01-03 18:40 ` [tpmdd-devel] " Jarkko Sakkinen 2017-01-03 21:47 ` Jason Gunthorpe 2017-01-03 22:21 ` Ken Goldman 2017-01-03 22:21 ` Ken Goldman 2017-01-03 23:20 ` [tpmdd-devel] " Jason Gunthorpe 2017-01-03 23:20 ` Jason Gunthorpe [not found] ` <20170103214702.GC29656-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org> 2017-01-03 22:22 ` Ken Goldman 2017-01-03 22:39 ` [tpmdd-devel] " James Bottomley 2017-01-03 22:39 ` James Bottomley 2017-01-04 0:17 ` [tpmdd-devel] " Jason Gunthorpe 2017-01-04 0:29 ` James Bottomley 2017-01-04 0:29 ` James Bottomley 2017-01-04 0:56 ` [tpmdd-devel] " Jason Gunthorpe 2017-01-04 0:56 ` Jason Gunthorpe 2017-01-04 12:50 ` [tpmdd-devel] " Jarkko Sakkinen 2017-01-04 12:50 ` Jarkko Sakkinen 2017-01-04 14:53 ` [tpmdd-devel] " James Bottomley 2017-01-04 14:53 ` James Bottomley 2017-01-04 18:31 ` [tpmdd-devel] " Jason Gunthorpe 2017-01-04 18:31 ` Jason Gunthorpe 2017-01-04 18:57 ` [tpmdd-devel] " James Bottomley 2017-01-04 18:57 ` James Bottomley 2017-01-04 19:24 ` [tpmdd-devel] " Jason Gunthorpe 2017-01-04 19:24 ` Jason Gunthorpe [not found] ` <20170104001732.GB32185-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org> 2017-01-10 18:55 ` Ken Goldman 2017-01-04 12:48 ` [tpmdd-devel] " Jarkko Sakkinen 2017-01-04 12:48 ` Jarkko Sakkinen [not found] ` <1483461370.2464.19.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org> 2017-01-03 22:18 ` Ken Goldman 2017-01-03 21:32 ` [tpmdd-devel] " Jason Gunthorpe 2017-01-03 21:32 ` Jason Gunthorpe 2017-01-03 22:03 ` [tpmdd-devel] " James Bottomley 2017-01-05 15:52 ` Fuchs, Andreas 2017-01-05 15:52 ` Fuchs, Andreas 2017-01-05 17:27 ` [tpmdd-devel] " Jason Gunthorpe 2017-01-05 17:27 ` Jason Gunthorpe 2017-01-05 18:06 ` [tpmdd-devel] " James Bottomley 2017-01-05 18:06 ` James Bottomley 2017-01-06 8:43 ` [tpmdd-devel] " Andreas Fuchs 2017-01-06 8:43 ` Andreas Fuchs [not found] ` <410e3045-58dc-5415-30c1-c86eb916b6c8-iXjGqz/onsDSyEMIgutvibNAH6kLmebB@public.gmane.org> 2017-01-10 18:57 ` Ken Goldman 2017-01-05 18:33 ` [tpmdd-devel] " James Bottomley 2017-01-05 18:33 ` James Bottomley 2017-01-05 19:20 ` Jason Gunthorpe 2017-01-05 19:20 ` Jason Gunthorpe 2017-01-05 19:55 ` [tpmdd-devel] " James Bottomley 2017-01-05 19:55 ` James Bottomley 2017-01-05 22:21 ` Jason Gunthorpe 2017-01-05 22:21 ` Jason Gunthorpe 2017-01-05 22:58 ` [tpmdd-devel] " James Bottomley 2017-01-05 22:58 ` James Bottomley 2017-01-05 23:50 ` [tpmdd-devel] " Jason Gunthorpe 2017-01-05 23:50 ` Jason Gunthorpe 2017-01-06 0:36 ` [tpmdd-devel] " James Bottomley 2017-01-06 0:36 ` James Bottomley 2017-01-06 8:59 ` Andreas Fuchs 2017-01-06 8:59 ` Andreas Fuchs 2017-01-06 19:10 ` [tpmdd-devel] " Jason Gunthorpe 2017-01-06 19:10 ` Jason Gunthorpe 2017-01-06 19:02 ` [tpmdd-devel] " Jason Gunthorpe 2017-01-06 19:02 ` Jason Gunthorpe 2017-01-10 19:03 ` Ken Goldman 2017-01-10 19:03 ` Ken Goldman 2017-01-09 22:39 ` [tpmdd-devel] " Jarkko Sakkinen 2017-01-09 22:39 ` Jarkko Sakkinen 2017-01-11 10:03 ` Andreas Fuchs 2017-01-11 10:03 ` Andreas Fuchs
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20170104122958.nlbprc6uk37xrcju@intel.com \ --to=jarkko.sakkinen@linux.intel.com \ --cc=jgunthorpe@obsidianresearch.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=peterhuewe@gmx.de \ --cc=tpmdd-devel@lists.sourceforge.net \ --cc=tpmdd@selhorst.net \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.