From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
Peter Huewe <PeterHuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca>,
Tomas Winkler <tomas.winkler@intel.com>,
Tadeusz Struk <tadeusz.struk@intel.com>,
Stefan Berger <stefanb@linux.vnet.ibm.com>,
Nayna Jain <nayna@linux.ibm.com>,
stable@vger.kernel.org
Subject: Re: [PATCH v10 08/17] tpm: call tpm2_flush_space() on error in tpm_try_transmit()
Date: Tue, 29 Jan 2019 11:02:19 -0800 [thread overview]
Message-ID: <1548788539.2888.40.camel@HansenPartnership.com> (raw)
In-Reply-To: <20190129185330.GA11615@linux.intel.com>
On Tue, 2019-01-29 at 20:53 +0200, Jarkko Sakkinen wrote:
> On Tue, Jan 29, 2019 at 09:06:01AM -0800, James Bottomley wrote:
> > On Wed, 2019-01-16 at 23:23 +0200, Jarkko Sakkinen wrote:
> > [...]
> > > - rc = tpm2_commit_space(chip, space, ordinal, buf, &len);
> > > +out_space:
> > > + if (rc)
> > > + tpm2_flush_space(chip);
> > > + else
> > > + rc = tpm2_commit_space(chip, space, ordinal,
> > > buf,
> > > &len);
> >
> > I don't think this is quite right. tpm2_flush_space only flushes
> > the handles it knows about and those are the ones from before the
> > TPM operation was attempted. If the operation has altered the
> > internal state we could miss a created handle in this flush and it
> > would effectively reside forever in the TPM. We should be able to
> > rely on the TPM preserving the original state if it returns an
> > error, so I think your patch works for that part. However rc is
> > also set to -EFAULT on a transmission error and if that's on the
> > receive path, the TPM may have changed state before the error
> > occurred.
>
> If TPM is working properly in the first place, tpm2_commit_space() is
> always called (e.g. in a situation where TPM gives a TPM error). Your
> deduction about the opposite is absolutely correct. Thanks!
>
> > If the object is to move the TPM back to where it was before the
> > error occurred, even in the case of transmit errors, then I think
> > we need to invent a new kind of flush that queries the current TPM
> > state and then flushes everything.
>
> I think this consideration is anyway out of scope for this patch set.
I certainly agree the problem existed before and this makes it no
worse.
> I'd hope you would also skim through v11 as soon as I get it
> prepared, at least the patches where I've added an explicit CC (one
> or two at most).
Sure, as you can see, I'm up to 8. I'll complete the review and then
set up an environment to test.
James
next prev parent reply other threads:[~2019-01-29 19:02 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-16 21:23 [PATCH v10 00/17] Remove nested TPM operations Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 01/17] tpm: use tpm_buf in tpm_transmit_cmd() as the IO parameter Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 02/17] tpm: fix invalid return value in pubek_show() Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 03/17] tpm: return 0 from pcrs_show() when tpm1_pcr_read() fails Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 04/17] tpm: print tpm2_commit_space() error inside tpm2_commit_space() Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 05/17] tpm: declare struct tpm_header Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 06/17] tpm: access command header through struct in tpm_try_transmit() Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 07/17] tpm: encapsulate tpm_dev_transmit() Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 08/17] tpm: call tpm2_flush_space() on error in tpm_try_transmit() Jarkko Sakkinen
2019-01-29 17:06 ` James Bottomley
2019-01-29 18:53 ` Jarkko Sakkinen
2019-01-29 19:02 ` James Bottomley [this message]
2019-01-29 21:11 ` Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 09/17] tpm: clean up tpm_try_transmit() error handling flow Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 10/17] tpm: move tpm_validate_commmand() to tpm2-space.c Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 11/17] tpm: move TPM space code out of tpm_transmit() Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 12/17] tpm: remove @space from tpm_transmit() Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 13/17] tpm: use tpm_try_get_ops() in tpm-sysfs.c Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 14/17] tpm: remove TPM_TRANSMIT_UNLOCKED flag Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 15/17] tpm: introduce tpm_chip_start() and tpm_chip_stop() Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 16/17] tpm: take TPM chip power gating out of tpm_transmit() Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 17/17] tpm: remove @flags from tpm_transmit() Jarkko Sakkinen
2019-01-23 18:20 ` [PATCH v10 00/17] Remove nested TPM operations Jarkko Sakkinen
2019-01-23 18:53 ` Stefan Berger
2019-01-23 18:59 ` Winkler, Tomas
2019-01-29 12:33 ` Jarkko Sakkinen
2019-01-29 14:16 ` Winkler, Tomas
2019-01-29 18:30 ` Jarkko Sakkinen
2019-01-29 12:31 ` Jarkko Sakkinen
2019-01-31 0:28 ` James Bottomley
2019-01-31 16:11 ` Jarkko Sakkinen
2019-01-25 1:05 ` Jerry Snitselaar
2019-01-29 12:33 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1548788539.2888.40.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=PeterHuewe@gmx.de \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=nayna@linux.ibm.com \
--cc=stable@vger.kernel.org \
--cc=stefanb@linux.vnet.ibm.com \
--cc=tadeusz.struk@intel.com \
--cc=tomas.winkler@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).