Linux-Integrity Archive on lore.kernel.org
 help / color / Atom feed
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Dan Williams <dan.j.williams@gmail.com>, roberto.sassu@huawei.com
Cc: Roberto Sassu <roberto.sassu@huawei.com>,
	zohar@linux.ibm.com, david.safford@ge.com, monty.wiseman@ge.com,
	matthewgarrett@google.com, linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	silviu.vlasceanu@huawei.com,
	linux-nvdimm <linux-nvdimm@lists.01.org>
Subject: Re: [PATCH v10, RESEND 5/6] KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()
Date: Thu, 21 Mar 2019 15:15:54 +0200
Message-ID: <20190321131554.GB2267@linux.intel.com> (raw)
In-Reply-To: <CAA9_cmf0j1EoyrGmbfPWCWPafgGfKWR6cyPpN8YEFZdemeg1kA@mail.gmail.com>

On Mon, Mar 18, 2019 at 03:35:08PM -0700, Dan Williams wrote:
> On Wed, Feb 6, 2019 at 10:30 AM Roberto Sassu <roberto.sassu@huawei.com> wrote:
> >
> > When crypto agility support will be added to the TPM driver, users of the
> > driver have to retrieve the allocated banks from chip->allocated_banks and
> > use this information to prepare the array of tpm_digest structures to be
> > passed to tpm_pcr_extend().
> >
> > This patch retrieves a tpm_chip pointer from tpm_default_chip() so that the
> > pointer can be used to prepare the array of tpm_digest structures.
> >
> > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > ---
> >  security/keys/trusted.c | 38 ++++++++++++++++++++++++--------------
> >  1 file changed, 24 insertions(+), 14 deletions(-)
> >
> > diff --git a/security/keys/trusted.c b/security/keys/trusted.c
> > index 4d98f4f87236..5b852263eae1 100644
> > --- a/security/keys/trusted.c
> > +++ b/security/keys/trusted.c
> > @@ -34,6 +34,7 @@
> >
> >  static const char hmac_alg[] = "hmac(sha1)";
> >  static const char hash_alg[] = "sha1";
> > +static struct tpm_chip *chip;
> >
> >  struct sdesc {
> >         struct shash_desc shash;
> > @@ -362,7 +363,7 @@ int trusted_tpm_send(unsigned char *cmd, size_t buflen)
> >         int rc;
> >
> >         dump_tpm_buf(cmd);
> > -       rc = tpm_send(NULL, cmd, buflen);
> > +       rc = tpm_send(chip, cmd, buflen);
> >         dump_tpm_buf(cmd);
> >         if (rc > 0)
> >                 /* Can't return positive return codes values to keyctl */
> > @@ -384,10 +385,10 @@ static int pcrlock(const int pcrnum)
> >
> >         if (!capable(CAP_SYS_ADMIN))
> >                 return -EPERM;
> > -       ret = tpm_get_random(NULL, hash, SHA1_DIGEST_SIZE);
> > +       ret = tpm_get_random(chip, hash, SHA1_DIGEST_SIZE);
> >         if (ret != SHA1_DIGEST_SIZE)
> >                 return ret;
> > -       return tpm_pcr_extend(NULL, pcrnum, hash) ? -EINVAL : 0;
> > +       return tpm_pcr_extend(chip, pcrnum, hash) ? -EINVAL : 0;
> >  }
> >
> >  /*
> > @@ -400,7 +401,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
> >         unsigned char ononce[TPM_NONCE_SIZE];
> >         int ret;
> >
> > -       ret = tpm_get_random(NULL, ononce, TPM_NONCE_SIZE);
> > +       ret = tpm_get_random(chip, ononce, TPM_NONCE_SIZE);
> >         if (ret != TPM_NONCE_SIZE)
> >                 return ret;
> >
> > @@ -496,7 +497,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
> >         if (ret < 0)
> >                 goto out;
> >
> > -       ret = tpm_get_random(NULL, td->nonceodd, TPM_NONCE_SIZE);
> > +       ret = tpm_get_random(chip, td->nonceodd, TPM_NONCE_SIZE);
> >         if (ret != TPM_NONCE_SIZE)
> >                 goto out;
> >         ordinal = htonl(TPM_ORD_SEAL);
> > @@ -606,7 +607,7 @@ static int tpm_unseal(struct tpm_buf *tb,
> >
> >         ordinal = htonl(TPM_ORD_UNSEAL);
> >         keyhndl = htonl(SRKHANDLE);
> > -       ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
> > +       ret = tpm_get_random(chip, nonceodd, TPM_NONCE_SIZE);
> >         if (ret != TPM_NONCE_SIZE) {
> >                 pr_info("trusted_key: tpm_get_random failed (%d)\n", ret);
> >                 return ret;
> > @@ -751,7 +752,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
> >         int i;
> >         int tpm2;
> >
> > -       tpm2 = tpm_is_tpm2(NULL);
> > +       tpm2 = tpm_is_tpm2(chip);
> >         if (tpm2 < 0)
> >                 return tpm2;
> >
> > @@ -920,7 +921,7 @@ static struct trusted_key_options *trusted_options_alloc(void)
> >         struct trusted_key_options *options;
> >         int tpm2;
> >
> > -       tpm2 = tpm_is_tpm2(NULL);
> > +       tpm2 = tpm_is_tpm2(chip);
> >         if (tpm2 < 0)
> >                 return NULL;
> >
> > @@ -970,7 +971,7 @@ static int trusted_instantiate(struct key *key,
> >         size_t key_len;
> >         int tpm2;
> >
> > -       tpm2 = tpm_is_tpm2(NULL);
> > +       tpm2 = tpm_is_tpm2(chip);
> >         if (tpm2 < 0)
> >                 return tpm2;
> >
> > @@ -1011,7 +1012,7 @@ static int trusted_instantiate(struct key *key,
> >         switch (key_cmd) {
> >         case Opt_load:
> >                 if (tpm2)
> > -                       ret = tpm_unseal_trusted(NULL, payload, options);
> > +                       ret = tpm_unseal_trusted(chip, payload, options);
> >                 else
> >                         ret = key_unseal(payload, options);
> >                 dump_payload(payload);
> > @@ -1021,13 +1022,13 @@ static int trusted_instantiate(struct key *key,
> >                 break;
> >         case Opt_new:
> >                 key_len = payload->key_len;
> > -               ret = tpm_get_random(NULL, payload->key, key_len);
> > +               ret = tpm_get_random(chip, payload->key, key_len);
> >                 if (ret != key_len) {
> >                         pr_info("trusted_key: key_create failed (%d)\n", ret);
> >                         goto out;
> >                 }
> >                 if (tpm2)
> > -                       ret = tpm_seal_trusted(NULL, payload, options);
> > +                       ret = tpm_seal_trusted(chip, payload, options);
> >                 else
> >                         ret = key_seal(payload, options);
> >                 if (ret < 0)
> > @@ -1225,17 +1226,26 @@ static int __init init_trusted(void)
> >  {
> >         int ret;
> >
> > +       chip = tpm_default_chip();
> > +       if (!chip)
> > +               return -ENOENT;
> 
> This change causes a regression loading the encrypted_keys module on
> systems that don't have a tpm.
> 
> Module init functions should not have hardware dependencies.
> 
> The effect is that the libnvdimm module, which is an encrypted_keys
> user, fails to load, but up until this change encrypted_keys did not
> have a hard dependency on TPM presence.

Sorry for the latency. I was in flu for couple of days.

I missed that addition in the review process albeit this patch set
went numerous rounds. Apologies about ths. Also the return value is
wrong. Should be -ENODEV but it doesn't matter because this needs to
be removed anyway.

Roberto, can you submit a fix ASAP that:

1. Allows the module to initialize even if the chip is not found.
2. In the beginning of each function (before tpm_is_tpm2()) you
   should check if chip is NULL and return -ENODEV if it is.

Add also these tags before your signed-off-by:

Cc: stable@vger.kernel.org
Fixes: 240730437deb ("KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()")
Reported-by: Dan Williams <dan.j.williams@gmail.com>
Suggested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

/Jarkko

  reply index

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-06 16:24 [PATCH v10, RESEND 0/6] tpm: retrieve digest size of unknown algorithms from TPM Roberto Sassu
2019-02-06 16:24 ` [PATCH v10, RESEND 1/6] tpm: dynamically allocate the allocated_banks array Roberto Sassu
2019-02-06 16:24 ` [PATCH v10, RESEND 2/6] tpm: rename and export tpm2_digest and tpm2_algorithms Roberto Sassu
2019-02-06 16:24 ` [PATCH v10, RESEND 3/6] tpm: retrieve digest size of unknown algorithms with PCR read Roberto Sassu
2019-02-06 16:24 ` [PATCH v10, RESEND 4/6] tpm: move tpm_chip definition to include/linux/tpm.h Roberto Sassu
2019-02-08  4:24   ` Nathan Chancellor
2019-02-08  8:41     ` Roberto Sassu
2019-02-08 16:16       ` Nathan Chancellor
2019-02-08 16:38         ` Roberto Sassu
2019-02-06 16:24 ` [PATCH v10, RESEND 5/6] KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip() Roberto Sassu
2019-03-18 22:35   ` Dan Williams
2019-03-21 13:15     ` Jarkko Sakkinen [this message]
2019-03-21 13:25       ` Roberto Sassu
2019-02-06 16:24 ` [PATCH v10, RESEND 6/6] tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend() Roberto Sassu

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190321131554.GB2267@linux.intel.com \
    --to=jarkko.sakkinen@linux.intel.com \
    --cc=dan.j.williams@gmail.com \
    --cc=david.safford@ge.com \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nvdimm@lists.01.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=matthewgarrett@google.com \
    --cc=monty.wiseman@ge.com \
    --cc=roberto.sassu@huawei.com \
    --cc=silviu.vlasceanu@huawei.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org linux-integrity@archiver.kernel.org
	public-inbox-index linux-integrity


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/ public-inbox