From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
Stefan Berger <stefanb@linux.ibm.com>
Cc: linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
Peter Huewe <PeterHuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca>,
Tomas Winkler <tomas.winkler@intel.com>,
Tadeusz Struk <tadeusz.struk@intel.com>,
Stefan Berger <stefanb@linux.vnet.ibm.com>,
Nayna Jain <nayna@linux.ibm.com>
Subject: Re: [PATCH v10 00/17] Remove nested TPM operations
Date: Wed, 30 Jan 2019 16:28:42 -0800 [thread overview]
Message-ID: <1548894522.2774.28.camel@HansenPartnership.com> (raw)
In-Reply-To: <20190129123111.GA12883@linux.intel.com>
On Tue, 2019-01-29 at 14:31 +0200, Jarkko Sakkinen wrote:
> On Wed, Jan 23, 2019 at 01:53:44PM -0500, Stefan Berger wrote:
> > On 1/23/19 1:20 PM, Jarkko Sakkinen wrote:
> > > On Wed, Jan 16, 2019 at 11:23:25PM +0200, Jarkko Sakkinen wrote:
> > > > Make the changes necessary to detach TPM space code and TPM
> > > > activation
> > > > code out of the tpm_transmit() flow because of both of these
> > > > can cause
> > > > nested tpm_transmit() calls. The nesteds calls make the whole
> > > > flow hard
> > > > to maintain, and thus, it is better to just fix things now
> > > > before this
> > > > turns into a bigger mess.
> > >
> > > Any reasons not to merge this soon?
> >
> > I suppose v10 hasn't changed anything signinficat. So, not from my
> > perspective. Were you waiting for more Reviewed-by's?
>
> Yeah, for example TPM space touching changes would be good to peer
> check with James. I could have easily forgotten some implementation
> detail, and it has been very stable piece off code, so don't want
> to break it. Guess won't yet try to put this v5.1.
So the implementation detail I was looking for: internal kernel use of
tpm_transmit_cmd() without tpm_find/try_get_ops() doesn't seem to
exist, so I think this is all safe. You can add my
Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com>
But I've got to say I can't test this yet because you've made a huge
problem for me in the tpm security patches: they introduce a kernel
space which now becomes somewhat problematic because the space handling
moved into the device common code. To get both these things to work
together so I can test it, space handling is going to have to come
slightly down from device common code so the kernel can use it.
James
next prev parent reply other threads:[~2019-01-31 0:28 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-16 21:23 [PATCH v10 00/17] Remove nested TPM operations Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 01/17] tpm: use tpm_buf in tpm_transmit_cmd() as the IO parameter Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 02/17] tpm: fix invalid return value in pubek_show() Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 03/17] tpm: return 0 from pcrs_show() when tpm1_pcr_read() fails Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 04/17] tpm: print tpm2_commit_space() error inside tpm2_commit_space() Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 05/17] tpm: declare struct tpm_header Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 06/17] tpm: access command header through struct in tpm_try_transmit() Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 07/17] tpm: encapsulate tpm_dev_transmit() Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 08/17] tpm: call tpm2_flush_space() on error in tpm_try_transmit() Jarkko Sakkinen
2019-01-29 17:06 ` James Bottomley
2019-01-29 18:53 ` Jarkko Sakkinen
2019-01-29 19:02 ` James Bottomley
2019-01-29 21:11 ` Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 09/17] tpm: clean up tpm_try_transmit() error handling flow Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 10/17] tpm: move tpm_validate_commmand() to tpm2-space.c Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 11/17] tpm: move TPM space code out of tpm_transmit() Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 12/17] tpm: remove @space from tpm_transmit() Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 13/17] tpm: use tpm_try_get_ops() in tpm-sysfs.c Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 14/17] tpm: remove TPM_TRANSMIT_UNLOCKED flag Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 15/17] tpm: introduce tpm_chip_start() and tpm_chip_stop() Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 16/17] tpm: take TPM chip power gating out of tpm_transmit() Jarkko Sakkinen
2019-01-16 21:23 ` [PATCH v10 17/17] tpm: remove @flags from tpm_transmit() Jarkko Sakkinen
2019-01-23 18:20 ` [PATCH v10 00/17] Remove nested TPM operations Jarkko Sakkinen
2019-01-23 18:53 ` Stefan Berger
2019-01-23 18:59 ` Winkler, Tomas
2019-01-29 12:33 ` Jarkko Sakkinen
2019-01-29 14:16 ` Winkler, Tomas
2019-01-29 18:30 ` Jarkko Sakkinen
2019-01-29 12:31 ` Jarkko Sakkinen
2019-01-31 0:28 ` James Bottomley [this message]
2019-01-31 16:11 ` Jarkko Sakkinen
2019-01-25 1:05 ` Jerry Snitselaar
2019-01-29 12:33 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1548894522.2774.28.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=PeterHuewe@gmx.de \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=nayna@linux.ibm.com \
--cc=stefanb@linux.ibm.com \
--cc=stefanb@linux.vnet.ibm.com \
--cc=tadeusz.struk@intel.com \
--cc=tomas.winkler@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).