From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758327AbdADMaq (ORCPT ); Wed, 4 Jan 2017 07:30:46 -0500 Received: from mga02.intel.com ([134.134.136.20]:39718 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752634AbdADMaX (ORCPT ); Wed, 4 Jan 2017 07:30:23 -0500 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,459,1477983600"; d="scan'208";a="1107818018" Date: Wed, 4 Jan 2017 14:29:58 +0200 From: Jarkko Sakkinen To: Jason Gunthorpe Cc: tpmdd-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org, Peter Huewe , Marcel Selhorst , open list Subject: Re: [PATCH RFC 1/4] tpm: migrate struct tpm_buf to struct tpm_chip Message-ID: <20170104122958.nlbprc6uk37xrcju@intel.com> References: <20170102132213.22880-1-jarkko.sakkinen@linux.intel.com> <20170102132213.22880-2-jarkko.sakkinen@linux.intel.com> <20170102210101.GA5544@obsidianresearch.com> <20170103005737.t2qrc32xzdnvqy4b@intel.com> <20170103191328.GB26706@obsidianresearch.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170103191328.GB26706@obsidianresearch.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.6.2-neo (2016-08-21) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 03, 2017 at 12:13:28PM -0700, Jason Gunthorpe wrote: > On Tue, Jan 03, 2017 at 02:57:37AM +0200, Jarkko Sakkinen wrote: > > On Mon, Jan 02, 2017 at 02:01:01PM -0700, Jason Gunthorpe wrote: > > > On Mon, Jan 02, 2017 at 03:22:07PM +0200, Jarkko Sakkinen wrote: > > > > Since there is only one thread using TPM chip at a time to transmit data > > > > we can migrate struct tpm_buf to struct tpm_chip. This makes the use of > > > > it more fail safe as the buffer is allocated from heap when the device > > > > is created and not for every transaction. > > > > > > Eh? What? I don't think that is the case.. > > > > > > We don't serialize until we hit tramsit_cmd at which point the buffer > > > is already being used and cannot be shared between threads. > > > > There is a regression in the patch. All functions that use 'tr_buf' > > should take tpm_mutex first and use TPM_TRANSMIT_UNLOCKED. There's > > also a similar regression in TPM space patch that I have to correct. > > No, you can't steal TPM_TRANSMIT_UNLOCKED and tpm_mutex for this, that > is to allow a chain of commands to execute atomicly, so a new lock is > needed just for the tr_buf. > > > > Why would the resource manager need a single global tpm buffer? That > > > seems like a big regression from where we have been going. I don't > > > think this is a good idea to go down this road. > > > > What? 'tr_buf' is not specifically for resource manager. This commit > > makes creating TPM commands more fail-safe because there is no need > > to allocate page for every transmit. > > That doesn't seem all that important, honestly. There kernel does not > fail single page allocations without a lot of duress. > > > For RM decorations this is really important because I rather would have > > them fail as rarely as possible. If this would become a scalability > > issue then the granularity could be reconsidered. > > Why? The RM design already seems to have the prepare/commit/abort > kind of model so it can already fail. What does it matter if the > caller can fail before getting that far? Yeah, I just noticed it :-) That kind of formed by accident when I experimented with various models of rolling back in an error situation. > It seems like alot of dangerous churn to introduce a new locking model > without a really good reason... OK, thanks for the feedback. I understad your arguments but as this was an RFC patch set I don't want to go more details like these but I take your advice seriously. I'll start preparing the first non-RFC version. I'm happy that the beef (i.e. the stuff in tpm2-space.c) has been well accepted! > Jason /Jarkko