linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Morten Linderud <morten@linderud.pw>
To: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Peter Huewe <peterhuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca>,
	Stefan Berger <stefanb@linux.ibm.com>,
	linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
	Oleksandr Natalenko <oleksandr@natalenko.name>
Subject: Re: [PATCH] tpm/eventlog: Don't abort tpm_read_log on faulty ACPI config
Date: Tue, 21 Sep 2021 21:27:51 +0200	[thread overview]
Message-ID: <20210921192751.3ukruxkzukzfw5xl@anathema> (raw)
In-Reply-To: <896a0773cac953ae2f35ba08af65a598aa71942d.camel@kernel.org>

On Tue, Sep 21, 2021 at 09:58:11PM +0300, Jarkko Sakkinen wrote:
> On Mon, 2021-09-20 at 22:34 +0200, Morten Linderud wrote:
> > Some vendors report faulty values in the acpi TPM2 table. This causes
> 
> Nit: ACPI (not acpi)
> 
> > the function to abort with EIO and essentially short circuits the
> > tpm_read_log function as we never even attempt to read the EFI
> > configuration table for a log.
> 
> Nit: tpm_read_log()
> 
> > This changes the condition to only look for a positive return value,
> > else hands over the eventlog discovery to the EFI configuration table
> 
> "hands over" -> "fallback"
> 
> > which should hopefully work better.
> 
> Please write in imperative form, e.g. "Change...", or perhaps in this
> case "Look...". 
> 
> Hopes are somewhat irrelevant, in the context of a commit message.
> 
> > It's unclear to me if there is a better solution to this then just
> > failing. However, I do not see any clear reason why we can't properly
> > fallback to the EFI configuration table.
> 
> Neither hopes nor doubts help us :-)
> 
> Because the commit message did not discuss any of the code changes
> that were done it is very hard to say much anything of this yet.

Thanks for the review! First kernel patch so all feedback is welcome :)

The code change is essentially just relaxing the return value for the ACPI log
lookup. I'm not quite sure what is missing from the commit message in that
regard? Is the second paragraph insufficient?

> There's also one corner case that was not discussed in the commit
> message.
> 
> The historical reason for not using TPM2 file is that old TPM2's
> did not have that feature. You have to ensure that legacy hardware
> does not break.

This should only relax the cases where an error which is not ENODEV is returned.
Legacy hardware that return ENODEV because the table doesn't exist, or is
missing the log start and length, should be unaffected by this change.

> /Jarkko

Cheers!

-- 
Morten Linderud
PGP: 9C02FF419FECBE16

  reply	other threads:[~2021-09-21 19:28 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-20 20:34 [PATCH] tpm/eventlog: Don't abort tpm_read_log on faulty ACPI config Morten Linderud
2021-09-21 18:58 ` Jarkko Sakkinen
2021-09-21 19:27   ` Morten Linderud [this message]
2022-10-04 22:40 ` Jarkko Sakkinen
2022-10-05  9:31   ` Morten Linderud
2022-10-05 21:07     ` Jarkko Sakkinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210921192751.3ukruxkzukzfw5xl@anathema \
    --to=morten@linderud.pw \
    --cc=jarkko@kernel.org \
    --cc=jgg@ziepe.ca \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=oleksandr@natalenko.name \
    --cc=peterhuewe@gmx.de \
    --cc=stefanb@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).