From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-kernel@vger.kernel.org, James Morris <jmorris@namei.org>,
David Safford <safford@watson.ibm.com>,
Serge Hallyn <serue@linux.vnet.ibm.com>
Subject: Re: [PATCH 1/3] integrity: TPM internel kernel interface
Date: Wed, 22 Oct 2008 09:49:44 -0500 [thread overview]
Message-ID: <20081022144944.GC21612@us.ibm.com> (raw)
In-Reply-To: <1224679633.2786.20.camel@dyn536723.br.ibm.com>
Quoting Rajiv Andrade (srajiv@linux.vnet.ibm.com):
> On Tue, 2008-10-14 at 17:23 -0500, Serge E. Hallyn wrote:
> > Quoting Mimi Zohar (zohar@linux.vnet.ibm.com):
> > > The internal TPM kernel interface did not protect itself from
> > > the removal of the TPM driver, while being used. We continue
> > > to protect the tpm_chip_list using the driver_lock as before,
> > > and are using an rcu lock to protect readers. The internal TPM
> >
> > I still would like to see this spelled out somewhere - correct me
> > if I'm wrong but none of the patches sent so far have this spelled
> > out in in-line comments, do they?
> >
> > It does look sane:
> >
> > 1. writes to tpm_chip_list are protected by driver_lock
> > 2. readers of the list are protected by rcu
> > 3. chips which are read from the tpm_chip_list, if they
> > are used outside of the rcu_read_lock(), are pinned
> > using get_device(chip->dev) before releasing the
> > rcu_read_lock.
> >
> > Like I say it looks sane, but something like the above summary
> > could stand to be in a comment on top of tpm.c or something.
> >
> No problem, I'll submit a patch containing a proper comment section to
> be applied on top of these, maybe after they get accepted.
Great, thanks.
> > > kernel interface now protects itself from the driver being
> > > removed by incrementing the module reference count.
> > >
> > > Resubmitting integrity-tpm-internal-kernel-interface.patch, which
> > > was previously Signed-off-by Kylene Hall.
> > > Updated per feedback:
> > >
> > > Adds the following support:
> > > - make internal kernel interface to transmit TPM commands global
> > > - adds reading a pcr value
> > > - adds extending a pcr value
> > > - adds lookup the tpm_chip for given chip number and type
> > >
> > > Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
> > > Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
> >
> > Now there are other, existing callers of tpm_transmit. Are they
> > all protected by sysfs pinning the kobject and thereby the device,
> > for the duration of the call?
> >
>
> They aren't called through sysfs, but are still protected. These new
> functions get chip data consistently by using rcu_read. Then, after
> computing what's intended to be written back to the chip, tpm_transmit
> sends the new data while using tpm_mutex, so both operations are
> performed without the risk of a race condition.
Can you show me where the refcount for dev is incremented (under the
rcu_read_lock), either in sysfs code or tpm code? I'm not finding
it, but it may just be done in some subtle way that I'm glossing over.
thanks,
-serge
next prev parent reply other threads:[~2008-10-22 16:09 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-13 17:17 [PATCH 0/3] integrity Mimi Zohar
2008-10-13 17:17 ` [PATCH 1/3] integrity: TPM internel kernel interface Mimi Zohar
2008-10-14 22:23 ` Serge E. Hallyn
2008-10-22 12:47 ` Rajiv Andrade
2008-10-22 14:49 ` Serge E. Hallyn [this message]
2008-10-24 20:16 ` Rajiv Andrade
2008-10-24 20:31 ` Serge E. Hallyn
2008-10-13 17:17 ` [PATCH 2/3] integrity: Linux Integrity Module(LIM) Mimi Zohar
2008-10-14 13:28 ` Christoph Hellwig
2008-10-14 15:27 ` david safford
2008-10-14 15:53 ` Serge E. Hallyn
2008-10-14 17:06 ` david safford
2008-10-20 15:12 ` Serge E. Hallyn
2008-10-24 14:47 ` Mimi Zohar
2008-10-31 16:22 ` Serge E. Hallyn
2008-10-31 16:51 ` Dave Hansen
2008-10-31 19:48 ` Mimi Zohar
2008-10-14 23:27 ` Serge E. Hallyn
2008-10-31 16:40 ` Dave Hansen
2008-10-31 19:35 ` Mimi Zohar
2008-10-31 21:02 ` Dave Hansen
2008-11-02 22:57 ` Serge E. Hallyn
2008-10-13 17:17 ` [PATCH 3/3] integrity: IMA as an integrity service provider Mimi Zohar
2008-10-15 3:32 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081022144944.GC21612@us.ibm.com \
--to=serue@us.ibm.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=safford@watson.ibm.com \
--cc=serue@linux.vnet.ibm.com \
--cc=srajiv@linux.vnet.ibm.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.