Re: [PATCH v6 5/5] tpm: flush the auth session only when /dev/tpm0 is open

linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Jarkko Sakkinen" <jarkko@kernel.org>,
	"Peter Huewe" <peterhuewe@gmx.de>,
	"Jason Gunthorpe" <jgg@ziepe.ca>
Cc: "Stefan Berger" <stefanb@linux.ibm.com>,
	"Pengyu Ma" <mapengyu@gmail.com>, <stable@vger.kernel.org>,
	<linux-integrity@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v6 5/5] tpm: flush the auth session only when /dev/tpm0 is open
Date: Sat, 19 Oct 2024 22:55:02 +0300	[thread overview]
Message-ID: <D501OQWL1TT4.24C0QEV958D75@kernel.org> (raw)
In-Reply-To: <20241015205842.117300-6-jarkko@kernel.org>

On Tue Oct 15, 2024 at 11:58 PM EEST, Jarkko Sakkinen wrote:
> Instead of flushing and reloading the auth session for every single
> transaction, keep the session open unless /dev/tpm0 is used. In practice
> this means applying TPM2_SA_CONTINUE_SESSION to the session attributes.
> Flush the session always when /dev/tpm0 is written.
>
> Reported-by: Pengyu Ma <mapengyu@gmail.com>
> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219229
> Cc: stable@vger.kernel.org # v6.10+
> Fixes: 7ca110f2679b ("tpm: Address !chip->auth in tpm_buf_append_hmac_session*()")
> Tested-by: Pengyu Ma <mapengyu@gmail.com>
> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
> ---
> v5:
> - No changes.
> v4:
> - Changed as bug.
> v3:
> - Refined the commit message.
> - Removed the conditional for applying TPM2_SA_CONTINUE_SESSION only when
>   /dev/tpm0 is open. It is not required as the auth session is flushed,
>   not saved.
> v2:
> - A new patch.
> ---
>  drivers/char/tpm/tpm-chip.c       | 1 +
>  drivers/char/tpm/tpm-dev-common.c | 1 +
>  drivers/char/tpm/tpm-interface.c  | 1 +
>  drivers/char/tpm/tpm2-sessions.c  | 3 +++
>  4 files changed, 6 insertions(+)
>
> diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
> index 0ea00e32f575..7a6bb30d1f32 100644
> --- a/drivers/char/tpm/tpm-chip.c
> +++ b/drivers/char/tpm/tpm-chip.c
> @@ -680,6 +680,7 @@ void tpm_chip_unregister(struct tpm_chip *chip)
>  	rc = tpm_try_get_ops(chip);
>  	if (!rc) {
>  		if (chip->flags & TPM_CHIP_FLAG_TPM2) {
> +			tpm2_end_auth_session(chip);
>  			tpm2_flush_context(chip, chip->null_key);
>  			chip->null_key = 0;
>  		}
> diff --git a/drivers/char/tpm/tpm-dev-common.c b/drivers/char/tpm/tpm-dev-common.c
> index 4bc07963e260..c6fdeb4feaef 100644
> --- a/drivers/char/tpm/tpm-dev-common.c
> +++ b/drivers/char/tpm/tpm-dev-common.c
> @@ -29,6 +29,7 @@ static ssize_t tpm_dev_transmit(struct tpm_chip *chip, struct tpm_space *space,
>  
>  #ifdef CONFIG_TCG_TPM2_HMAC
>  	if (chip->flags & TPM_CHIP_FLAG_TPM2) {
> +		tpm2_end_auth_session(chip);
>  		tpm2_flush_context(chip, chip->null_key);

The reporter has done already too much so unless someone is willing to
verify these with matching hardware specs patch by patch I'm not into
meking any changes. It makes the flow factors better still what it used
to be and final result is not messy. It is good enough in my books and
performance fixes are sensitive.

BR, Jarkko

     prev parent reply	other threads:[~2024-10-19 19:55 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20241015205842.117300-1-jarkko@kernel.org>
2024-10-15 20:58 ` [PATCH v6 1/5] tpm: Return on tpm2_create_null_primary() failure Jarkko Sakkinen
2024-10-19 19:39   ` Jarkko Sakkinen
2024-10-15 20:58 ` [PATCH v6 2/5] tpm: Implement tpm2_load_null() rollback Jarkko Sakkinen
2024-10-15 20:58 ` [PATCH v6 3/5] tpm: flush the null key only when /dev/tpm0 is accessed Jarkko Sakkinen
2024-10-15 20:58 ` [PATCH v6 4/5] tpm: Allocate chip->auth in tpm2_start_auth_session() Jarkko Sakkinen
2024-10-15 20:58 ` [PATCH v6 5/5] tpm: flush the auth session only when /dev/tpm0 is open Jarkko Sakkinen
2024-10-19 19:55   ` Jarkko Sakkinen [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=D501OQWL1TT4.24C0QEV958D75@kernel.org \
    --to=jarkko@kernel.org \
    --cc=jgg@ziepe.ca \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mapengyu@gmail.com \
    --cc=peterhuewe@gmx.de \
    --cc=stable@vger.kernel.org \
    --cc=stefanb@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).