From: Jarkko Sakkinen <jarkko@kernel.org>
To: "Michal Suchánek" <msuchanek@suse.de>
Cc: Jonathan McDowell <noodles@earth.li>, linux-integrity@vger.kernel.org
Subject: Re: TPM operation times out (very rarely)
Date: Sat, 1 Mar 2025 04:13:23 +0200 [thread overview]
Message-ID: <Z8JtQ4qKSjKsJZ52@kernel.org> (raw)
In-Reply-To: <Z7xuTRrJqeSDH4hR@kitsune.suse.cz>
On Mon, Feb 24, 2025 at 02:04:13PM +0100, Michal Suchánek wrote:
> On Mon, Feb 10, 2025 at 07:32:53PM +0200, Jarkko Sakkinen wrote:
> > On Mon Feb 10, 2025 at 6:18 PM EET, Jonathan McDowell wrote:
> > > Who then handles the ERESTARTSYS though? Part of the issues we've seen
> > > is the failure happens in a context save or load, which is all within
> > > the kernel rather than directly under the control of userspace. I'm
> > > guessing the HMAC changes are likely to hit similar problems. I think
> > > some level of timeout improvement in tpm_transmit is appropriate, if we
> > > can work out what it should be.
> >
> > Right I get what you mean, not all transmits initiate from syscalls
> > And obviously this can happen without hmac too with tpmrm0.
> >
> > Hmm... so I'm open for a patch that radically simplifies the state
> > change timeouts, i.e. sort of part of that old patch.
>
> There is also another aspect to this:
>
> What happens when the context save/load result is dropped on the floor?
Trying to understand what are you meaning by this. Are you speaking
about scenario where after the operation context operations fail
inside kernel?
>
> There was other call that can take a very long time: get random number.
> And while dropping a random number that took a long time ito fabricate
> on the floor is wasteful it does not cause any real problem.
>
> With the context save/load, however, the context state gets
> desynchronized between TPM and kernel when the result of the call is
> ignored.
>
> If the kernel cannot correct the state by examining return value from
> later calls the TPM can effectively become defunct because the kernel
> will call the wrong context operation, it will return unexpected value
> which the kernel interprets as failure, and no operation can be
> performed.
I got lost in the beginning so not yet sure about this (not same
as rejecting, also I'm responding from holiday).
Not really sure if this related but I'll just this here.
We could possibly identify some expensive TPM commands that
fill these requirements:
1. Don't run in a session.
2. Don't cause handles to be created (neither sessions nor
objects).
and executed as they were put to /dev/tpm0. At least we might
be able to do this for TPM2_GetRandom.
>
> Thanks
>
> Michal
BR, Jarkko
next prev parent reply other threads:[~2025-03-01 2:13 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-29 15:27 TPM operation times out (very rarely) Michal Suchánek
2025-01-29 16:02 ` Jonathan McDowell
2025-01-29 16:20 ` Michal Suchánek
2025-01-29 17:14 ` Jonathan McDowell
2025-01-29 17:25 ` Michal Suchánek
2025-01-30 23:31 ` Jarkko Sakkinen
2025-01-31 8:35 ` Michal Suchánek
2025-01-31 10:25 ` Jarkko Sakkinen
2025-01-31 13:02 ` Michal Suchánek
2025-01-31 17:12 ` Jarkko Sakkinen
2025-01-31 17:28 ` Michal Suchánek
2025-01-31 19:31 ` Jarkko Sakkinen
2025-02-05 13:26 ` Michal Suchánek
2025-02-05 13:45 ` Michal Suchánek
2025-02-05 14:29 ` Jonathan McDowell
2025-02-05 15:29 ` Michal Suchánek
2025-02-06 20:35 ` Jarkko Sakkinen
2025-02-07 9:26 ` Jonathan McDowell
2025-02-07 9:40 ` Michal Suchánek
2025-02-07 9:47 ` Jonathan McDowell
2025-02-07 9:58 ` Michal Suchánek
2025-02-10 16:13 ` Jonathan McDowell
2025-02-10 17:30 ` Jarkko Sakkinen
2025-02-08 20:29 ` Jarkko Sakkinen
2025-02-10 16:18 ` Jonathan McDowell
2025-02-10 17:32 ` Jarkko Sakkinen
2025-02-24 13:04 ` Michal Suchánek
2025-03-01 2:13 ` Jarkko Sakkinen [this message]
2025-03-05 12:20 ` Michal Suchánek
2025-03-06 22:29 ` Jarkko Sakkinen
2025-03-27 12:57 ` Michal Suchánek
2025-03-27 13:15 ` Jarkko Sakkinen
2025-02-19 22:29 ` Jonathan McDowell
2025-02-20 8:42 ` Michal Suchánek
2025-02-21 12:44 ` Jonathan McDowell
2025-02-24 12:21 ` Michal Suchánek
2025-02-24 12:56 ` Michal Suchánek
2025-03-01 2:03 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z8JtQ4qKSjKsJZ52@kernel.org \
--to=jarkko@kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=msuchanek@suse.de \
--cc=noodles@earth.li \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).