From: Jarkko Sakkinen <jarkko@kernel.org>
To: linux-integrity@vger.kernel.org
Cc: Stefano Garzarella <sgarzare@redhat.com>,
David Howells <dhowells@redhat.com>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"open list:KEYS/KEYRINGS" <keyrings@vger.kernel.org>,
"open list:SECURITY SUBSYSTEM"
<linux-security-module@vger.kernel.org>,
open list <linux-kernel@vger.kernel.org>,
ross.philipson@oracle.com
Subject: Re: [PATCH v10 0/4] tpm: robust stack allocations
Date: Sun, 21 Sep 2025 15:54:32 +0300 [thread overview]
Message-ID: <aM_1iLAsl1wpkl6n@kernel.org> (raw)
In-Reply-To: <20250921020804.1088824-1-jarkko@kernel.org>
On Sun, Sep 21, 2025 at 05:08:00AM +0300, Jarkko Sakkinen wrote:
> 1. These are previous changes to tpm_buf, which make stack allocations
> much more feasible than previously.
> 2. Migrate low-hanging fruit to use stack allocations.
I highly unlikely would put this to 6.18 PR. The first patch huge but at
the same time it is still a "logical change". Splitting it would make it
less understandable. It's also quite stable and the despite many
changes, most of them are mechanical changes (some of them I've even
done originally with an LLM called 'sed').
IMHO reason to split should not be based no size but exactly on logical
steps.
After these few quick rounds I take some time and work on tpm1/tpm2-cmd
to make them follow a builder pattern. This helps e.g., TrenchBoot to
accomplish their goals more easily as builders translate easily to
early boot situations. In addition, making memory management more
stack oriented usually tends to help with such situations.
So the next thing for this patch set is to make things work with parse,
build and transmission decoupled from each other, and it will be as
substantial change as the first patch but can be split into smaller
patches as it does not change the global economy.
An example with tpm2_pcr_read:
1. tpm2_build_pcr_read(), which takes pre-initialized
tpm_buf() and same parameter as today.
2. tpm_transmit()
3. tpm2_parse_pcr_read(), which takes resulting tpm_buf
and parses it to a struct, let's say tpm2_pcr_read_result.
And similar decoupling is done for TPM 1 commands as they also need
to translate between environments.
Obviously outer facing tpm-interface.c API can still respond to old
API calls for the time being.
Other stuff:
1. tpm_buf_* from include/linux/tpm.j migrate to include/linux/tpm_buf.h
2. builders: tpm1_build.c, tpm2_build.c
3. parsers: tpm1_parse.c, tpm2_parse.c
Most likely at least at first landing some redundancy is required for
Trenchboto and physical transmission path. By doing what I have
described we can set a limit to the amount redunancy :-)
>
> Jarkko Sakkinen (4):
> tpm: Make TPM buffer allocations more robust
> tpm, tpm1-cmd: Use stack for trivial cases
> tpm, tpm2-cmd: Use stack for trivial cases
> tpm_vpm_proxy: Use stack for TPM_CC_SET_LOCALITY
>
> drivers/char/tpm/tpm-buf.c | 137 ++++++----
> drivers/char/tpm/tpm-dev-common.c | 4 +-
> drivers/char/tpm/tpm-dev.h | 2 +-
> drivers/char/tpm/tpm-interface.c | 4 +-
> drivers/char/tpm/tpm-sysfs.c | 20 +-
> drivers/char/tpm/tpm.h | 3 +-
> drivers/char/tpm/tpm1-cmd.c | 151 +++++------
> drivers/char/tpm/tpm2-cmd.c | 297 ++++++++++------------
> drivers/char/tpm/tpm2-sessions.c | 121 +++++----
> drivers/char/tpm/tpm2-space.c | 44 ++--
> drivers/char/tpm/tpm_tis_i2c.c | 4 +-
> drivers/char/tpm/tpm_vtpm_proxy.c | 34 +--
> include/linux/tpm.h | 28 +-
> security/keys/trusted-keys/trusted_tpm1.c | 34 ++-
> security/keys/trusted-keys/trusted_tpm2.c | 156 ++++++------
> 15 files changed, 493 insertions(+), 546 deletions(-)
>
> --
> 2.39.5
>
BR, Jarkko
prev parent reply other threads:[~2025-09-21 12:54 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-21 2:08 [PATCH v10 0/4] tpm: robust stack allocations Jarkko Sakkinen
2025-09-21 2:08 ` [PATCH v10 1/4] tpm: Make TPM buffer allocations more robust Jarkko Sakkinen
2025-09-21 8:53 ` kernel test robot
2025-09-22 8:44 ` Stefano Garzarella
2025-09-23 14:30 ` Jarkko Sakkinen
2025-09-24 10:10 ` Stefano Garzarella
2025-09-21 2:08 ` [PATCH v10 2/4] tpm, tpm1-cmd: Use stack for trivial cases Jarkko Sakkinen
2025-09-21 2:08 ` [PATCH v10 3/4] tpm, tpm2-cmd: " Jarkko Sakkinen
2025-09-21 2:08 ` [PATCH v10 4/4] tpm_vpm_proxy: Use stack for TPM_CC_SET_LOCALITY Jarkko Sakkinen
2025-09-22 8:46 ` Stefano Garzarella
2025-09-23 14:30 ` Jarkko Sakkinen
2025-09-21 12:54 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aM_1iLAsl1wpkl6n@kernel.org \
--to=jarkko@kernel.org \
--cc=dhowells@redhat.com \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=ross.philipson@oracle.com \
--cc=serge@hallyn.com \
--cc=sgarzare@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).