From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Stefan Berger" <stefanb@linux.ibm.com>,
<linux-integrity@vger.kernel.org>,
"Peter Huewe" <peterhuewe@gmx.de>,
"Jason Gunthorpe" <jgg@ziepe.ca>
Cc: <linux-kernel@vger.kernel.org>,
"David Howells" <dhowells@redhat.com>,
"James Bottomley" <James.Bottomley@HansenPartnership.com>,
"Mimi Zohar" <zohar@linux.ibm.com>,
"Roberto Sassu" <roberto.sassu@huawei.com>,
"Paul Moore" <paul@paul-moore.com>,
"James Morris" <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Dmitry Kasatkin" <dmitry.kasatkin@gmail.com>,
"Eric Snowberg" <eric.snowberg@oracle.com>,
"open list:KEYS-TRUSTED" <keyrings@vger.kernel.org>,
"open list:SECURITY SUBSYSTEM"
<linux-security-module@vger.kernel.org>,
"Pengyu Ma" <mapengyu@gmail.com>, <stable@vger.kernel.org>
Subject: Re: [PATCH v8 3/3] tpm: Lazily flush the auth session
Date: Mon, 28 Oct 2024 22:56:35 +0200 [thread overview]
Message-ID: <D57QMS2B7KBS.2AR64O934IY0G@kernel.org> (raw)
In-Reply-To: <fa6b6c7d-1b90-40ad-b7f4-73e1a0eef1d5@linux.ibm.com>
On Mon Oct 28, 2024 at 7:52 PM EET, Stefan Berger wrote:
>
> On 10/28/24 1:50 AM, Jarkko Sakkinen wrote:
> > Move the allocation of chip->auth to tpm2_start_auth_session() so that this
> > field can be used as flag to tell whether auth session is active or not.
> >
> > Instead of flushing and reloading the auth session for every transaction
> > separately, keep the session open unless /dev/tpm0 is used.
> >
> > Reported-by: Pengyu Ma <mapengyu@gmail.com>
> > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219229
> > Cc: stable@vger.kernel.org # v6.10+
> > Fixes: 7ca110f2679b ("tpm: Address !chip->auth in tpm_buf_append_hmac_session*()")
> > Tested-by: Pengyu Ma <mapengyu@gmail.com>
> > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
>
> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
> Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Thanks!
Next after this: tpm2_get_random() issues reported.
I think biggest problem with that in general, and independent of bugs,
is that it does not pool random but instead pulls random small chunks.
This is more like performance issue exposed by bus encryption than
introducing a new issue (not formally but with better implementation
would not be necessarily a problem).
BR, Jarkko
prev parent reply other threads:[~2024-10-28 20:56 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-28 5:49 [PATCH v8 0/3] Lazy flush for the auth session Jarkko Sakkinen
2024-10-28 5:49 ` [PATCH v8 1/3] tpm: Return tpm2_sessions_init() when null key creation fails Jarkko Sakkinen
2024-10-28 13:00 ` Stefan Berger
2024-10-28 15:27 ` Jarkko Sakkinen
2024-10-28 5:50 ` [PATCH v8 2/3] tpm: Rollback tpm2_load_null() Jarkko Sakkinen
2024-10-28 6:13 ` Paul Menzel
2024-10-28 12:10 ` Jarkko Sakkinen
2024-10-28 12:38 ` Paul Menzel
2024-10-28 12:42 ` Jarkko Sakkinen
2024-10-30 15:47 ` James Bottomley
2024-10-30 23:44 ` Jarkko Sakkinen
2024-10-30 23:50 ` Jarkko Sakkinen
2024-10-28 5:50 ` [PATCH v8 3/3] tpm: Lazily flush the auth session Jarkko Sakkinen
2024-10-28 17:52 ` Stefan Berger
2024-10-28 20:56 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D57QMS2B7KBS.2AR64O934IY0G@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=eric.snowberg@oracle.com \
--cc=jgg@ziepe.ca \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mapengyu@gmail.com \
--cc=paul@paul-moore.com \
--cc=peterhuewe@gmx.de \
--cc=roberto.sassu@huawei.com \
--cc=serge@hallyn.com \
--cc=stable@vger.kernel.org \
--cc=stefanb@linux.ibm.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).