From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0E4B718FDC2; Mon, 28 Oct 2024 20:56:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730149000; cv=none; b=Qek8tbM4+YAjGV+HQC0cBtnuT/UUZb1yH7hHJ/+6ZdUXoVRDcYjAg2w3Xpd9idVudhfUiK+TvtlVDTfumZYZPQJQ4klP05NtJQWUVREeqvjqBzAd4LonpH7T3qa/4kKJdPP4aaNu3FsKqXlZeh5HV50A0wFVoYX9dVEpv4LgUAM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730149000; c=relaxed/simple; bh=2xirGwapAOhwwW98vmdKD/TKyBtsn31rVeuL8cNBJcI=; h=Mime-Version:Content-Type:Date:Message-Id:Cc:Subject:From:To: References:In-Reply-To; b=etEAQlGiz7FBlnWuhDJkRzeYc2U7H8vgqMs3S0Ga13Wu5hyeqtqNkca8NJ2kX68wnap4vHG13iU70dpz7DssoOiO0CErneAUyRu6lCLhvKxdDgFvxss+jhondmJN4ZqvUTk5z3FlC990Xbh5ovSkWDnJuVz6ZThEK7uWjQt/W4w= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=M9FnZOIS; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="M9FnZOIS" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0DC9AC4CEC3; Mon, 28 Oct 2024 20:56:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1730148999; bh=2xirGwapAOhwwW98vmdKD/TKyBtsn31rVeuL8cNBJcI=; h=Date:Cc:Subject:From:To:References:In-Reply-To:From; b=M9FnZOISibfA10+UTcpJU5tbxUpfyoN6N8q+2QG8q1Wc0cfJQcoStpPdEBvwu+a4L 4zRnqq/gZX+0WWVrWJxL/h6SjpD4LsXzCOwFE1pdZmaiY4sR6XMOBUG2pcBeQ+0KQK O+6evVBtXppq31T/seQi/9hu5VmKewQ5VQHuDQUc6W5ePOMDMWkqVuqH/rOblTA5EX /6ZXOv+sFXrbQ/8F8YqMCUdAalxat97uZz/sQtSVVtxvmnqYjyBHBAF/ZTiBvGzTkK H2y1+SvZHYoEpOaBIZJdLR1JmFVQKIyp53BFy4kV41AwuibgMwhJ7eXITvWgW8DJ11 6vsqjl2sMEP4Q== Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Mon, 28 Oct 2024 22:56:35 +0200 Message-Id: Cc: , "David Howells" , "James Bottomley" , "Mimi Zohar" , "Roberto Sassu" , "Paul Moore" , "James Morris" , "Serge E. Hallyn" , "Dmitry Kasatkin" , "Eric Snowberg" , "open list:KEYS-TRUSTED" , "open list:SECURITY SUBSYSTEM" , "Pengyu Ma" , Subject: Re: [PATCH v8 3/3] tpm: Lazily flush the auth session From: "Jarkko Sakkinen" To: "Stefan Berger" , , "Peter Huewe" , "Jason Gunthorpe" X-Mailer: aerc 0.18.2 References: <20241028055007.1708971-1-jarkko@kernel.org> <20241028055007.1708971-4-jarkko@kernel.org> In-Reply-To: On Mon Oct 28, 2024 at 7:52 PM EET, Stefan Berger wrote: > > On 10/28/24 1:50 AM, Jarkko Sakkinen wrote: > > Move the allocation of chip->auth to tpm2_start_auth_session() so that = this > > field can be used as flag to tell whether auth session is active or not= . > >=20 > > Instead of flushing and reloading the auth session for every transactio= n > > separately, keep the session open unless /dev/tpm0 is used. > >=20 > > Reported-by: Pengyu Ma > > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=3D219229 > > Cc: stable@vger.kernel.org # v6.10+ > > Fixes: 7ca110f2679b ("tpm: Address !chip->auth in tpm_buf_append_hmac_s= ession*()") > > Tested-by: Pengyu Ma > > Signed-off-by: Jarkko Sakkinen > > Reviewed-by: Stefan Berger > Tested-by: Stefan Berger Thanks! Next after this: tpm2_get_random() issues reported. I think biggest problem with that in general, and independent of bugs, is that it does not pool random but instead pulls random small chunks. This is more like performance issue exposed by bus encryption than introducing a new issue (not formally but with better implementation would not be necessarily a problem). BR, Jarkko