From: Jarkko Sakkinen <jarkko@kernel.org>
To: James Bottomley <James.Bottomley@HansenPartnership.com>,
Jerry Snitselaar <jsnitsel@redhat.com>
Cc: linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
William Roberts <bill.c.roberts@gmail.com>,
Stefan Berger <stefanb@linux.ibm.com>,
David Howells <dhowells@redhat.com>,
Jason Gunthorpe <jgg@ziepe.ca>, Mimi Zohar <zohar@linux.ibm.com>,
Peter Huewe <peterhuewe@gmx.de>,
Mario Limonciello <mario.limonciello@amd.com>,
Julien Gomes <julien@arista.com>,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v3 1/6] tpm: Move buffer handling from static inlines to real functions
Date: Sun, 05 Nov 2023 23:59:31 +0200 [thread overview]
Message-ID: <3e69c10c5d03ab2ccf7bda82b7ed9991dbced523.camel@kernel.org> (raw)
In-Reply-To: <d468a3f18e871f2af4db9c104d393866849ff2d0.camel@HansenPartnership.com>
On Thu, 2023-10-26 at 13:55 -0400, James Bottomley wrote:
> On Thu, 2023-10-26 at 10:10 -0700, Jerry Snitselaar wrote:
> > On Wed, Oct 25, 2023 at 08:35:55PM +0300, Jarkko Sakkinen wrote:
> > > On Wed Oct 25, 2023 at 12:03 PM EEST, Jerry Snitselaar wrote:
> > > > Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
> > >
> > > On Wed, 2023-10-25 at 02:03 -0700, Jerry Snitselaar wrote:
> > > > Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
> > > >
> > >
> > > Thanks I'll add it to the next round.
> > >
> > > For the tpm_buf_read(), I was thinking along the lines of:
> > >
> > > /**
> > > * tpm_buf_read() - Read from a TPM buffer
> > > * @buf: &tpm_buf instance
> > > * @pos: position within the buffer
> > > * @count: the number of bytes to read
> > > * @output: the output buffer
> > > *
> > > * Read bytes from a TPM buffer, and update the position. Returns
> > > false when the
> > > * amount of bytes requested would overflow the buffer, which is
> > > expected to
> > > * only happen in the case of hardware failure.
> > > */
> > > static bool tpm_buf_read(const struct tpm_buf *buf, off_t *pos,
> > > size_t count, void *output)
> > > {
> > > off_t next = *pos + count;
> > >
> > > if (next >= buf->length) {
> > > pr_warn("%s: %lu >= %lu\n", __func__, next,
> > > *offset);
> > > return false;
> > > }
> > >
> > > memcpy(output, &buf->data[*pos], count);
> > > *offset = next;
> > > return true;
> > > }
> > >
> > > BR, Jarkko
> > >
> >
> > Then the callers will check, and return -EIO?
>
> Really, no, why would we do that?
>
> The initial buffer is a page and no TPM currently can have a command
> that big, so if the buffer overflows, it's likely a programming error
> (failure to terminate loop or something) rather than a runtime one (a
> user actually induced a command that big and wanted it to be sent to
> the TPM). The only reason you might need to check is the no-alloc case
> and you passed in a much smaller buffer, but even there, I would guess
> it will come down to a coding fault not a possible runtime error.
Yeah, this was my thinking too. So in HMAC case you anyway would not
need to check it because crypto is destined to fail anyway.
Returning boolean here does no harm so I thought that this is overally
good compromise.
BR, Jarkko
next prev parent reply other threads:[~2023-11-05 21:59 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20231024011531.442587-1-jarkko@kernel.org>
2023-10-24 1:15 ` [PATCH v3 1/6] tpm: Move buffer handling from static inlines to real functions Jarkko Sakkinen
2023-10-25 9:03 ` Jerry Snitselaar
2023-10-25 17:35 ` Jarkko Sakkinen
2023-10-26 17:10 ` Jerry Snitselaar
2023-10-26 17:55 ` James Bottomley
2023-10-26 18:19 ` Jerry Snitselaar
2023-11-05 21:59 ` Jarkko Sakkinen [this message]
2023-11-05 22:01 ` Jarkko Sakkinen
2023-11-05 22:42 ` James Bottomley
2023-11-05 21:57 ` Jarkko Sakkinen
2023-10-24 1:15 ` [PATCH v3 2/6] tpm: Store TPM buffer length Jarkko Sakkinen
2023-11-06 19:26 ` Jerry Snitselaar
2023-11-15 21:02 ` Jarkko Sakkinen
2023-11-06 19:36 ` Jerry Snitselaar
2023-11-15 21:04 ` Jarkko Sakkinen
2023-10-24 1:15 ` [PATCH v3 3/6] tpm: Detach tpm_buf_reset() from tpm_buf_init() Jarkko Sakkinen
2023-11-06 19:31 ` Jerry Snitselaar
2023-11-15 21:03 ` Jarkko Sakkinen
2023-10-24 1:15 ` [PATCH v3 4/6] tpm: Support TPM2 sized buffers (TPM2B) Jarkko Sakkinen
[not found] ` <d4157726d924a3ddad477923d6bcb4a8e6a55e60.camel@HansenPartnership.com>
2023-11-06 3:25 ` Jarkko Sakkinen
2023-11-07 17:20 ` Jerry Snitselaar
2023-11-15 21:24 ` Jarkko Sakkinen
2023-10-24 1:15 ` [PATCH v3 5/6] tpm: Add tpm_buf_read_{u8,u16,u32} Jarkko Sakkinen
2023-10-24 1:38 ` Mario Limonciello
2023-10-24 10:52 ` Jarkko Sakkinen
2023-10-27 12:24 ` James Bottomley
2023-11-06 3:22 ` Jarkko Sakkinen
2023-10-24 1:15 ` [PATCH v3 6/6] KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3e69c10c5d03ab2ccf7bda82b7ed9991dbced523.camel@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=bill.c.roberts@gmail.com \
--cc=dhowells@redhat.com \
--cc=jgg@ziepe.ca \
--cc=jsnitsel@redhat.com \
--cc=julien@arista.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mario.limonciello@amd.com \
--cc=peterhuewe@gmx.de \
--cc=stefanb@linux.ibm.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).