From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
linux-integrity@vger.kernel.org
Cc: linux-security-module@vger.kernel.org,
Peter Huewe <PeterHuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca>,
Tomas Winkler <tomas.winkler@intel.com>,
Tadeusz Struk <tadeusz.struk@intel.com>,
Stefan Berger <stefanb@linux.vnet.ibm.com>,
Nayna Jain <nayna@linux.ibm.com>,
stable@vger.kernel.org
Subject: Re: [PATCH v10 08/17] tpm: call tpm2_flush_space() on error in tpm_try_transmit()
Date: Tue, 29 Jan 2019 09:06:01 -0800 [thread overview]
Message-ID: <1548781561.2888.33.camel@HansenPartnership.com> (raw)
In-Reply-To: <20190116212342.24524-9-jarkko.sakkinen@linux.intel.com>
On Wed, 2019-01-16 at 23:23 +0200, Jarkko Sakkinen wrote:
[...]
> - rc = tpm2_commit_space(chip, space, ordinal, buf, &len);
> +out_space:
> + if (rc)
> + tpm2_flush_space(chip);
> + else
> + rc = tpm2_commit_space(chip, space, ordinal, buf,
> &len);
I don't think this is quite right. tpm2_flush_space only flushes the
handles it knows about and those are the ones from before the TPM
operation was attempted. If the operation has altered the internal
state we could miss a created handle in this flush and it would
effectively reside forever in the TPM. We should be able to rely on
the TPM preserving the original state if it returns an error, so I
think your patch works for that part. However rc is also set to
-EFAULT on a transmission error and if that's on the receive path, the
TPM may have changed state before the error occurred.
If the object is to move the TPM back to where it was before the error
occurred, even in the case of transmit errors, then I think we need to
invent a new kind of flush that queries the current TPM state and then
flushes everything.
James
next prev parent reply other threads:[~2019-01-29 17:06 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20190116212342.24524-1-jarkko.sakkinen@linux.intel.com>
2019-01-16 21:23 ` [PATCH v10 08/17] tpm: call tpm2_flush_space() on error in tpm_try_transmit() Jarkko Sakkinen
2019-01-29 17:06 ` James Bottomley [this message]
2019-01-29 18:53 ` Jarkko Sakkinen
2019-01-29 19:02 ` James Bottomley
2019-01-29 21:11 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1548781561.2888.33.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=PeterHuewe@gmx.de \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=nayna@linux.ibm.com \
--cc=stable@vger.kernel.org \
--cc=stefanb@linux.vnet.ibm.com \
--cc=tadeusz.struk@intel.com \
--cc=tomas.winkler@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox