From: Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
To: Jarkko Sakkinen
<jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
Cc: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Subject: Re: [PATCH v4 3/8] tpm: validate event log access before tpm_bios_log_setup
Date: Mon, 3 Oct 2016 10:35:16 -0600 [thread overview]
Message-ID: <20161003163516.GB6801@obsidianresearch.com> (raw)
In-Reply-To: <20161003123523.GC9990-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
On Mon, Oct 03, 2016 at 03:35:23PM +0300, Jarkko Sakkinen wrote:
> > > The scheme you suggested is also way off the mark for how fops works,
> > > fops->close has no relation to the needed duration for 'data', the
> > > duration is related to securityfs_remove.
> >
> > Right, the above would not work because it's not linked to
> > securityfs_remove by any means.
> >
> You have to provide something factors more concrete. Otherwise,
> I'm inclined to accept the approach in Naynas patch. It's an
> improvement.
I said I haven't checked the patch yet to see if the lifetime model
for 'data' with securityfs is correct. Only that it matches the only
other user of this feature..
I looked more carefully, and I still can't find the right sort of
locking in securityfs_remove..
> > Are you trying to say that after securityfs_remove() there might be a
> > "grace period" when user space could still see the files visible and
> > open them?
Sort of, the typical race is broadly
CPU0 CPU1
fops->open()
securityfs_remove()
kref_put(chip)
kfree(chip)
kref_get(data->chip.kref)
This race should always be analyzed when working with user files.
We deal with this situation in the other user interface:
- cdev uses 'chip->cdev.kobj.parent = &chip->dev.kobj;' and the cdev
core handles get/put of the chip at the proper time
- sysfs uses kernfs_drain which guarentees nothing is running in any
callback before returning
I suspect securityfs_remove is defective in this regard. Eg debugfs is
built on the same libfs scheme as securityfs and it incorporates the
mechanism around 'debugfs_use_file_start/etc' to provide sensible
removal fencing.
I don't know if there is a simple fix, so mabye the best thing is to
just leave it be with a comment saying it securityfs_remove probably
races with fops->open(), and that should be fixed inside securityfs
not tpm.
The file operations are also missing '.owner = THIS_MODULE' which is
bad as well.
Jason
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
next prev parent reply other threads:[~2016-10-03 16:35 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-28 8:34 [PATCH v4 0/8] tpm: add the securityfs pseudo files support for TPM 2.0 firmware event log Nayna Jain
[not found] ` <1475051682-23060-1-git-send-email-nayna-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-09-28 8:34 ` [PATCH v4 1/8] tpm: define a generic open() method for ascii & bios measurements Nayna Jain
2016-09-28 8:34 ` [PATCH v4 2/8] tpm: replace dynamically allocated bios_dir with dentry array Nayna Jain
[not found] ` <1475051682-23060-3-git-send-email-nayna-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-09-30 18:27 ` Jarkko Sakkinen
[not found] ` <20160930182703.GA9595-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-09-30 18:30 ` Jason Gunthorpe
[not found] ` <20160930183026.GC1867-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-09-30 19:48 ` Jarkko Sakkinen
[not found] ` <20160930194825.GB12710-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-09-30 20:31 ` Jason Gunthorpe
[not found] ` <20160930203147.GB5722-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-10-01 12:06 ` Jarkko Sakkinen
2016-10-01 12:27 ` Jarkko Sakkinen
2016-09-28 8:34 ` [PATCH v4 3/8] tpm: validate event log access before tpm_bios_log_setup Nayna Jain
[not found] ` <1475051682-23060-4-git-send-email-nayna-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-09-30 18:57 ` Jarkko Sakkinen
[not found] ` <20160930185742.GB9595-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-09-30 19:11 ` Jason Gunthorpe
[not found] ` <20160930191112.GA5722-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-09-30 19:45 ` Jarkko Sakkinen
[not found] ` <20160930194538.GA12710-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-10-01 2:42 ` Jason Gunthorpe
[not found] ` <20161001024213.GA13028-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-10-01 11:35 ` Jarkko Sakkinen
2016-10-01 12:01 ` Jarkko Sakkinen
[not found] ` <20161001120125.GC8664-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-10-01 14:28 ` Jarkko Sakkinen
2016-10-01 16:54 ` Jason Gunthorpe
[not found] ` <20161001165436.GB13462-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-10-01 19:32 ` Jarkko Sakkinen
[not found] ` <20161001193239.GA3862-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-10-01 23:19 ` Jarkko Sakkinen
2016-10-02 21:25 ` Jason Gunthorpe
[not found] ` <20161002212551.GB25872-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-10-03 12:20 ` Jarkko Sakkinen
[not found] ` <20161003122013.GA9990-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-10-03 12:35 ` Jarkko Sakkinen
[not found] ` <20161003123523.GC9990-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-10-03 16:35 ` Jason Gunthorpe [this message]
[not found] ` <20161003163516.GB6801-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-10-03 20:22 ` Jarkko Sakkinen
[not found] ` <20161003202230.GA14624-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-10-03 21:11 ` Jason Gunthorpe
[not found] ` <20161003211129.GA26880-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-10-04 5:26 ` Jarkko Sakkinen
[not found] ` <20161004052651.GB10572-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-10-04 17:12 ` Jason Gunthorpe
[not found] ` <20161004171231.GB17149-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-10-05 8:10 ` Jarkko Sakkinen
2016-10-06 20:11 ` Nayna
[not found] ` <57F6AFF1.4000103-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-10-06 20:17 ` Jason Gunthorpe
2016-10-06 19:58 ` Nayna
[not found] ` <57F6ACF7.6000408-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-10-06 20:12 ` Jason Gunthorpe
2016-10-06 19:56 ` Nayna
[not found] ` <57F6AC7D.9070507-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-10-06 20:10 ` Jason Gunthorpe
[not found] ` <20161006201047.GA12085-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-10-06 20:53 ` Nayna
2016-10-13 18:51 ` Nayna
[not found] ` <57FFD79F.7080405-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-10-19 2:10 ` Nayna
2016-10-03 17:14 ` Jason Gunthorpe
[not found] ` <20161003171419.GE6801-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-10-09 4:17 ` Nayna
[not found] ` <57F9C4C4.2070508-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-10-09 23:25 ` Jason Gunthorpe
[not found] ` <20161009232544.GC24139-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-10-10 1:53 ` Nayna
[not found] ` <57FAF49D.7040009-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-10-10 3:21 ` Jason Gunthorpe
[not found] ` <20161010032113.GA26363-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-10-10 4:13 ` Nayna
[not found] ` <57FB1551.9000806-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-10-11 16:51 ` Jason Gunthorpe
[not found] ` <20161011165143.GA6881-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-10-11 19:11 ` Nayna
[not found] ` <57FD3949.9050302-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-10-11 20:15 ` Jason Gunthorpe
[not found] ` <20161011201558.GB21656-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-10-12 5:16 ` Nayna
2016-10-13 18:53 ` Nayna
2016-09-28 8:34 ` [PATCH v4 4/8] tpm: redefine read_log() to handle ACPI/OF at runtime Nayna Jain
[not found] ` <1475051682-23060-5-git-send-email-nayna-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-09-30 19:05 ` Jarkko Sakkinen
[not found] ` <20160930190511.GC9595-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-10-06 20:38 ` Nayna
[not found] ` <57F6B647.1070206-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-10-09 11:29 ` Nayna
[not found] ` <57FA2A0B.7060404-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-10-09 12:05 ` Jarkko Sakkinen
[not found] ` <20161009120553.GA6224-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-10-10 3:24 ` Jason Gunthorpe
2016-09-28 8:34 ` [PATCH v4 5/8] tpm: replace of_find_node_by_name() with dev of_node property Nayna Jain
[not found] ` <1475051682-23060-6-git-send-email-nayna-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-09-30 19:12 ` Jarkko Sakkinen
2016-09-28 8:34 ` [PATCH v4 6/8] tpm: remove printk error messages Nayna Jain
[not found] ` <1475051682-23060-7-git-send-email-nayna-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-10-09 1:55 ` Nayna
[not found] ` <57F9A392.7050302-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-10-09 23:22 ` Jason Gunthorpe
[not found] ` <20161009232208.GB24139-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-10-12 12:55 ` Nayna
2016-09-28 8:34 ` [PATCH v4 7/8] tpm: move event log init functions to tpm_eventlog_init.c Nayna Jain
2016-09-28 8:34 ` [PATCH v4 8/8] tpm: add securityfs support for TPM 2.0 firmware event log Nayna Jain
[not found] ` <1475051682-23060-9-git-send-email-nayna-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-09-30 19:24 ` Jarkko Sakkinen
2016-10-01 11:51 ` Jarkko Sakkinen
[not found] ` <20161001115154.GB8664-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-10-09 2:02 ` Nayna
[not found] ` <57F9A52C.7050405-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-10-09 9:14 ` Jarkko Sakkinen
[not found] ` <20161009091409.GD31891-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-10-10 18:54 ` Nayna
2016-09-28 9:43 ` [PATCH v4 0/8] tpm: add the securityfs pseudo files " Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161003163516.GB6801@obsidianresearch.com \
--to=jgunthorpe-epgobjl8dl3ta4ec/59zmfatqe2ktcn/@public.gmane.org \
--cc=jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org \
--cc=tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).