[tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API

[PATCH] tpm: remove chip_num parameter from in-kernel API · Jarkko Sakkinen <hidden> · 2017-10-23
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · Stefan Berger <hidden> · 2017-10-23
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · Jason Gunthorpe <hidden> · 2017-10-23
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · Jarkko Sakkinen <hidden> · 2017-10-24
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · PrasannaKumar Muralidharan <hidden> · 2017-10-24
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · Jason Gunthorpe <hidden> · 2017-10-24
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · PrasannaKumar Muralidharan <hidden> · 2017-10-24
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · Jason Gunthorpe <hidden> · 2017-10-24
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · PrasannaKumar Muralidharan <hidden> · 2017-10-24
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · Jason Gunthorpe <hidden> · 2017-10-24
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · PrasannaKumar Muralidharan <hidden> · 2017-10-24
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · Dmitry Torokhov <dmitry.torokhov@gmail.com> · 2017-10-24
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · Jason Gunthorpe <hidden> · 2017-10-24
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · PrasannaKumar Muralidharan <hidden> · 2017-10-24
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · Dmitry Torokhov <dmitry.torokhov@gmail.com> · 2017-10-24
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · Jarkko Sakkinen <hidden> · 2017-10-24
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · Peter Huewe <peterhuewe@gmx.de> · 2017-10-24
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · Jarkko Sakkinen <hidden> · 2017-10-24
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · PrasannaKumar Muralidharan <hidden> · 2017-10-24
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · Jarkko Sakkinen <hidden> · 2017-10-24
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · PrasannaKumar Muralidharan <hidden> · 2017-10-25
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · Jarkko Sakkinen <hidden> · 2017-10-25
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · PrasannaKumar Muralidharan <hidden> · 2017-10-26
Re: [tpmdd-devel] [PATCH] tpm: remove chip_num parameter from in-kernel API · Jarkko Sakkinen <hidden> · 2017-10-24
Re: [PATCH] tpm: remove chip_num parameter from in-kernel API · Jason Gunthorpe <hidden> · 2017-10-24
Re: [PATCH] tpm: remove chip_num parameter from in-kernel API · Jarkko Sakkinen <hidden> · 2017-10-24

From: PrasannaKumar Muralidharan <hidden>
Date: 2017-10-24 15:51:20
Also in: keyrings, linux-crypto, linux-integrity, lkml

On 24 October 2017 at 21:14, Jarkko Sakkinen
[off-list ref] wrote:

On Mon, Oct 23, 2017 at 10:31:39AM -0600, Jason Gunthorpe wrote:

quoted

On Mon, Oct 23, 2017 at 10:07:31AM -0400, Stefan Berger wrote:

quoted

-int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
+int tpm_pcr_extend(int pcr_idx, const u8 *hash)
 {


I think every kernel internal TPM driver API should be called with the
tpm_chip as a parameter. This is in foresight of namespacing of IMA where we
want to provide the flexibility of passing a dedicated vTPM to each
namespace and IMA would use the chip as a parameter to all of these
functions to talk to the right tpm_vtpm_proxy instance. From that
perspective this patch goes into the wrong direction.

Yes, we should ultimately try and get to there.. Someday the
tpm_chip_find_get() will need to become namespace aware.

But this patch is along the right path, eliminating the chip_num is
the right thing to do..

quoted

-  tpm2 = tpm_is_tpm2(TPM_ANY_NUM);
+  tpm2 = tpm_is_tpm2();
  if (tpm2 < 0)
          return tpm2;

@@ -1008,7 +1007,7 @@ static int trusted_instantiate(struct key *key,
  switch (key_cmd) {
  case Opt_load:
          if (tpm2)
-                  ret = tpm_unseal_trusted(TPM_ANY_NUM, payload, options);
+                  ret = tpm_unseal_trusted(payload, options);

Sequences like this are sketchy.

It should be

struct tpm_chip *tpm;

tpm = tpm_chip_find_get()
tpm2 = tpm_is_tpm2(tpm);

[..]

if (tpm2)
     ret = tpm_unseal_trusted(tpm, payload, options);

[..]

tpm_put_chip(tpm);

As hot plug could alter the 'tpm' between the two tpm calls.

Jason

This patch just removes bunch of dead code. It does not change existing
semantics. What you are saying should be done after the dead code has
been removed. This commit is first step to that direction.

/Jarkko

Please check the RFC [1]. It does use chip id. The rfc has issues and
has to be fixed but still there could be users of the API.

1. https://www.spinics.net/lists/linux-crypto/msg28282.html

Regards,
PrasannaKumar
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help