Re: [PATCH v5 0/5] Lazy flush for the auth session

[PATCH v5 0/5] Lazy flush for the auth session · Jarkko Sakkinen <jarkko@kernel.org> · 2024-09-21
[PATCH v5 1/5] tpm: Return on tpm2_create_null_primary() failure · Jarkko Sakkinen <jarkko@kernel.org> · 2024-09-21
Re: [PATCH v5 1/5] tpm: Return on tpm2_create_null_primary() failure · Stefan Berger <stefanb@linux.ibm.com> · 2024-10-03
Re: [PATCH v5 1/5] tpm: Return on tpm2_create_null_primary() failure · Jarkko Sakkinen <jarkko@kernel.org> · 2024-10-07
[PATCH v5 2/5] tpm: Implement tpm2_load_null() rollback · Jarkko Sakkinen <jarkko@kernel.org> · 2024-09-21
Re: [PATCH v5 2/5] tpm: Implement tpm2_load_null() rollback · Stefan Berger <stefanb@linux.ibm.com> · 2024-10-03
[PATCH v5 3/5] tpm: flush the null key only when /dev/tpm0 is accessed · Jarkko Sakkinen <jarkko@kernel.org> · 2024-09-21
[PATCH v5 4/5] tpm: Allocate chip->auth in tpm2_start_auth_session() · Jarkko Sakkinen <jarkko@kernel.org> · 2024-09-21
Re: [PATCH v5 4/5] tpm: Allocate chip->auth in tpm2_start_auth_session() · James Bottomley <James.Bottomley@HansenPartnership.com> · 2024-09-24
Re: [PATCH v5 4/5] tpm: Allocate chip->auth in tpm2_start_auth_session() · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-09-24
Re: [PATCH v5 4/5] tpm: Allocate chip->auth in tpm2_start_auth_session() · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-09-24
[PATCH v5 5/5] tpm: flush the auth session only when /dev/tpm0 is open · Jarkko Sakkinen <jarkko@kernel.org> · 2024-09-21
Re: [PATCH v5 5/5] tpm: flush the auth session only when /dev/tpm0 is open · James Bottomley <James.Bottomley@HansenPartnership.com> · 2024-09-24
Re: [PATCH v5 5/5] tpm: flush the auth session only when /dev/tpm0 is open · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-09-24
Re: [PATCH v5 5/5] tpm: flush the auth session only when /dev/tpm0 is open · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-09-24
Re: [PATCH v5 5/5] tpm: flush the auth session only when /dev/tpm0 is open · James Bottomley <James.Bottomley@HansenPartnership.com> · 2024-09-24
Re: [PATCH v5 5/5] tpm: flush the auth session only when /dev/tpm0 is open · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-09-24
Re: [PATCH v5 5/5] tpm: flush the auth session only when /dev/tpm0 is open · James Bottomley <James.Bottomley@HansenPartnership.com> · 2024-09-24
Re: [PATCH v5 5/5] tpm: flush the auth session only when /dev/tpm0 is open · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-09-25
Re: [PATCH v5 5/5] tpm: flush the auth session only when /dev/tpm0 is open · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-09-25
Re: [PATCH v5 5/5] tpm: flush the auth session only when /dev/tpm0 is open · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-09-25
Re: [PATCH v5 0/5] Lazy flush for the auth session · Paul Menzel <hidden> · 2024-09-21
Re: [PATCH v5 0/5] Lazy flush for the auth session · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-09-21
Re: [PATCH v5 0/5] Lazy flush for the auth session · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-09-21
Re: [PATCH v5 0/5] Lazy flush for the auth session · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-09-22
Re: [PATCH v5 0/5] Lazy flush for the auth session · James Bottomley <James.Bottomley@HansenPartnership.com> · 2024-09-24
Re: [PATCH v5 0/5] Lazy flush for the auth session · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-09-24
Re: [PATCH v5 0/5] Lazy flush for the auth session · James Bottomley <James.Bottomley@HansenPartnership.com> · 2024-09-24
Re: [PATCH v5 0/5] Lazy flush for the auth session · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-09-24
Re: [PATCH v5 0/5] Lazy flush for the auth session · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-09-24
Re: [PATCH v5 0/5] Lazy flush for the auth session · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-09-24
Re: [PATCH v5 0/5] Lazy flush for the auth session · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-09-24
Re: [PATCH v5 0/5] Lazy flush for the auth session · Mimi Zohar <zohar@linux.ibm.com> · 2024-10-01
Re: [PATCH v5 0/5] Lazy flush for the auth session · Jarkko Sakkinen <jarkko@kernel.org> · 2024-10-07
Re: [PATCH v5 0/5] Lazy flush for the auth session · Stefan Berger <stefanb@linux.ibm.com> · 2024-10-03
Re: [PATCH v5 0/5] Lazy flush for the auth session · Jarkko Sakkinen <jarkko@kernel.org> · 2024-10-07
Re: [PATCH v5 0/5] Lazy flush for the auth session · Jarkko Sakkinen <jarkko@kernel.org> · 2024-10-11
Re: [PATCH v5 0/5] Lazy flush for the auth session · Roberto Sassu <hidden> · 2024-10-11
Re: [PATCH v5 0/5] Lazy flush for the auth session · Jarkko Sakkinen <jarkko@kernel.org> · 2024-10-11
Re: [PATCH v5 0/5] Lazy flush for the auth session · Jarkko Sakkinen <jarkko@kernel.org> · 2024-10-12
Re: [PATCH v5 0/5] Lazy flush for the auth session · Mimi Zohar <zohar@linux.ibm.com> · 2024-10-14
Re: [PATCH v5 0/5] Lazy flush for the auth session · Jarkko Sakkinen <jarkko@kernel.org> · 2024-10-14
Re: [PATCH v5 0/5] Lazy flush for the auth session · Mimi Zohar <zohar@linux.ibm.com> · 2024-10-15
Re: [PATCH v5 0/5] Lazy flush for the auth session · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-10-15

From: James Bottomley <James.Bottomley@HansenPartnership.com>
Date: 2024-09-24 13:48:07
Also in: keyrings, linux-integrity, lkml

On Sun, 2024-09-22 at 20:51 +0300, Jarkko Sakkinen wrote:

On Sat Sep 21, 2024 at 3:08 PM EEST, Jarkko Sakkinen wrote:

quoted

This patch set aims to fix:
https://bugzilla.kernel.org/show_bug.cgi?id=219229.

The baseline for the series is the v6.11 tag.

v4:
https://lore.kernel.org/linux-integrity/20240918203559.192605-1-jarkko@kernel.org/ (local)
v3:
https://lore.kernel.org/linux-integrity/20240917154444.702370-1-jarkko@kernel.org/ (local)
v2:
https://lore.kernel.org/linux-integrity/20240916110714.1396407-1-jarkko@kernel.org/ (local)
v1:
https://lore.kernel.org/linux-integrity/20240915180448.2030115-1-jarkko@kernel.org/ (local)

Jarkko Sakkinen (5):
  tpm: Return on tpm2_create_null_primary() failure
  tpm: Implement tpm2_load_null() rollback
  tpm: flush the null key only when /dev/tpm0 is accessed
  tpm: Allocate chip->auth in tpm2_start_auth_session()
  tpm: flush the auth session only when /dev/tpm0 is open

 drivers/char/tpm/tpm-chip.c       |  14 ++++
 drivers/char/tpm/tpm-dev-common.c |   8 +++
 drivers/char/tpm/tpm-interface.c  |  10 ++-
 drivers/char/tpm/tpm2-cmd.c       |   3 +
 drivers/char/tpm/tpm2-sessions.c  | 109 ++++++++++++++++++--------
----
 include/linux/tpm.h               |   2 +
 6 files changed, 102 insertions(+), 44 deletions(-)


Roberto, James, speaking of digest cache. This patch set has no aim
to fix those issues but I do believe that it should improve also that
feature.

If I don't get soon patch reviews for the patch set, I'll pick the
2nd best option: disable bus encryption on all architectures
including x86 and ARM64 (being by default on).

It's a force majeure situation. I know this would sort out the issue
but I really cannot send these as a pull request with zero reviewe-
by's.

I expect this to be closed by tomorrow.

Hey come on, you knew I was running plumbers last week so I had all the
lead up and teardown stuff to do as well.  I'm only just digging
through accumulated email.

Patches 1-2 are fully irrelevant to the bug, so I ignored them on the
grounds that improvement to the error flow could be done through the
normal patch process

Patch 3 is completely unnecessary: the null key is only used to salt
the session and is not required to be resident while the session is
used (so can be flushed after session creation) therefore keeping it
around serves no purpose once the session is created and simply
clutters up the TPM volatile handle slots. (I don't know of a case
where we use all the slots in a kernel operation, but since we don't
need it lets not find out when we get one).  So I advise dropping patch
3.

I've reviewed 4 and 5.

Regards,

James

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help