Web lists-archives.com

Re: [PATCH v5 14/17] tpm: remove TPM_TRANSMIT_UNLOCKED flag




On Thu, Nov 08, 2018 at 10:43:46AM -0500, Stefan Berger wrote:
> > diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> > index f2b0e5c52a57..d6abc964ef66 100644
> > --- a/drivers/char/tpm/tpm2-cmd.c
> > +++ b/drivers/char/tpm/tpm2-cmd.c
> > @@ -652,17 +652,12 @@ int tpm2_unseal_trusted(struct tpm_chip *chip,
> >   	u32 blob_handle;
> >   	int rc;
> > 
> > -	mutex_lock(&chip->tpm_mutex);
> > -	rc = tpm2_load_cmd(chip, payload, options, &blob_handle,
> > -			   TPM_TRANSMIT_UNLOCKED);
> > +	rc = tpm2_load_cmd(chip, payload, options, &blob_handle, 0);
> >   	if (rc)
> > -		goto out;
> > +		return rc;
> > 
> > -	rc = tpm2_unseal_cmd(chip, payload, options, blob_handle,
> > -			     TPM_TRANSMIT_UNLOCKED);
> > -	tpm2_flush_context_cmd(chip, blob_handle, TPM_TRANSMIT_UNLOCKED);
> > -out:
> > -	mutex_unlock(&chip->tpm_mutex);
> > +	rc = tpm2_unseal_cmd(chip, payload, options, blob_handle, 0);
> > +	tpm2_flush_context_cmd(chip, blob_handle, 0);
> 
> 
> This lock was covering quite a few commands from being interfered by others.
> Is this still guaranteed to work after or can different subsystems like
> trusted keys and IMA and /dev/tpm0 users interfere with this previous atomic
> sequence ?

One way to keep this sequence atomic would be to use a TPM space. Then
you can release the lock in-between the sequence.

/Jarkko