On 08/30/2016 11:22 PM, Jason Gunthorpe wrote:
> On Tue, Aug 30, 2016 at 12:50:15AM -0400, Nayna Jain wrote:
>> @@ -382,6 +370,8 @@ int tpm_chip_register(struct tpm_chip *chip)
>>              return rc;
>>      }
>>
>> +    tpm_bios_log_setup(chip);
>
> Surely this can fail, right? At least if the security fs setup fails
> this should propogate that error.

What action we want to take if it fails to do bios_log_setup ?
I have done all other fixes, just am not sure that if we propogate this 
error, then will it mean that tpm_chip_register (where this function is 
called) should fail ? or it is just an error logging on failure of 
bios_log_setup.

>
> That is a mistake in an earlier patch now that I think about it..

>>
>>      /* malloc EventLog space */
>> -    log->bios_event_log = kmalloc(len, GFP_KERNEL);
>> -    if (!log->bios_event_log) {
>> +    chip->log.bios_event_log = kmalloc(len, GFP_KERNEL);
>> +    if (!chip->log.bios_event_log) {
>>              printk("%s: ERROR - Not enough  Memory for BIOS measurements\n",
>>                      __func__);
>
> Please delete all prints on kmalloc failure, maybe as another patch.
>
>>              return -ENOMEM;
>>      }
>>
>> -    log->bios_event_log_end = log->bios_event_log + len;
>> +    chip->log.bios_event_log_end = chip->log.bios_event_log + len;
>>
>>      virt = acpi_os_map_iomem(start, len);
>>      if (!virt) {
>> -            kfree(log->bios_event_log);
>> +            kfree(chip->log.bios_event_log);
>
> It would also be nice to see this written in the standard
> goto-unwind idiom.
>
>>   static const struct file_operations tpm_bios_measurements_ops = {
>> @@ -372,12 +352,18 @@ static int is_bad(void *p)
>>   void tpm_bios_log_setup(struct tpm_chip *chip)
>>   {
>>      const char *name = dev_name(&chip->dev);
>> +    int rc = 0;
>> +
>> +    rc = read_log(chip);
>> +    if (rc < 0)
>> +            return;
>>
>>      chip->bios_dir_count = 0;
>>      chip->bios_dir[chip->bios_dir_count] = securityfs_create_dir(name,
>>      NULL);
>>      if (is_bad(chip->bios_dir[chip->bios_dir_count]))
>>              goto err;
>> +    chip->bios_dir[chip->bios_dir_count]->d_inode->i_private =
>>      chip;
>
> Hum.
>
> So I don't know if this is right. You should get someone more familiar
> with securityfs to double check it. I see apparmorfs.c doing a similar
> approach, so that would be a good starting place to copy. Notice how
> it uses aa_get_(x)
>
> Still, I wonder if that is even right, is securityfs_remove() really a
> strong fence against open? I guess the inode locking is doing that?
>
> This also means that the file can remain held open in userspace
> *after* securityfs_remove returns, so the filp must hold a kref on the
> chip as well.
>
> At a minimum you need to do something like this:
>
> Create:
>
> chip->sfs_data_bin.chip = chip;
> chip->sfs_data_bin.ops = &tpm_binary_b_measurments_seqops;
> securityfs_create_file(...,&chip->sfs_data_bin)
>
> It must be done like that to be atomic with open, create two new
> members of chip to hold a struct to pass through as the private
> data. Do not use the dentry private.
>
> Open:
> chip = (struct tpm_chip *)inode->i_private;
> dev_get(&chip->dev);
> seq_open(..)
> seq->private = chip;
>
> Release:
> dev_put(&((struct tpm_chip *)seq->private)->dev);
>
> Teardown
>   the kfree needs to move to the chip release function.
>
>>   ifdef CONFIG_ACPI
>> -     tpm-y += tpm_eventlog.o tpm_acpi.o
>> +     tpm-y += tpm_acpi.o
>>   else
>> -ifdef CONFIG_TCG_IBMVTPM
>> -     tpm-y += tpm_eventlog.o tpm_of.o
>> +ifdef CONFIG_OF
>> +     tpm-y += tpm_of.o
>>   endif
>
> This is too early in the patch series. This change needs to go into
> 'Redefine the read_log method to check for ACPI/OF properties
> sequentially'
>
>> -#if defined(CONFIG_TCG_IBMVTPM) || defined(CONFIG_TCG_IBMVTPM_MODULE) || \
>> -     defined(CONFIG_ACPI)
>
> Ditto
>
> Regarding Jarkko's comment,
>
> Yes, move the check for TPM2 into both of the read_log() - do not
> allow TPM2 to read the log until you patch the OF stuff to support the
> TPM2 log format.
>
> Jason
>


------------------------------------------------------------------------------
_______________________________________________
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Reply via email to