Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp1278213imm; Tue, 3 Jul 2018 08:25:36 -0700 (PDT) X-Google-Smtp-Source: ADUXVKK2Exe9FWxwl5MCpaVn+dpwAheKBzHELjGSHQybiKvYJX/OgsWIaUojP0N47vwoazWQYVXn X-Received: by 2002:a63:383:: with SMTP id 125-v6mr26161288pgd.421.1530631536771; Tue, 03 Jul 2018 08:25:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530631536; cv=none; d=google.com; s=arc-20160816; b=JD8tRXAYfBCA4D5NTuWLn8Sm8lu2RFGbcNg4klEpU3KzaxKm00uhywMU1y8EPSDMCQ iVZYq/n+7+mmJ86hACoKQ/0ZNRA+OWZnOX+zbYZjHB4gG53f+Z3MGTLE1PC6QcwTj1JU ohhjp+uNQI3qdqMfg9JXIXKPq26QleS7+WbOgXLwMXb0riWm4TWTQ+nzyfDg2Y368Pmd nhVfHfLWSHZsSt2ByKz9Ia6oqjq04NLCp0qxSvdV8YfdJJCe95NfpvccrTYLzIwBkd47 1WNU4gcU+FRDxk0p7hbGaC2ceB7ADmd3f3ZBU/I3tmMrGYi6T1Lll31BKb2q8yGXewWV TdDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:date:cc:to:from:subject :message-id:arc-authentication-results; bh=rGXordRUhmlYp0hFkx2C3hVq/qGCCvP+f6TbuOVZ3hQ=; b=rVUvfIy7Y4HH5h5zgrHxX/jbJz2T4JM4ZTUMmjUsy7j729tT967ZSUenygzKv1+Toz iPRp32uw6htX5Heeo7rr6Hx/jKxFs4TvvpOCw4bqEJ7YuUgMM8zDXxVvZLgZt9E/+cX/ Lfgb+q5U11cDwmaqFgYm+VyWfS/x/6EE5g2qQligsJc7pmqDssykjx68mbk+X1/9tjCA IJoekfaMz8NB44uYrOozwTUjAUwpDxmxCyTas1Bw4YOcNX6MSivtDUv5vJNqvLaSEcWg BNoIx+xcBtGmtgiPA9Fh5VRvNz3rIX4p5JQh4lenuh9U0f3Tw6QTigSYnMCi1jLsQ/RI v5ZA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d18-v6si1142165pgv.248.2018.07.03.08.25.21; Tue, 03 Jul 2018 08:25:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753467AbeGCPYn (ORCPT + 99 others); Tue, 3 Jul 2018 11:24:43 -0400 Received: from mga06.intel.com ([134.134.136.31]:8710 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752905AbeGCPYl (ORCPT ); Tue, 3 Jul 2018 11:24:41 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Jul 2018 08:24:41 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,304,1526367600"; d="scan'208";a="213108709" Received: from cdikicix-mobl.ger.corp.intel.com ([10.249.254.69]) by orsmga004.jf.intel.com with ESMTP; 03 Jul 2018 08:24:35 -0700 Message-ID: Subject: Re: [PATCH 2/2] KEYS: trusted: Find tpm_chip and use it until module shutdown From: Jarkko Sakkinen To: Stefan Berger , linux-integrity@vger.kernel.org, zohar@linux.vnet.ibm.com, jejb@linux.vnet.ibm.com Cc: jgg@ziepe.ca, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, dhowells@redhat.com, keyrings@vger.kernel.org Date: Tue, 03 Jul 2018 18:24:34 +0300 In-Reply-To: <20180626193040.2509798-3-stefanb@linux.vnet.ibm.com> References: <20180626193040.2509798-1-stefanb@linux.vnet.ibm.com> <20180626193040.2509798-3-stefanb@linux.vnet.ibm.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.1-2 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2018-06-26 at 15:30 -0400, Stefan Berger wrote: > Use tpm_default_chip() to find the system's default TPM chip and > use it as the tpm_chip parameter for all TPM operations. Release > the tpm_chip when the module is shut down. > > Signed-off-by: Stefan Berger > --- > security/keys/trusted.c | 41 ++++++++++++++++++++++++++++------------- > 1 file changed, 28 insertions(+), 13 deletions(-) > > diff --git a/security/keys/trusted.c b/security/keys/trusted.c > index 423776682025..06d863caea43 100644 > --- a/security/keys/trusted.c > +++ b/security/keys/trusted.c > @@ -42,6 +42,7 @@ struct sdesc { > > static struct crypto_shash *hashalg; > static struct crypto_shash *hmacalg; > +static struct tpm_chip *tpm_chip; > > static struct sdesc *init_sdesc(struct crypto_shash *alg) > { > @@ -360,7 +361,7 @@ static int trusted_tpm_send(unsigned char *cmd, size_t > buflen) > int rc; > > dump_tpm_buf(cmd); > - rc = tpm_send(NULL, cmd, buflen); > + rc = tpm_send(tpm_chip, cmd, buflen); > dump_tpm_buf(cmd); > if (rc > 0) > /* Can't return positive return codes values to keyctl */ > @@ -381,10 +382,10 @@ static int pcrlock(const int pcrnum) > > if (!capable(CAP_SYS_ADMIN)) > return -EPERM; > - ret = tpm_get_random(NULL, hash, SHA1_DIGEST_SIZE); > + ret = tpm_get_random(tpm_chip, hash, SHA1_DIGEST_SIZE); > if (ret != SHA1_DIGEST_SIZE) > return ret; > - return tpm_pcr_extend(NULL, pcrnum, hash) ? -EINVAL : 0; > + return tpm_pcr_extend(tpm_chip, pcrnum, hash) ? -EINVAL : 0; > } > > /* > @@ -397,7 +398,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s, > unsigned char ononce[TPM_NONCE_SIZE]; > int ret; > > - ret = tpm_get_random(NULL, ononce, TPM_NONCE_SIZE); > + ret = tpm_get_random(tpm_chip, ononce, TPM_NONCE_SIZE); > if (ret != TPM_NONCE_SIZE) > return ret; > > @@ -492,7 +493,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, > if (ret < 0) > goto out; > > - ret = tpm_get_random(NULL, td->nonceodd, TPM_NONCE_SIZE); > + ret = tpm_get_random(tpm_chip, td->nonceodd, TPM_NONCE_SIZE); > if (ret != TPM_NONCE_SIZE) > goto out; > ordinal = htonl(TPM_ORD_SEAL); > @@ -602,7 +603,7 @@ static int tpm_unseal(struct tpm_buf *tb, > > ordinal = htonl(TPM_ORD_UNSEAL); > keyhndl = htonl(SRKHANDLE); > - ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE); > + ret = tpm_get_random(tpm_chip, nonceodd, TPM_NONCE_SIZE); > if (ret != TPM_NONCE_SIZE) { > pr_info("trusted_key: tpm_get_random failed (%d)\n", ret); > return ret; > @@ -747,7 +748,7 @@ static int getoptions(char *c, struct trusted_key_payload > *pay, > int i; > int tpm2; > > - tpm2 = tpm_is_tpm2(NULL); > + tpm2 = tpm_is_tpm2(tpm_chip); > if (tpm2 < 0) > return tpm2; > > @@ -916,7 +917,7 @@ static struct trusted_key_options > *trusted_options_alloc(void) > struct trusted_key_options *options; > int tpm2; > > - tpm2 = tpm_is_tpm2(NULL); > + tpm2 = tpm_is_tpm2(tpm_chip); > if (tpm2 < 0) > return NULL; > > @@ -966,7 +967,7 @@ static int trusted_instantiate(struct key *key, > size_t key_len; > int tpm2; > > - tpm2 = tpm_is_tpm2(NULL); > + tpm2 = tpm_is_tpm2(tpm_chip); > if (tpm2 < 0) > return tpm2; > > @@ -1007,7 +1008,7 @@ static int trusted_instantiate(struct key *key, > switch (key_cmd) { > case Opt_load: > if (tpm2) > - ret = tpm_unseal_trusted(NULL, payload, options); > + ret = tpm_unseal_trusted(tpm_chip, payload, options); > else > ret = key_unseal(payload, options); > dump_payload(payload); > @@ -1017,13 +1018,13 @@ static int trusted_instantiate(struct key *key, > break; > case Opt_new: > key_len = payload->key_len; > - ret = tpm_get_random(NULL, payload->key, key_len); > + ret = tpm_get_random(tpm_chip, payload->key, key_len); > if (ret != key_len) { > pr_info("trusted_key: key_create failed (%d)\n", > ret); > goto out; > } > if (tpm2) > - ret = tpm_seal_trusted(NULL, payload, options); > + ret = tpm_seal_trusted(tpm_chip, payload, options); > else > ret = key_seal(payload, options); > if (ret < 0) > @@ -1226,12 +1227,26 @@ static int __init init_trusted(void) > return ret; > ret = register_key_type(&key_type_trusted); > if (ret < 0) > - trusted_shash_release(); > + goto exit_shash_release; > + tpm_chip = tpm_default_chip(); > + if (!tpm_chip) { > + ret = -ENODEV; > + goto exit_unregister; > + } > + return 0; > + > +exit_unregister: > + unregister_key_type(&key_type_trusted); > + > +exit_shash_release: > + trusted_shash_release(); > return ret; > } > > static void __exit cleanup_trusted(void) > { > + if (tpm_chip) > + tpm_put_chip(tpm_chip); > trusted_shash_release(); > unregister_key_type(&key_type_trusted); > } Reviewed-by: Jarkko Sakkinen Is James maintaining this now? Have not seen his feedback yet... /Jarkko