Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2082254imm;
        Thu, 19 Jul 2018 12:53:50 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpcSEPiwDxgbOb1KkTH3voLalSaQjqgW/3rM6o9Uh4/Fry1BFFA2BaFB2i+0SDmZQeyRWx9T
X-Received: by 2002:a63:2ec3:: with SMTP id u186-v6mr11167802pgu.225.1532030030692;
        Thu, 19 Jul 2018 12:53:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1532030030; cv=none;
        d=google.com; s=arc-20160816;
        b=DvdVShEpHjpNtLXJD+9YQ9aExd2tWy1ORBhAihCT6nuhNuHoCKmgYQ7WQ3EE6zMMdt
         v0K44LtY/g2de4/fnB5XH8DoUXcuV3h1+uOnIeNp7WtDsZOuKfiyCZlmne27FL0sEJDn
         Hw7bSs8cqm7hjW9snvGwCHeB26VO9OQLd8G6CBiqIUVoN6cs8WVMvaUCBTgxQIFLxD6m
         rzNIIkTNBLRmMGZM/F0dU2+v38iiAYl1kGeS7PKLMi7tzym7lTAkGi/bXrx2Va6xk3U8
         FZsGULtIh+yzEpLDVYXJAwQB48IowYmk74sKDXTh9c+J1/Sv7uGYYZmnmnOUyBoeLtQ+
         gjvg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:date:cc:to:from:subject:message-id
         :dkim-signature:arc-authentication-results;
        bh=CP2ZGvPXWSjV/WoluoyvffkP83jtEZ6z+7zy5QgNQ4g=;
        b=nbl1yd5s2KD5ldi4ZurmKlqIAs89ZmH96w60ngqXXih1HH9Kye3B74Uo+rQDi78pqd
         5J3kQ66DJHP8eKfMAj3CL1WwSGTfXNlx6NybmUMMHC9t6Dd6QnjcVEr7dKeuFlr0cV1x
         S4FZHfaNm6HEl3O8kCXGFILam1xbn+KU1mvVrlD0jxnmIVjo6sGV8SHXw13VzzEjL4Ne
         zqpBS3cAs60k1KUQEcneRdxQZRhRKjr7OtF3yLifLggTglnXOIRmSBLJkZaZnvsPS275
         zJyOpkwccCQJ3oh95pQJdGHbJQV/EAWJBYrSLSZ5VB8+TREPsHrrD65OKZdjGpgyZs5p
         A6qQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=EnKuW6F7;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n21-v6si1704plp.31.2018.07.19.12.53.35;
        Thu, 19 Jul 2018 12:53:50 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=EnKuW6F7;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727769AbeGSUhj (ORCPT <rfc822;michael.k.kehoe@gmail.com>
        + 99 others); Thu, 19 Jul 2018 16:37:39 -0400
Received: from bedivere.hansenpartnership.com ([66.63.167.143]:43336 "EHLO
        bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1727508AbeGSUhj (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 19 Jul 2018 16:37:39 -0400
Received: from localhost (localhost [127.0.0.1])
        by bedivere.hansenpartnership.com (Postfix) with ESMTP id 980298EE1DD;
        Thu, 19 Jul 2018 12:53:01 -0700 (PDT)
Received: from bedivere.hansenpartnership.com ([127.0.0.1])
        by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id lbL539sGRlwC; Thu, 19 Jul 2018 12:53:01 -0700 (PDT)
Received: from [153.66.254.194] (unknown [50.35.68.20])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 099798EE150;
        Thu, 19 Jul 2018 12:53:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com;
        s=20151216; t=1532029981;
        bh=8Y4H9nOsbb3DLvavZPV6JPCmIbUaWFM0j0/Bkdb9yLk=;
        h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
        b=EnKuW6F7Nv745eY/IJziJwIgOISdSgd/kPaXFVCpUR8EQ8p5xVv3ha/k3ZX2JfTc9
         9HVCTCB6+czqQQmBjDclfGmwUF+8CvQ+jQ26Yvg8MPOy6paEmIrvK/t0j+enugJTG4
         JU3uDZwD8AnsU1praRcanwLDRHsc+H++MmN19KIA=
Message-ID: <1532029979.3198.4.camel@HansenPartnership.com>
Subject: Re: [PATCH] tpm: add support for partial reads
From:   James Bottomley <James.Bottomley@HansenPartnership.com>
To:     Tadeusz Struk <tadeusz.struk@intel.com>,
        jarkko.sakkinen@linux.intel.com
Cc:     jgg@ziepe.ca, linux-integrity@vger.kernel.org,
        linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
Date:   Thu, 19 Jul 2018 12:52:59 -0700
In-Reply-To: <e8c17a40-7e5e-61e9-7088-32817766b614@intel.com>
References: <153201555276.20155.1352499992826895966.stgit@tstruk-mobl1.jf.intel.com>
         <1532020750.5396.4.camel@HansenPartnership.com>
         <421c4b75-9e9d-7045-adad-797fd112898a@intel.com>
         <1532026030.3198.2.camel@HansenPartnership.com>
         <e8c17a40-7e5e-61e9-7088-32817766b614@intel.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.22.6 
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 2018-07-19 at 12:05 -0700, Tadeusz Struk wrote:
> On 07/19/2018 11:47 AM, James Bottomley wrote:
> > On Thu, 2018-07-19 at 10:54 -0700, Tadeusz Struk wrote:
> > > On 07/19/2018 10:19 AM, James Bottomley wrote:
> > > > That's just an implementation, though, what's the use case?
> > > 
> > > Hi James,
> > > The use case is described in the TCTI spec [1] in the
> > > "3.2.5.2 receive" section.
> > 
> > Well, yes, but I think we've all agreed that the /dev/tpm and
> > /dev/tpmrmX aren't TCTI interfaces, although you can layer TCTI on
> > top of them, so why not simply do fragmentation on top if you need
> > it?
> > 
> > The reason for not doing it in the interface is that it alters the
> > ABI.  Before this patch we had a hard packet boundary: one packet
> > per read, one per write and a -EFAULT if you fail to provide a
> > correctly sized buffer.  Now if you provide a buffer too small but
> > don't know about the fragmentation you're going to misprocess a
> > packet (because you think you got a whole reply but you didn't) and
> > then you get a -EBUSY on your next command which you don't know how
> > to handle.  The only way out is to update the applications to
> > handle the new behaviour, which is a no-no in Linux ABI terms.
> 
> Don't all the existing applications that read a response in one go
> do a 4K read now? So nothing will change for them. They will work
> exactly the same with this change as they do without it.
> This doesn't break the ABI.

The ABI break is the error case as I outlined above.  We can't assume
everyone uses the current interface without getting an error and one
error and your hosed is a nasty failure case to change the interface
to.  Plus, if you assume everyone is passing 4k buffers, why would you
even need the fragmentation case?

> > It might be possible to layer the behaviour you want compatibly
> > into the current device structure (say an ioctl to switch to the
> > fragment behaviour) but I've got to ask why we'd go to the
> > complexity without a use case?
> 
> New IOCTL would add extra complexity, which isn't necessary.

So what's wrong with fragmenting in the layer above the device driver
(in userspace) and not actually changing the kernel?

James