Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp11002732imu; Thu, 6 Dec 2018 09:57:48 -0800 (PST) X-Google-Smtp-Source: AFSGD/WRBk4s50x0VGE+NLyQdfNcxDUEQCBv/tS4M1CHqXCHkuU4NoYHtQYq8+lgMhhaDdU5j8LM X-Received: by 2002:a17:902:2ec1:: with SMTP id r59mr17048467plb.254.1544119068524; Thu, 06 Dec 2018 09:57:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544119068; cv=none; d=google.com; s=arc-20160816; b=kcnkCkQ64Rm+Z7B61lC61f0o7UCHnI7lbQ7ZN8TmIFiz8ZHXAiNCoyC2eJjlqx90gg 1uOCCCY+XsmcMHvfMWa3qInRYGrG2sXakOZ+2p6dD1hCsOY26dT6dHB1AoNvqwBZLJ3h 56pMqjS7Q+ZWMa2NaFwJLpM992L3ArQgeqePymFblH+lCvEH23rSTAwsEk2MnqCyuSSj EnxuEQ13Ij5Gb4ihzosifUfES2aR84doXZJh5/IIpPw27ioof0cIy9HbB5/LjuZeAVLR KodSS123pdpFirigrTEGzPyNdf/GVhQrELlXymUQPaY9NGgw50dBvaZv9BNBziViYNyg IaGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=u9Dh4p41QoHGsPILzrcLnJpjxcLaJOqAYkVbb8Q4BTU=; b=AxZ66+HNkNlijkZv9ev9/XQ+6c3FIXEJX9EWY8kVcS5hmJ9UbYKqNlDlD47mb8tnAf e+7/VcoCFm8/VxMDMjYmgB6M4Z92m3ZtxpdcvZ193VyS+g7XDP9+8ddOKSg1s2WSCmoU gpsqYic1hBTDLPG91rnR9jsJTOjl/E9HLMyQLPTkrf3L7Fo35H17/Hkd3r9w1faB0JLy arSG43chj0nPVIW0yML6XWpDYLwyGbWRlxE2Suc8CJ28yts/7jlvqC2dotzVFXjqZyv8 HDutCzoNPRZEs3/pME2IfbOqQoffqzN6p8uGHG+N9aoVfJj6xx1X/TkpVaiOrFlXVGNu zMeA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y20si655333plr.106.2018.12.06.09.57.33; Thu, 06 Dec 2018 09:57:48 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726078AbeLFR4s (ORCPT + 99 others); Thu, 6 Dec 2018 12:56:48 -0500 Received: from lhrrgout.huawei.com ([185.176.76.210]:32800 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725949AbeLFR4s (ORCPT ); Thu, 6 Dec 2018 12:56:48 -0500 Received: from LHREML711-CAH.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 18EBEF501A0BE; Thu, 6 Dec 2018 17:56:43 +0000 (GMT) Received: from [10.204.65.144] (10.204.65.144) by smtpsuk.huawei.com (10.201.108.34) with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 6 Dec 2018 17:56:33 +0000 Subject: Re: [PATCH v6 1/7] tpm: dynamically allocate the allocated_banks array To: Jarkko Sakkinen CC: , , , , , , , Nayna Jain References: <20181204082138.24600-1-roberto.sassu@huawei.com> <20181204082138.24600-2-roberto.sassu@huawei.com> <20181204231848.GA1233@linux.intel.com> From: Roberto Sassu Message-ID: <9193bc05-8222-f0d6-9ad8-a2a7eaf1a34c@huawei.com> Date: Thu, 6 Dec 2018 18:56:33 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0 MIME-Version: 1.0 In-Reply-To: <20181204231848.GA1233@linux.intel.com> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.204.65.144] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/5/2018 12:18 AM, Jarkko Sakkinen wrote: > On Tue, Dec 04, 2018 at 09:21:32AM +0100, Roberto Sassu wrote: >> tpm2_get_pcr_allocation() determines if a PCR bank is allocated by checking >> the mask in the TPML_PCR_SELECTION structure returned by the TPM for >> TPM2_Get_Capability(). One PCR bank with algorithm set to SHA1 is always >> allocated for TPM 1.x. > > ... > >> + for (j = 0; j < pcr_selection.size_of_select; j++) >> + if (pcr_selection.pcr_select[j]) >> + break; >> + >> + if (j < pcr_selection.size_of_select) { >> + chip->allocated_banks[nr_alloc_banks] = hash_alg; >> + nr_alloc_banks++; >> + } >> + > > Why was this needed? Can CAP_PCRS return completely unallocated banks? This was discussed for patch v4 1/6: --- Nayna wrote: # /usr/local/bin/tssgetcapability -cap 5 2 PCR selections hash TPM_ALG_SHA1 TPMS_PCR_SELECTION length 3 ff ff ff hash TPM_ALG_SHA256 TPMS_PCR_SELECTION length 3 00 00 00 The pcr_select fields - "ff ff ff" and "00 00 00" - are bit masks for the enabled PCRs. The SHA1 bank is enabled for all PCRs (0-23), while the SHA256 bank is not enabled. --- > Kind of out-of-context for the rest of the changes. > > Should this be a bug fix of its own because it looks like as this is a > bug fix for existing code, and not a new feature? Just asking because > I don't yet fully understand this change. If we store in tpm_chip the possible banks, IMA would calculate more digests unnecessarily. But this problem does not happen without my patch set, because tpm_pcr_extend() only accepts a SHA1 digest. > Anyway, I believe that you can streamline this by: > > /* Check that at least some of the PCRs have been allocated. This is > * required because CAP_PCRS ... > */ > if (memchr_inv(pcr_selection.pcr_select, 0, pcr_selection.size_of_select)) > nr_allocated_banks++; > > [yeah, comment would be awesome about CAP_PCRS. Did not finish up the > comment because I don't know the answer] > > In addition, it would be consistent to call the local variable also > nr_allocated_banks (not nr_alloc_banks). Unfortunately, I exceed the limit of characters per line. Roberto > /Jarkko > -- HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Bo PENG, Jian LI, Yanli SHI