Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2157446pxb; Fri, 5 Feb 2021 10:16:02 -0800 (PST) X-Google-Smtp-Source: ABdhPJz8YyoFHveDR0n5O9de712SC/PdPtl8vitgkIJqt2s8FuFp1P+HbGGM1k1wMLSdeTaB1Y63 X-Received: by 2002:a17:906:7d4f:: with SMTP id l15mr5081350ejp.95.1612548962292; Fri, 05 Feb 2021 10:16:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612548962; cv=none; d=google.com; s=arc-20160816; b=Qs5NbM2UJBHG1zpAldxWWuJ4vnIFIS4MrsNOV5ovm9Q8hWoOY/OFgc25eXxLVP8kJi NKjp1pvJUwdi5kmAovjBMkqrxPViJvuOAJbpeewRZDdHz73EobfUV9I6j0wAcoyzg4RK hTzCSc+QKMt+bUhh4uLvJtWPUi4goARRstOHVwDimy7gFE0zPqdWFtaBJljV2r4dCcem LRyzsKIIb2QrIGnHxWFwKsSx/PJD4aNuuRNevWa4PK7yJ+Zn93WODXus9a/k51ghGNlF HHKIbHUlVVdMCRVLTlGEIZ465V+L+Fmz49x4qATvB2JMVZpded/VjCba4KX2nBAQibQE rzeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature:dkim-signature; bh=xUUlhNozJiFVppvFhMR4WZTbLpd2YJmM4zrA/ofMw4g=; b=Zk/Lgw5pRUQfWqdzJjPAUL2ala7JnYA1jnlkNQRljNCWC8QAZw4xI09wduMxqCwoQ/ +ib9TB/ISUUe2dxE4DRpswuDrBSWQzn+j3dT5titQI5Dggl3IrRRs/LNKHptZcCREzH+ cmrf6vp3wNRECBODLF1uDh3nFGxHQLLdPfSboSslzoS12irgHvPO3CgLTnHd1LRuP1rb lX+7z+qxqukUb73Sl8OsdGj2OmcEv75DSPQ1Sm9q9dglrZTXlyCv2Y/swOoYCKJ9NXRQ +5MJaqKE34nqPP+FXyWBFocFEnvQa8lOJsvUYXlqXzUt3VoXIAJPrJnSEQiuBXHtEWKo sNxQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b="wF8YwJT/"; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=uPHJZTPK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y9si5925063edp.33.2021.02.05.10.15.37; Fri, 05 Feb 2021 10:16:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b="wF8YwJT/"; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=uPHJZTPK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233206AbhBEQbB (ORCPT + 99 others); Fri, 5 Feb 2021 11:31:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38088 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233346AbhBEQMt (ORCPT ); Fri, 5 Feb 2021 11:12:49 -0500 Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [IPv6:2607:fcd0:100:8a00::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6C785C0613D6; Fri, 5 Feb 2021 09:54:31 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id F3B1A1280710; Fri, 5 Feb 2021 09:54:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1612547671; bh=PE2KsD5qLssJPf2TOCMDQXfom48gfBf0PZCJ8+JzFRI=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=wF8YwJT/b7g2SVeBvvLJKFESDGEizeKVxIAIxmHBnIT0QFk4QS9fny6G51iG6LSSw 7zt+d8VZltbAq49nitSKEoNscSgqJYRHg5v8/LWRcIfLITMAyezfceRTkcoxiKkiOS hFnNqxO+1g7HXqrFOWeQkG9AU2TFglCMfUKWG2WE= Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WWDtKxxITTrK; Fri, 5 Feb 2021 09:54:30 -0800 (PST) Received: from jarvis.int.hansenpartnership.com (unknown [IPv6:2601:600:8280:66d1::c447]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 5A9F312806FA; Fri, 5 Feb 2021 09:54:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1612547670; bh=PE2KsD5qLssJPf2TOCMDQXfom48gfBf0PZCJ8+JzFRI=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=uPHJZTPKFy1jq3i18W1/GpQwkxEDJ0ACwi2RbhJpptBO25WnDNxX2wj9Q22E/6jg8 Am85OBURiNgmgQV9lpPQOgVYw803pGqO8cp8122hNdAA2gN7VW6KMf1lNFb5kO6RMB LEqbKkpuEz1Kn/HcLr1gxk6IgZ8vgftAbDNGfFQE= Message-ID: <89892a6152826e89276126fd2688b7c767484f41.camel@HansenPartnership.com> Subject: Re: [PATCH v3 2/2] tpm: in tpm2_del_space check if ops pointer is still valid From: James Bottomley To: Jason Gunthorpe Cc: Jarkko Sakkinen , Lino Sanfilippo , peterhuewe@gmx.de, stefanb@linux.vnet.ibm.com, stable@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, Lino Sanfilippo Date: Fri, 05 Feb 2021 09:54:29 -0800 In-Reply-To: <20210205172528.GP4718@ziepe.ca> References: <1612482643-11796-1-git-send-email-LinoSanfilippo@gmx.de> <1612482643-11796-3-git-send-email-LinoSanfilippo@gmx.de> <7308e5e9f51501bd92cced8f28ff6130c976b3ed.camel@HansenPartnership.com> <20210205172528.GP4718@ziepe.ca> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.4 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2021-02-05 at 13:25 -0400, Jason Gunthorpe wrote: > On Fri, Feb 05, 2021 at 08:48:11AM -0800, James Bottomley wrote: > > > Thanks for pointing this out. I'd strongly support Jason's > > > proposal: > > > > > > https://lore.kernel.org/linux-integrity/20201215175624.GG5487@ziepe.ca/ > > > > > > It's the best long-term way to fix this. > > > > Really, no it's not. It introduces extra mechanism we don't need. > > To recap the issue: character devices already have an automatic > > mechanism which holds a reference to the struct device while the > > character node is open so the default is to release resources on > > final > > put of the struct device. > > The refcount on the struct device only keeps the memory alive, it > doesn't say anything about the ops. We still need to lock and check > the ops each and every time they are used. I think this is the crux of our disagreement: I think the ops doesn't matter because to call try_get_ops you have to have a chip structure and the only way you get a chip structure is if you hold a device containing it, in which case the device hold guarantees the chip can't be freed. Or if you pass in TPM_ANY_NUM to an operation which calls tpm_chip_find_get() which iterates the idr to find a chip under the idr lock. If you find a chip device at the idr, you're guaranteed it exists, because elimination of it is the first thing the release does and if you find a dying dev (i.e. the release routine blocks on the idr mutex trying to kill the chip attachment), try_get_ops() fails because the ops are already NULL. In either case, I think you get returned a device to which you hold a reference. Is there any other case where you can get a chip without also getting a device reference? I'll answer the other point in a separate email, but I think the principle sounds OK: we could do the final put right after we del the char devices because that's called in the module release routine and thus not have to rely on the devm actions which, as you say, are an annoying complication. James