Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1140842rwd; Wed, 31 May 2023 09:57:49 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ76jBzpCG3htOuD6BG8JQtD2VYW/UdbwjQKBFgs7TXDRARSXgHXh9D+RJmr8Tutqm9Ko/cd X-Received: by 2002:a17:902:ceca:b0:1b0:1608:d7eb with SMTP id d10-20020a170902ceca00b001b01608d7ebmr6332999plg.5.1685552269694; Wed, 31 May 2023 09:57:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685552269; cv=none; d=google.com; s=arc-20160816; b=nwFZGsRqEdWQ3T77zu7gyd5kIH1Kp9tu8KCLbkkj1CoYRVrEmk/ACJMBPYlEU2ZLAB //dQ9YnIjny7XMGpxGIk+aSjsZpYyUEt4B/65IwZtQnyxl+bqcHh+Tnob8c0mdRrz2oL SwKBvEx4Uz02JYvwpZs59MSJ7zq8HbQ2nd7xsZ6HihLQt+G4/hYa3KaF3qEUgm+aep6R u/d0XdJQFvm6de2KMSqqrawtqy1HHHGWPIdFZKRxcGF0CXBCnQhsBqYvsOWATPr7Mwn2 PRjVuwHkKO4l7UAKJXkaqlGdfk2SWzE6/3BDRqgzKZTzVwtsrXd5Vk+Q0E0GafJ7ss0k e76w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent :content-transfer-encoding:references:in-reply-to:date:cc:to:from :subject:message-id:dkim-signature; bh=Hy1IR3hg3CQ4YA2fKy592V6UhvERAjkIBBjrjPHOw9A=; b=aa4XdbYyYWVmzed35eOaEEuh56ZKrA4ho3+zrRbmv+B9bUMh1rfi3seyr7GCZmzc7D hfsIBdOBy7JxH8VJ9mi0lm/P/wlipafu4t7/VDkKxpoTrP6tC4Af7WTSnASsnx/y1AB6 V+2bBcGlu/ch5Q9cwit0/jm5kcfga9YQ5RTKUM0mncK97PJJutP2yX1R0/QcDPyfu44K 2TM0Orq4X8FWyWEdqMzcVb6pG0rL36786Faf1re8L7Mi7k+sjpbyGhOPfVn4k+P57Gxz LBsa4m8sQARdC1GAgmf9fr7vpUT+cX5olk+CodLaHOWSfwGNYrwmDPEz6NhTbMc2f9Ot KQWQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RZwbXF8x; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id jf20-20020a170903269400b001ab2a0e3163si1089702plb.598.2023.05.31.09.57.37; Wed, 31 May 2023 09:57:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RZwbXF8x; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229875AbjEaQpf (ORCPT + 99 others); Wed, 31 May 2023 12:45:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34996 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229936AbjEaQp3 (ORCPT ); Wed, 31 May 2023 12:45:29 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 08AB012C; Wed, 31 May 2023 09:45:27 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 838FC63851; Wed, 31 May 2023 16:45:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7A9F9C433EF; Wed, 31 May 2023 16:45:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1685551525; bh=Hy1IR3hg3CQ4YA2fKy592V6UhvERAjkIBBjrjPHOw9A=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=RZwbXF8xPVqOrus3y4kNwajSUfeUEnrIywPVwmXzPBdINBWuSMGWBO2cLQgp82Ymp ut0k4U0BGSgcikiUHkn3ybDEJW+WCz4GMYsC0h/yHTN9VQqrDO7ovcti8GfgC8UNIZ hoLBvwa2AM056Zma7m/xGbxkiEjzfwl8+7prSKVYICybxfKYEg2R5vqL5rtc3PawQ1 vV87wl17DaAY0QWDIh1vi1QQW3l1IKk31oAU3gwcny0oi/4KdbydOYUuYXpVqFbQrO kIqOanRrHgSt0/am3IyBSkJvQ/7DOZPacGK3tRfVQw1koC51CpQQWGx7zMV1tNRmQo Gp8+gdGh3Xn2A== Message-ID: Subject: Re: [PATCH] tpm: factor out the user space mm from tpm_vtpm_set_locality() From: Jarkko Sakkinen To: Stefan Berger , linux-integrity@vger.kernel.org Cc: Jason Gunthorpe , Alejandro Cabrera , Jarkko Sakkinen , stable@vger.kernel.org, Stefan Berger , linux-kernel@vger.kernel.org Date: Wed, 31 May 2023 19:45:22 +0300 In-Reply-To: <324df0fa5ad1f0508c5f62c25dd1f8d297d78813.camel@kernel.org> References: <20230530205001.1302975-1-jarkko@kernel.org> <8f15feb5-7c6e-5a16-d9b4-008b7b45b01a@linux.ibm.com> <324df0fa5ad1f0508c5f62c25dd1f8d297d78813.camel@kernel.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.48.1-0ubuntu1 MIME-Version: 1.0 X-Spam-Status: No, score=-4.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2023-05-31 at 19:32 +0300, Jarkko Sakkinen wrote: > On Wed, 2023-05-31 at 11:20 -0400, Stefan Berger wrote: > >=20 > > On 5/30/23 16:50, Jarkko Sakkinen wrote: > > > From: Jarkko Sakkinen > > >=20 > > > vtpm_proxy_fops_set_locality() causes kernel buffers to be passed to > > > copy_from_user() and copy_to_user(). > >=20 > > And what is the problem with that? Is it not working? >=20 > It is API contract and also clearly documented in the kernel documentatio= n. >=20 > This should be obvious even if you have've consulted that documentation b= ecause > both functions have 'user' suffix, and also the pointer is __user tagged. >=20 > To make things worse it is architecture specific. I'm worried that it wil= l > break in one of the 23 microarchitectures. Have you actually ever checked= it > does not? >=20 > I'm not also an expert of how all the possible CPUs in the world empower > Linux to further restrict the move between different memory spaces. I'm > quite sure that this does conflict neither with SMAP or SMEP on x86 > (because I know x86 pretty well), but who knows what they add in the > future to the microarchitecture. >=20 > > > Factor out the crippled code away with help of an internal API for > > > managing struct proxy_dev instances. > >=20 > > What is crippled code? >=20 > Code that behaves badly, i.e. does not meat the expectations. Illegit use= of > in-kernel functions easily fits to the definition of crippled code. >=20 > Bad API behavior put aside, it is very inefficient implementation because= it > unnecessarily recurses tpm_transmit(), which makes extending the driver t= o > any direction so much involved process, but we don't really need this as = a > rationale. >=20 > This needs to be fixed in a way or another. That is dictated by the API > cotract so for that I do not really even need feedback because it is > force majeure. I'm cool with alternatives or suggestions to the current > fact, so please focus on that instead of asking question that kernel > documentation provides you already all the answers. I have to add that it has not been too critical because afaik tpm_vtpm_prox= y is for the most part for development use, and less of so production. This i= s just to say that overally we've been happy with the driver in its use cases but any snippet of code always has an expiration date. BR, Jarkko