Received: by 2002:a05:7412:cfc7:b0:fc:a2b0:25d7 with SMTP id by7csp2033294rdb; Tue, 20 Feb 2024 15:10:29 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWfHPPuQt+pq6cuIy9eY4pMJK3sBg+5PBOCoD8SR4ziI4r7nnOFNCCVTVlWGnmcApBRznMYMHQNXQk+OXZTCw6/X3739v1Rtsp9qkvdaQ== X-Google-Smtp-Source: AGHT+IF1w8hpm8oYqBeWWX9aHvt6dl077TLKrS5gitdxr4ZI00V4mRKQWplmmN/dgt/PNqqj6pEv X-Received: by 2002:a05:620a:55b2:b0:787:6bf8:8083 with SMTP id vr18-20020a05620a55b200b007876bf88083mr10569122qkn.7.1708470628790; Tue, 20 Feb 2024 15:10:28 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708470628; cv=pass; d=google.com; s=arc-20160816; b=InUkZlcBeGqHosORtQKIBoA+bZVLtts8oBIDgH7ldYlUNnHilqEgAO8j3OiuUDv8a+ saenkUEb1VJY/xZ5tOe1KsQDkJ6nwv84MUG/AUSX4an0NP8/uiXIpotcZhZ8zVEjg7f/ 8n2x2pNvZITHfEp2HGcwNkt/60xbVQ0bJKCSE4jesdTF5c5xgC3ZlodjJmE4mP00oyuO ZJkhJ62VuGXcEtxq479hZhSTkw2sDzm6cw06SSVlVilFheXoqhjn0Wv2JJ/8TFUTKOSx cRFAKPYr78Tsdl3NV705jXOKeKxt4YPREc2gs/cOgAZJLXXR7Itr0ATdtWxbs6rXvQdP 6ZdA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:references:to:from:subject:cc:message-id:date :content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=rztwcEPtBmnMekVEoMhh/4TSkNS7vvMl56mupbJj7Z8=; fh=3SVrUmqWuO92ElbbVNTWMTiU28lzYQX2mDC5WYNyBsc=; b=eUUZdkTx+y7TAflgDK0cTKfGlZvcks3HDAZykquZqohStz6bO5Twqz2HJN7VjM7SG+ fkXOfo0IPeGNxv2DYKbFIkOEvm9U5B1dQH9PjsQypXIdQoTpqvTiwwFeqZeDEBlX5exB n89utbRrLLWgmA/wqVHBY7pAqmo1PJVf9OCHilKEwhQgNOXp0kBMw9wAHphZ73BhQE+l hIIKqdc86pYn6q25ChZsJeRgKTj9bwrhpWJP7slTKqfNLh0FpPZnJZDIBox25Yg49uoO 4gI3hNRO2hTHPOYWIvBN1C9WRb0pFXZYW1GQn/f4XYbzPJntbQTEohujc/GpYJ0AVpZZ XByw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=cEulaNXg; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-73806-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-73806-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id x22-20020a05620a0ed600b00785d13048a3si9662633qkm.765.2024.02.20.15.10.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Feb 2024 15:10:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-73806-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=cEulaNXg; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-73806-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-73806-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 89A0C1C20CAE for ; Tue, 20 Feb 2024 23:10:28 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E5F1215444C; Tue, 20 Feb 2024 23:10:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="cEulaNXg" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1746B78688; Tue, 20 Feb 2024 23:10:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708470621; cv=none; b=j5Psbhhzzr3y5CXONJUoPwA/acXIW6zhkS/5xNFDjCVFZAoqnSN+GwNHJLVF0cpdVohmYiFouUrsJrf9K2LbnckjO+iSH0I/bqv1akD82Mn0e+i8jY3kVCLSIDVj+lSC0SRFMP3hA2lbGj0qOPOQVOwL16svBD7P14yBujCurCI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708470621; c=relaxed/simple; bh=p4Y5zFaznuU/jAxRto/Andt0gHvIWiVFBkF7HqRzBBE=; h=Mime-Version:Content-Type:Date:Message-Id:Cc:Subject:From:To: References:In-Reply-To; b=BtVvbkIcEdodxZbMLNPAbxfIcM5L/xe1VKc0uoVKZe2Ud2FZ9scXfjXYUfeCUDYSVIwN4y8mQM8xiV5yosKtvSrST2QjDDz9yoEAItLgJVLJ0+qWLoQTHTM2vS8FA7fYRqnifBb5sjjtJ6jZrtm0qAMPaoqyuryTL6ecLTzRzFo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=cEulaNXg; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2A0EDC433F1; Tue, 20 Feb 2024 23:10:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708470620; bh=p4Y5zFaznuU/jAxRto/Andt0gHvIWiVFBkF7HqRzBBE=; h=Date:Cc:Subject:From:To:References:In-Reply-To:From; b=cEulaNXgaujAjGhH0EmEplokbROaStrHhXDzOxPGEnD6mSZrqcaVm1wQH8O4ZjLoM GQjHcqk+ETFMN7jbAICkc6rchrHOupfq5IC09elv+VlzqV7dQ8JPanpguZs0iMa8z4 zMfG15JgdVxZzMRT4Z5tvxPlGnXGet0JHxsfkHuWJnfJMz119qXWXVYhfexVwU30vY 8hYowdPSmHLlVsgG1V1q6v9M1Vo3OKw5SjPerw4nt/g1uoKN7HcWDJkIdMsM7RVtHy Xd7E4CgYMRhzNaen+qvLZk53HsFpB07cFBhe9tAzRlGhRgYROP13Pqv1EXnw+seOn1 slGNpRl/loTow== Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Tue, 20 Feb 2024 23:10:16 +0000 Message-Id: Cc: "Kanth Ghatraju" , "Peter Huewe" Subject: Re: [PATCH 1/3] tpm: protect against locality counter underflow From: "Jarkko Sakkinen" To: , "Lino Sanfilippo" , "Alexander Steffen" , "Daniel P. Smith" , "Jason Gunthorpe" , "Sasha Levin" , , X-Mailer: aerc 0.15.2 References: <20240131170824.6183-1-dpsmith@apertussolutions.com> <20240131170824.6183-2-dpsmith@apertussolutions.com> <2ba9a96e-f93b-48e2-9ca0-48318af7f9b1@kunbus.com> <91f600ef-867b-4523-89be-1c0ba34f8a4c@kunbus.com> <657ade76-98c5-4f93-9716-b471b31d07e2@oracle.com> In-Reply-To: <657ade76-98c5-4f93-9716-b471b31d07e2@oracle.com> On Tue Feb 20, 2024 at 10:57 PM UTC, wrote: > On 2/20/24 2:26 PM, Jarkko Sakkinen wrote: > > On Tue Feb 20, 2024 at 8:54 PM UTC, Lino Sanfilippo wrote: > >> for (i =3D 0; i <=3D MAX_LOCALITY; i++) > >> __tpm_tis_relinquish_locality(priv, i); > >=20 > > I'm pretty unfamiliar with Intel TXT so asking a dummy question: > > if Intel TXT uses locality 2 I suppose we should not try to > > relinquish it, or? > > The TPM has five localities (0 - 4). Localities 1 - 4 are for DRTM=20 > support. For TXT, locality 4 is hard wired to the CPU - nothing else can= =20 Locality 4 is familiar because it comes across from time to time. If I recall correctly DRTM should use only localities 3-4 and=20 localities 0-2 should be reserved for the OS use. So this does not match what I recall unfortunately but I'm not really expert with this stuff. The patches has zero explanations SINIT ACM's behaviour on locality use and without that this cannot move forward because there's neither way to reproduce any of this. Actually there's zero effort on anything related to SINIT. > an AC (Authenticated Code) module. That leaves 1 and 2 for the DRTM=20 > software environment to use. If the DRTM software opens 1 or 2, it=20 > should close them before exiting the DRTM. > > >=20 > > AFAIK, we don't have a symbol called MAX_LOCALITY. > > Daniel added it in the patch set. Got this, my symbol lookup just failed in my Git tree but looking at the patch set there was a symbol called *TPM_*MAX_LOCALITY :-) BR, Jarkko