Received: by 10.223.164.202 with SMTP id h10csp1337214wrb;
        Fri, 17 Nov 2017 19:27:48 -0800 (PST)
X-Google-Smtp-Source: AGs4zMaGmZS3PTjU4MLMAhpJkaWfDJrblm7E/0QuyYJukffCxTF9eYPIFoNEncAoSh0RpLsYEGk2
X-Received: by 10.99.98.67 with SMTP id w64mr7174935pgb.213.1510975668117;
        Fri, 17 Nov 2017 19:27:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1510975668; cv=none;
        d=google.com; s=arc-20160816;
        b=OVTwY0cBifZqmm+mrM7eUQXmwXy9VJFX3m6UUIxda9PG3WWcPQEKtfiM1g6DI1gBZn
         cDRzDsMQhR4BGEtKst5I0Dn62GSpiVY4R2sFOTL85wEgOimhKeZ4xnEZPUw5SAg0piGB
         n7E49gKGFTKJD7+065J1XB+OT/uhKWiE3dwA9dcrjg8g4pPLg0j3W6Vy3c4xrR+BdILN
         Q4oPQMP/xyc1yAXrsIjULx5kwZlENXXC9GBFfuON13jgkyUnJW3PlE4JT+Vi/N6teGMp
         W81PEyEMcJ9O23I5+S2qKpRORjaPamTaInMAWtFnV9SQuiBNTrp/z+9MS5h5qspPujms
         yhLQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:arc-authentication-results;
        bh=+wjNuR5/Tgd40toUglcXg0N7nOMD1+8JywW0UhXa9FM=;
        b=Ah8aby40jmtErwmH+MAc9kSgt3TNxzP+AqNkUHoBZW90c675MioCi453nXeutvRDKY
         naUEDm9ro5mg1W6/6IvBfZBxJVLkauFrK8C+VEjPG1F+AaXLuT5lQ9P8ox6JlDpVx15f
         +9Dma7Yh86+ERcJrulxo14h3lHBPvC+EgxsHZL6I/BbzIgIVtCT3v8fCFp/4aQWr84Zk
         iD/xHm4yXGM/tTm5IiLldm2q9sDDZ/H/Rae7ffXCFozgxH/6bzWSJ+7C2AbUvGch/ngX
         8XQE344yN6Rub5wFIEXRT3eNjMJzfUYXumPL+cvpQmE80uXSyIkVwCk/d89Ziii4vSNF
         5biA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f4si3863240plb.632.2017.11.17.19.27.34;
        Fri, 17 Nov 2017 19:27:48 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1760944AbdKQSfL (ORCPT <rfc822;morganleezd2003@gmail.com>
        + 93 others); Fri, 17 Nov 2017 13:35:11 -0500
Received: from mail-wm0-f48.google.com ([74.125.82.48]:33056 "EHLO
        mail-wm0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753744AbdKQSei (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 17 Nov 2017 13:34:38 -0500
Received: by mail-wm0-f48.google.com with SMTP id g130so4365652wme.0
        for <linux-kernel@vger.kernel.org>; Fri, 17 Nov 2017 10:34:37 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=+wjNuR5/Tgd40toUglcXg0N7nOMD1+8JywW0UhXa9FM=;
        b=qx7q0gp46j4IHoRYwT9RY/yGvj+IJqA2qtxH05BWni9ShtzNotWEyF6bfeBpmRol81
         2VFI9Z8hmqjuyejxoL3evSmFGdCQhgvKOrfxJVR3WT1wSFJpmgm0sZa+ueUbQDzmXJ/W
         ajJ1tGEP4exkH4tg/x+KKpiBaJMd8c//Joo0ytwEvSZ4v4m33XmhONgFZaJ8UOvwAj/Q
         RlYEi9GHTSpFVgCPgkvc8z8E5bWXuWiAA/WtwB8YeojaGD4q7gqWfm7gYgvCpIBYB3R+
         lqsSJtpBHCBvDxTEpR3HHweNvhlVfzSajY4TfC6yXasl5ZGp9gC9ApWLqyBhivaYnCx7
         hj6w==
X-Gm-Message-State: AJaThX4qnz2eImGLc40ULNoXe+fRb83FMNxXl71H+BssEmN1urzNGGxa
        4tBaotA5pGzpofjjANbOWoKXCfb+sZo=
X-Received: by 10.80.143.163 with SMTP id y32mr8411620edy.162.1510943677005;
        Fri, 17 Nov 2017 10:34:37 -0800 (PST)
Received: from [192.168.1.13] ([90.77.100.34])
        by smtp.gmail.com with ESMTPSA id r8sm2735728edm.22.2017.11.17.10.34.36
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 17 Nov 2017 10:34:36 -0800 (PST)
Subject: Re: [RFC PATCH] tpm: don't return -EINVAL if TPM command validation
 fails
To:     Jason Gunthorpe <jgg@ziepe.ca>
Cc:     linux-kernel@vger.kernel.org,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        Peter Huewe <peterhuewe@gmx.de>,
        Philip Tricca <philip.b.tricca@intel.com>,
        linux-integrity@vger.kernel.org,
        William Roberts <william.c.roberts@intel.com>
References: <20171117100724.19257-1-javierm@redhat.com>
 <20171117165742.GH4276@ziepe.ca>
 <0e88aaa8-7d17-9cf7-c208-e31604a0e764@redhat.com>
 <20171117175834.GK4276@ziepe.ca>
 <7f4e7c86-ef04-ea41-892f-1183a1d44a7b@redhat.com>
 <20171117181734.GM4276@ziepe.ca>
From:   Javier Martinez Canillas <javierm@redhat.com>
Message-ID: <53b319e3-d46c-dfc7-7024-88a448be7d72@redhat.com>
Date:   Fri, 17 Nov 2017 19:34:35 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <20171117181734.GM4276@ziepe.ca>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 11/17/2017 07:17 PM, Jason Gunthorpe wrote:
> On Fri, Nov 17, 2017 at 07:10:09PM +0100, Javier Martinez Canillas wrote:
> 
>> Right, that's what I understood indeed but wanted to be sure. The problem with
>> that approach is that would not scale.
>>
>> Since this particular TPM2 doesn't have support for the TPM2_EncryptDecrypt2
>> command, but some chips may not support others commands.
> 
> No, tpm_validate is not supposed to be sensitive to what commands the
> TPM supports. It is only supposed to check if the command passed is
> fully understood by the kernel and is properly formed.
> 
> This is to prevent rouge user space from sending garbage or privileged
> commands to the TPM.
> 
> If it is refusing TPM2_EncryptDecrypt2, and that command is safe to
> use in the spaces system, then tpm_validate must learn how to handle
> it, or userspace can never use it.
>

I see, misunderstood what the check was about then. If that's the case, then
Making tpm_validate to learn how to check that command makes sense indeed
and so does the -EINVAL error code.

Since it doesn't mean that the TPM doesn't support the command but just that
the TPM spaces doesn't know how to handle it.

Need to look at the code in more detail, thanks a lot for the clarification.

> Jason
> 

Best regards,
-- 
Javier Martinez Canillas
Software Engineer - Desktop Hardware Enablement
Red Hat

From 1584360800351570490@xxx Sat Nov 18 00:16:43 +0000 2017
X-GM-THRID: 1584335329705661541
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread