diff mbox

[tpmdd-devel,v2,1/5] tpm: introduce tpm_pcr_algorithms()

Message ID 20170505142152.29795-2-roberto.sassu@huawei.com
State New
Headers show

Commit Message

Roberto Sassu May 5, 2017, 2:21 p.m. UTC
This function allows TPM users to know which algorithms the TPM supports.
It stores the algorithms in a static array of 'enum tpm2_algorithms',
allocated by the caller. If the array is not large enough, the function
returns an error. Otherwise, it returns the number of algorithms written
to the array. If the TPM version is 1.2, the function writes TPM2_ALG_SHA1
to first element of the array.

Writing the algorithm also for TPM 1.2 has the advantage that callers
can use the API, tpm_pcr_algorithms() and tpm_pcr_extend(), regardless
of the TPM version.

A minor change added to this patch was to make available the size of
the active_banks array, member of the tpm_chip structure, outside
the TPM driver. The array size (TPM_ACTIVE_BANKS_MAX) has been exported
to include/linux/tpm.h.

With this information, callers of tpm_pcr_algorithms() can provide
a static array with enough room for all the algorithms, instead
of receiving the pointer of a dynamic array that they have to free later.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
v2

- tpm_pcr_algorithms() returns supported algorithms also for TPM 1.2

 drivers/char/tpm/tpm-interface.c | 46 ++++++++++++++++++++++++++++++++++++++++
 drivers/char/tpm/tpm.h           | 13 +-----------
 include/linux/tpm.h              | 19 +++++++++++++++++
 3 files changed, 66 insertions(+), 12 deletions(-)

Comments

Jarkko Sakkinen May 15, 2017, 10:36 a.m. UTC | #1
On Fri, May 05, 2017 at 04:21:48PM +0200, Roberto Sassu wrote:
> This function allows TPM users to know which algorithms the TPM supports.
> It stores the algorithms in a static array of 'enum tpm2_algorithms',
> allocated by the caller. If the array is not large enough, the function
> returns an error. Otherwise, it returns the number of algorithms written
> to the array. If the TPM version is 1.2, the function writes TPM2_ALG_SHA1
> to first element of the array.
> 
> Writing the algorithm also for TPM 1.2 has the advantage that callers
> can use the API, tpm_pcr_algorithms() and tpm_pcr_extend(), regardless
> of the TPM version.
> 
> A minor change added to this patch was to make available the size of
> the active_banks array, member of the tpm_chip structure, outside
> the TPM driver. The array size (TPM_ACTIVE_BANKS_MAX) has been exported
> to include/linux/tpm.h.
> 
> With this information, callers of tpm_pcr_algorithms() can provide
> a static array with enough room for all the algorithms, instead
> of receiving the pointer of a dynamic array that they have to free later.
> 
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> ---
> v2
> 
> - tpm_pcr_algorithms() returns supported algorithms also for TPM 1.2
> 
>  drivers/char/tpm/tpm-interface.c | 46 ++++++++++++++++++++++++++++++++++++++++
>  drivers/char/tpm/tpm.h           | 13 +-----------
>  include/linux/tpm.h              | 19 +++++++++++++++++
>  3 files changed, 66 insertions(+), 12 deletions(-)
> 
> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> index 4ed08ab..b90de3d 100644
> --- a/drivers/char/tpm/tpm-interface.c
> +++ b/drivers/char/tpm/tpm-interface.c
> @@ -911,6 +911,52 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
>  EXPORT_SYMBOL_GPL(tpm_pcr_extend);
>  
>  /**
> + * tpm_pcr_algorithms - get TPM IDs of active PCR banks algorithms

The grammar is incorrect here I believe. Should rather be

  "algorithms of the active PCR banks"

And there is no such thing as "TPM ID".

> + * @chip_num:	tpm idx # or ANY
> + * @count:	# of items in algorithms
> + * @algorithms:	array of TPM IDs
> + *
> + * Returns < 0 on error, and the number of active PCR banks on success.
> + *
> + * TPM 1.2 has always one SHA1 bank.
> + */
> +int tpm_pcr_algorithms(u32 chip_num, int count,
> +		       enum tpm2_algorithms *algorithms)
                       unsigned int

In addition the function name is not too greatg,

Your syntax for return value is not correct. In addition after
describing the return value there should not be anything. You should
study

https://www.kernel.org/doc/Documentation/kernel-doc-nano-HOWTO.txt

Better name for the function would be tpm_get_pcr_algorithms().

> +{
> +	struct tpm_chip *chip;
> +	int i;
> +
> +	if (count <= 0 || algorithms == NULL)
> +		return -EINVAL;

Is there a legal case where caller would pass these values? Now it
looks like that there is.

'count' should unsigned int and zero should be a legal value for
count.

That said I think the whole design is wrong as you could calculate
array for algs only one time and pass a const reference to it on
request.

/Jarkko

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Roberto Sassu May 15, 2017, 1:18 p.m. UTC | #2
On 5/15/2017 12:36 PM, Jarkko Sakkinen wrote:
> On Fri, May 05, 2017 at 04:21:48PM +0200, Roberto Sassu wrote:
>> This function allows TPM users to know which algorithms the TPM supports.
>> It stores the algorithms in a static array of 'enum tpm2_algorithms',
>> allocated by the caller. If the array is not large enough, the function
>> returns an error. Otherwise, it returns the number of algorithms written
>> to the array. If the TPM version is 1.2, the function writes TPM2_ALG_SHA1
>> to first element of the array.
>>
>> Writing the algorithm also for TPM 1.2 has the advantage that callers
>> can use the API, tpm_pcr_algorithms() and tpm_pcr_extend(), regardless
>> of the TPM version.
>>
>> A minor change added to this patch was to make available the size of
>> the active_banks array, member of the tpm_chip structure, outside
>> the TPM driver. The array size (TPM_ACTIVE_BANKS_MAX) has been exported
>> to include/linux/tpm.h.
>>
>> With this information, callers of tpm_pcr_algorithms() can provide
>> a static array with enough room for all the algorithms, instead
>> of receiving the pointer of a dynamic array that they have to free later.
>>
>> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
>> ---
>> v2
>>
>> - tpm_pcr_algorithms() returns supported algorithms also for TPM 1.2
>>
>>  drivers/char/tpm/tpm-interface.c | 46 ++++++++++++++++++++++++++++++++++++++++
>>  drivers/char/tpm/tpm.h           | 13 +-----------
>>  include/linux/tpm.h              | 19 +++++++++++++++++
>>  3 files changed, 66 insertions(+), 12 deletions(-)
>>
>> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
>> index 4ed08ab..b90de3d 100644
>> --- a/drivers/char/tpm/tpm-interface.c
>> +++ b/drivers/char/tpm/tpm-interface.c
>> @@ -911,6 +911,52 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
>>  EXPORT_SYMBOL_GPL(tpm_pcr_extend);
>>
>>  /**
>> + * tpm_pcr_algorithms - get TPM IDs of active PCR banks algorithms
>
> The grammar is incorrect here I believe. Should rather be
>
>   "algorithms of the active PCR banks"
>
> And there is no such thing as "TPM ID".
>
>> + * @chip_num:	tpm idx # or ANY
>> + * @count:	# of items in algorithms
>> + * @algorithms:	array of TPM IDs
>> + *
>> + * Returns < 0 on error, and the number of active PCR banks on success.
>> + *
>> + * TPM 1.2 has always one SHA1 bank.
>> + */
>> +int tpm_pcr_algorithms(u32 chip_num, int count,
>> +		       enum tpm2_algorithms *algorithms)
>                        unsigned int
>
> In addition the function name is not too greatg,
>
> Your syntax for return value is not correct. In addition after
> describing the return value there should not be anything. You should
> study
>
> https://www.kernel.org/doc/Documentation/kernel-doc-nano-HOWTO.txt
>
> Better name for the function would be tpm_get_pcr_algorithms().
>
>> +{
>> +	struct tpm_chip *chip;
>> +	int i;
>> +
>> +	if (count <= 0 || algorithms == NULL)
>> +		return -EINVAL;
>
> Is there a legal case where caller would pass these values? Now it
> looks like that there is.
>
> 'count' should unsigned int and zero should be a legal value for
> count.

I wanted to avoid that a negative value returned by tpm_pcr_algorithms()
is passed to tpm_pcr_extend() as unsigned int.


> That said I think the whole design is wrong as you could calculate
> array for algs only one time and pass a const reference to it on
> request.

Ok. If I understood it correctly, you are saying to pass a const
reference of chip->active_banks. Then, I should also:

- add a new field (e.g. active_banks_num) in the tpm_chip structure
   to store the number of algorithms supported by the TPM (unless,
   I should determine it every time tpm_pcr_algorithms() is called)
- initialize chip->active_banks and chip->active_banks_num
   respectively to TPM2_ALG_SHA1 and 1 in tpm1_auto_startup()

Roberto

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Roberto Sassu May 17, 2017, 8:42 a.m. UTC | #3
On 5/15/2017 3:18 PM, Roberto Sassu wrote:
>
>
> On 5/15/2017 12:36 PM, Jarkko Sakkinen wrote:
>> On Fri, May 05, 2017 at 04:21:48PM +0200, Roberto Sassu wrote:
>>> This function allows TPM users to know which algorithms the TPM
>>> supports.
>>> It stores the algorithms in a static array of 'enum tpm2_algorithms',
>>> allocated by the caller. If the array is not large enough, the function
>>> returns an error. Otherwise, it returns the number of algorithms written
>>> to the array. If the TPM version is 1.2, the function writes
>>> TPM2_ALG_SHA1
>>> to first element of the array.
>>>
>>> Writing the algorithm also for TPM 1.2 has the advantage that callers
>>> can use the API, tpm_pcr_algorithms() and tpm_pcr_extend(), regardless
>>> of the TPM version.
>>>
>>> A minor change added to this patch was to make available the size of
>>> the active_banks array, member of the tpm_chip structure, outside
>>> the TPM driver. The array size (TPM_ACTIVE_BANKS_MAX) has been exported
>>> to include/linux/tpm.h.
>>>
>>> With this information, callers of tpm_pcr_algorithms() can provide
>>> a static array with enough room for all the algorithms, instead
>>> of receiving the pointer of a dynamic array that they have to free
>>> later.
>>>
>>> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
>>> ---
>>> v2
>>>
>>> - tpm_pcr_algorithms() returns supported algorithms also for TPM 1.2
>>>
>>>  drivers/char/tpm/tpm-interface.c | 46
>>> ++++++++++++++++++++++++++++++++++++++++
>>>  drivers/char/tpm/tpm.h           | 13 +-----------
>>>  include/linux/tpm.h              | 19 +++++++++++++++++
>>>  3 files changed, 66 insertions(+), 12 deletions(-)
>>>
>>> diff --git a/drivers/char/tpm/tpm-interface.c
>>> b/drivers/char/tpm/tpm-interface.c
>>> index 4ed08ab..b90de3d 100644
>>> --- a/drivers/char/tpm/tpm-interface.c
>>> +++ b/drivers/char/tpm/tpm-interface.c
>>> @@ -911,6 +911,52 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx,
>>> const u8 *hash)
>>>  EXPORT_SYMBOL_GPL(tpm_pcr_extend);
>>>
>>>  /**
>>> + * tpm_pcr_algorithms - get TPM IDs of active PCR banks algorithms
>>
>> The grammar is incorrect here I believe. Should rather be
>>
>>   "algorithms of the active PCR banks"
>>
>> And there is no such thing as "TPM ID".
>>
>>> + * @chip_num:    tpm idx # or ANY
>>> + * @count:    # of items in algorithms
>>> + * @algorithms:    array of TPM IDs
>>> + *
>>> + * Returns < 0 on error, and the number of active PCR banks on success.
>>> + *
>>> + * TPM 1.2 has always one SHA1 bank.
>>> + */
>>> +int tpm_pcr_algorithms(u32 chip_num, int count,
>>> +               enum tpm2_algorithms *algorithms)
>>                        unsigned int
>>
>> In addition the function name is not too greatg,
>>
>> Your syntax for return value is not correct. In addition after
>> describing the return value there should not be anything. You should
>> study
>>
>> https://www.kernel.org/doc/Documentation/kernel-doc-nano-HOWTO.txt
>>
>> Better name for the function would be tpm_get_pcr_algorithms().
>>
>>> +{
>>> +    struct tpm_chip *chip;
>>> +    int i;
>>> +
>>> +    if (count <= 0 || algorithms == NULL)
>>> +        return -EINVAL;
>>
>> Is there a legal case where caller would pass these values? Now it
>> looks like that there is.
>>
>> 'count' should unsigned int and zero should be a legal value for
>> count.
>
> I wanted to avoid that a negative value returned by tpm_pcr_algorithms()
> is passed to tpm_pcr_extend() as unsigned int.
>
>
>> That said I think the whole design is wrong as you could calculate
>> array for algs only one time and pass a const reference to it on
>> request.
>
> Ok. If I understood it correctly, you are saying to pass a const
> reference of chip->active_banks. Then, I should also:

This is not a viable option. chip could be freed and the reference
becomes invalid, without increasing the reference count.

Did you think about something different?

Thanks

Roberto

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Jarkko Sakkinen May 20, 2017, 1 p.m. UTC | #4
On Mon, May 15, 2017 at 03:18:41PM +0200, Roberto Sassu wrote:
> 
> 
> On 5/15/2017 12:36 PM, Jarkko Sakkinen wrote:
> > On Fri, May 05, 2017 at 04:21:48PM +0200, Roberto Sassu wrote:
> > > This function allows TPM users to know which algorithms the TPM supports.
> > > It stores the algorithms in a static array of 'enum tpm2_algorithms',
> > > allocated by the caller. If the array is not large enough, the function
> > > returns an error. Otherwise, it returns the number of algorithms written
> > > to the array. If the TPM version is 1.2, the function writes TPM2_ALG_SHA1
> > > to first element of the array.
> > > 
> > > Writing the algorithm also for TPM 1.2 has the advantage that callers
> > > can use the API, tpm_pcr_algorithms() and tpm_pcr_extend(), regardless
> > > of the TPM version.
> > > 
> > > A minor change added to this patch was to make available the size of
> > > the active_banks array, member of the tpm_chip structure, outside
> > > the TPM driver. The array size (TPM_ACTIVE_BANKS_MAX) has been exported
> > > to include/linux/tpm.h.
> > > 
> > > With this information, callers of tpm_pcr_algorithms() can provide
> > > a static array with enough room for all the algorithms, instead
> > > of receiving the pointer of a dynamic array that they have to free later.
> > > 
> > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > > ---
> > > v2
> > > 
> > > - tpm_pcr_algorithms() returns supported algorithms also for TPM 1.2
> > > 
> > >  drivers/char/tpm/tpm-interface.c | 46 ++++++++++++++++++++++++++++++++++++++++
> > >  drivers/char/tpm/tpm.h           | 13 +-----------
> > >  include/linux/tpm.h              | 19 +++++++++++++++++
> > >  3 files changed, 66 insertions(+), 12 deletions(-)
> > > 
> > > diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> > > index 4ed08ab..b90de3d 100644
> > > --- a/drivers/char/tpm/tpm-interface.c
> > > +++ b/drivers/char/tpm/tpm-interface.c
> > > @@ -911,6 +911,52 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
> > >  EXPORT_SYMBOL_GPL(tpm_pcr_extend);
> > > 
> > >  /**
> > > + * tpm_pcr_algorithms - get TPM IDs of active PCR banks algorithms
> > 
> > The grammar is incorrect here I believe. Should rather be
> > 
> >   "algorithms of the active PCR banks"
> > 
> > And there is no such thing as "TPM ID".
> > 
> > > + * @chip_num:	tpm idx # or ANY
> > > + * @count:	# of items in algorithms
> > > + * @algorithms:	array of TPM IDs
> > > + *
> > > + * Returns < 0 on error, and the number of active PCR banks on success.
> > > + *
> > > + * TPM 1.2 has always one SHA1 bank.
> > > + */
> > > +int tpm_pcr_algorithms(u32 chip_num, int count,
> > > +		       enum tpm2_algorithms *algorithms)
> >                        unsigned int
> > 
> > In addition the function name is not too greatg,
> > 
> > Your syntax for return value is not correct. In addition after
> > describing the return value there should not be anything. You should
> > study
> > 
> > https://www.kernel.org/doc/Documentation/kernel-doc-nano-HOWTO.txt
> > 
> > Better name for the function would be tpm_get_pcr_algorithms().
> > 
> > > +{
> > > +	struct tpm_chip *chip;
> > > +	int i;
> > > +
> > > +	if (count <= 0 || algorithms == NULL)
> > > +		return -EINVAL;
> > 
> > Is there a legal case where caller would pass these values? Now it
> > looks like that there is.
> > 
> > 'count' should unsigned int and zero should be a legal value for
> > count.
> 
> I wanted to avoid that a negative value returned by tpm_pcr_algorithms()
> is passed to tpm_pcr_extend() as unsigned int.

Why would you pass a negative value? I'm sorry but I have to admit tht I'm
seriously not computing your argument.

> > That said I think the whole design is wrong as you could calculate
> > array for algs only one time and pass a const reference to it on
> > request.
> 
> Ok. If I understood it correctly, you are saying to pass a const
> reference of chip->active_banks. Then, I should also:
> 
> - add a new field (e.g. active_banks_num) in the tpm_chip structure
>   to store the number of algorithms supported by the TPM (unless,
>   I should determine it every time tpm_pcr_algorithms() is called)
> - initialize chip->active_banks and chip->active_banks_num
>   respectively to TPM2_ALG_SHA1 and 1 in tpm1_auto_startup()
> 
> Roberto

Something along those lines.

Doing precalcuation makes the code more stable as you can only fall to
an error conditio when the driver is initialized.

/Jarkko

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Jarkko Sakkinen May 20, 2017, 1:18 p.m. UTC | #5
On Wed, May 17, 2017 at 10:42:35AM +0200, Roberto Sassu wrote:
> On 5/15/2017 3:18 PM, Roberto Sassu wrote:
> > 
> > 
> > On 5/15/2017 12:36 PM, Jarkko Sakkinen wrote:
> > > On Fri, May 05, 2017 at 04:21:48PM +0200, Roberto Sassu wrote:
> > > > This function allows TPM users to know which algorithms the TPM
> > > > supports.
> > > > It stores the algorithms in a static array of 'enum tpm2_algorithms',
> > > > allocated by the caller. If the array is not large enough, the function
> > > > returns an error. Otherwise, it returns the number of algorithms written
> > > > to the array. If the TPM version is 1.2, the function writes
> > > > TPM2_ALG_SHA1
> > > > to first element of the array.
> > > > 
> > > > Writing the algorithm also for TPM 1.2 has the advantage that callers
> > > > can use the API, tpm_pcr_algorithms() and tpm_pcr_extend(), regardless
> > > > of the TPM version.
> > > > 
> > > > A minor change added to this patch was to make available the size of
> > > > the active_banks array, member of the tpm_chip structure, outside
> > > > the TPM driver. The array size (TPM_ACTIVE_BANKS_MAX) has been exported
> > > > to include/linux/tpm.h.
> > > > 
> > > > With this information, callers of tpm_pcr_algorithms() can provide
> > > > a static array with enough room for all the algorithms, instead
> > > > of receiving the pointer of a dynamic array that they have to free
> > > > later.
> > > > 
> > > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > > > ---
> > > > v2
> > > > 
> > > > - tpm_pcr_algorithms() returns supported algorithms also for TPM 1.2
> > > > 
> > > >  drivers/char/tpm/tpm-interface.c | 46
> > > > ++++++++++++++++++++++++++++++++++++++++
> > > >  drivers/char/tpm/tpm.h           | 13 +-----------
> > > >  include/linux/tpm.h              | 19 +++++++++++++++++
> > > >  3 files changed, 66 insertions(+), 12 deletions(-)
> > > > 
> > > > diff --git a/drivers/char/tpm/tpm-interface.c
> > > > b/drivers/char/tpm/tpm-interface.c
> > > > index 4ed08ab..b90de3d 100644
> > > > --- a/drivers/char/tpm/tpm-interface.c
> > > > +++ b/drivers/char/tpm/tpm-interface.c
> > > > @@ -911,6 +911,52 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx,
> > > > const u8 *hash)
> > > >  EXPORT_SYMBOL_GPL(tpm_pcr_extend);
> > > > 
> > > >  /**
> > > > + * tpm_pcr_algorithms - get TPM IDs of active PCR banks algorithms
> > > 
> > > The grammar is incorrect here I believe. Should rather be
> > > 
> > >   "algorithms of the active PCR banks"
> > > 
> > > And there is no such thing as "TPM ID".
> > > 
> > > > + * @chip_num:    tpm idx # or ANY
> > > > + * @count:    # of items in algorithms
> > > > + * @algorithms:    array of TPM IDs
> > > > + *
> > > > + * Returns < 0 on error, and the number of active PCR banks on success.
> > > > + *
> > > > + * TPM 1.2 has always one SHA1 bank.
> > > > + */
> > > > +int tpm_pcr_algorithms(u32 chip_num, int count,
> > > > +               enum tpm2_algorithms *algorithms)
> > >                        unsigned int
> > > 
> > > In addition the function name is not too greatg,
> > > 
> > > Your syntax for return value is not correct. In addition after
> > > describing the return value there should not be anything. You should
> > > study
> > > 
> > > https://www.kernel.org/doc/Documentation/kernel-doc-nano-HOWTO.txt
> > > 
> > > Better name for the function would be tpm_get_pcr_algorithms().
> > > 
> > > > +{
> > > > +    struct tpm_chip *chip;
> > > > +    int i;
> > > > +
> > > > +    if (count <= 0 || algorithms == NULL)
> > > > +        return -EINVAL;
> > > 
> > > Is there a legal case where caller would pass these values? Now it
> > > looks like that there is.
> > > 
> > > 'count' should unsigned int and zero should be a legal value for
> > > count.
> > 
> > I wanted to avoid that a negative value returned by tpm_pcr_algorithms()
> > is passed to tpm_pcr_extend() as unsigned int.
> > 
> > 
> > > That said I think the whole design is wrong as you could calculate
> > > array for algs only one time and pass a const reference to it on
> > > request.
> > 
> > Ok. If I understood it correctly, you are saying to pass a const
> > reference of chip->active_banks. Then, I should also:
> 
> This is not a viable option. chip could be freed and the reference
> becomes invalid, without increasing the reference count.
> 
> Did you think about something different?
> 
> Thanks
> 
> Roberto

Two alternatives come in mind.

1. add tpm_put to linclude/linux/tpm.h
2. take put_ops away from the implementation
3. add documentation that tpm_put needs to be called

or acceptable alternative would memcpy in the implementation

In any case, you should probably drop completely 'count' and have
function for getting the number of active banks.

/Jarkko

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Roberto Sassu May 22, 2017, 9:07 a.m. UTC | #6
On 5/20/2017 3:18 PM, Jarkko Sakkinen wrote:
> On Wed, May 17, 2017 at 10:42:35AM +0200, Roberto Sassu wrote:
>> On 5/15/2017 3:18 PM, Roberto Sassu wrote:
>>>
>>>
>>> On 5/15/2017 12:36 PM, Jarkko Sakkinen wrote:
>>>> On Fri, May 05, 2017 at 04:21:48PM +0200, Roberto Sassu wrote:
>>>>> This function allows TPM users to know which algorithms the TPM
>>>>> supports.
>>>>> It stores the algorithms in a static array of 'enum tpm2_algorithms',
>>>>> allocated by the caller. If the array is not large enough, the function
>>>>> returns an error. Otherwise, it returns the number of algorithms written
>>>>> to the array. If the TPM version is 1.2, the function writes
>>>>> TPM2_ALG_SHA1
>>>>> to first element of the array.
>>>>>
>>>>> Writing the algorithm also for TPM 1.2 has the advantage that callers
>>>>> can use the API, tpm_pcr_algorithms() and tpm_pcr_extend(), regardless
>>>>> of the TPM version.
>>>>>
>>>>> A minor change added to this patch was to make available the size of
>>>>> the active_banks array, member of the tpm_chip structure, outside
>>>>> the TPM driver. The array size (TPM_ACTIVE_BANKS_MAX) has been exported
>>>>> to include/linux/tpm.h.
>>>>>
>>>>> With this information, callers of tpm_pcr_algorithms() can provide
>>>>> a static array with enough room for all the algorithms, instead
>>>>> of receiving the pointer of a dynamic array that they have to free
>>>>> later.
>>>>>
>>>>> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
>>>>> ---
>>>>> v2
>>>>>
>>>>> - tpm_pcr_algorithms() returns supported algorithms also for TPM 1.2
>>>>>
>>>>>  drivers/char/tpm/tpm-interface.c | 46
>>>>> ++++++++++++++++++++++++++++++++++++++++
>>>>>  drivers/char/tpm/tpm.h           | 13 +-----------
>>>>>  include/linux/tpm.h              | 19 +++++++++++++++++
>>>>>  3 files changed, 66 insertions(+), 12 deletions(-)
>>>>>
>>>>> diff --git a/drivers/char/tpm/tpm-interface.c
>>>>> b/drivers/char/tpm/tpm-interface.c
>>>>> index 4ed08ab..b90de3d 100644
>>>>> --- a/drivers/char/tpm/tpm-interface.c
>>>>> +++ b/drivers/char/tpm/tpm-interface.c
>>>>> @@ -911,6 +911,52 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx,
>>>>> const u8 *hash)
>>>>>  EXPORT_SYMBOL_GPL(tpm_pcr_extend);
>>>>>
>>>>>  /**
>>>>> + * tpm_pcr_algorithms - get TPM IDs of active PCR banks algorithms
>>>>
>>>> The grammar is incorrect here I believe. Should rather be
>>>>
>>>>   "algorithms of the active PCR banks"
>>>>
>>>> And there is no such thing as "TPM ID".
>>>>
>>>>> + * @chip_num:    tpm idx # or ANY
>>>>> + * @count:    # of items in algorithms
>>>>> + * @algorithms:    array of TPM IDs
>>>>> + *
>>>>> + * Returns < 0 on error, and the number of active PCR banks on success.
>>>>> + *
>>>>> + * TPM 1.2 has always one SHA1 bank.
>>>>> + */
>>>>> +int tpm_pcr_algorithms(u32 chip_num, int count,
>>>>> +               enum tpm2_algorithms *algorithms)
>>>>                        unsigned int
>>>>
>>>> In addition the function name is not too greatg,
>>>>
>>>> Your syntax for return value is not correct. In addition after
>>>> describing the return value there should not be anything. You should
>>>> study
>>>>
>>>> https://www.kernel.org/doc/Documentation/kernel-doc-nano-HOWTO.txt
>>>>
>>>> Better name for the function would be tpm_get_pcr_algorithms().
>>>>
>>>>> +{
>>>>> +    struct tpm_chip *chip;
>>>>> +    int i;
>>>>> +
>>>>> +    if (count <= 0 || algorithms == NULL)
>>>>> +        return -EINVAL;
>>>>
>>>> Is there a legal case where caller would pass these values? Now it
>>>> looks like that there is.
>>>>
>>>> 'count' should unsigned int and zero should be a legal value for
>>>> count.
>>>
>>> I wanted to avoid that a negative value returned by tpm_pcr_algorithms()
>>> is passed to tpm_pcr_extend() as unsigned int.
>>>
>>>
>>>> That said I think the whole design is wrong as you could calculate
>>>> array for algs only one time and pass a const reference to it on
>>>> request.
>>>
>>> Ok. If I understood it correctly, you are saying to pass a const
>>> reference of chip->active_banks. Then, I should also:
>>
>> This is not a viable option. chip could be freed and the reference
>> becomes invalid, without increasing the reference count.
>>
>> Did you think about something different?
>>
>> Thanks
>>
>> Roberto
>
> Two alternatives come in mind.
>
> 1. add tpm_put to linclude/linux/tpm.h
> 2. take put_ops away from the implementation
> 3. add documentation that tpm_put needs to be called
>
> or acceptable alternative would memcpy in the implementation
>
> In any case, you should probably drop completely 'count' and have
> function for getting the number of active banks.

Having a variable number, makes things more complicated.
In the IMA patch set for multiple template digests,
the array of algorithms is stored inside a structure
called digest descriptor. The array size must be fixed,
to avoid VLAIS (which is not supported by clang).

Since the size of tpm_chip->active_banks is a small number,
we can drop count, and assume that the size of the array
passed to tpm_pcr_algorithms() always matches the size
of the active_banks array.

Roberto

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Jarkko Sakkinen May 24, 2017, 5:35 p.m. UTC | #7
On Mon, May 22, 2017 at 11:07:54AM +0200, Roberto Sassu wrote:
> On 5/20/2017 3:18 PM, Jarkko Sakkinen wrote:
> > On Wed, May 17, 2017 at 10:42:35AM +0200, Roberto Sassu wrote:
> > > On 5/15/2017 3:18 PM, Roberto Sassu wrote:
> > > > 
> > > > 
> > > > On 5/15/2017 12:36 PM, Jarkko Sakkinen wrote:
> > > > > On Fri, May 05, 2017 at 04:21:48PM +0200, Roberto Sassu wrote:
> > > > > > This function allows TPM users to know which algorithms the TPM
> > > > > > supports.
> > > > > > It stores the algorithms in a static array of 'enum tpm2_algorithms',
> > > > > > allocated by the caller. If the array is not large enough, the function
> > > > > > returns an error. Otherwise, it returns the number of algorithms written
> > > > > > to the array. If the TPM version is 1.2, the function writes
> > > > > > TPM2_ALG_SHA1
> > > > > > to first element of the array.
> > > > > > 
> > > > > > Writing the algorithm also for TPM 1.2 has the advantage that callers
> > > > > > can use the API, tpm_pcr_algorithms() and tpm_pcr_extend(), regardless
> > > > > > of the TPM version.
> > > > > > 
> > > > > > A minor change added to this patch was to make available the size of
> > > > > > the active_banks array, member of the tpm_chip structure, outside
> > > > > > the TPM driver. The array size (TPM_ACTIVE_BANKS_MAX) has been exported
> > > > > > to include/linux/tpm.h.
> > > > > > 
> > > > > > With this information, callers of tpm_pcr_algorithms() can provide
> > > > > > a static array with enough room for all the algorithms, instead
> > > > > > of receiving the pointer of a dynamic array that they have to free
> > > > > > later.
> > > > > > 
> > > > > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > > > > > ---
> > > > > > v2
> > > > > > 
> > > > > > - tpm_pcr_algorithms() returns supported algorithms also for TPM 1.2
> > > > > > 
> > > > > >  drivers/char/tpm/tpm-interface.c | 46
> > > > > > ++++++++++++++++++++++++++++++++++++++++
> > > > > >  drivers/char/tpm/tpm.h           | 13 +-----------
> > > > > >  include/linux/tpm.h              | 19 +++++++++++++++++
> > > > > >  3 files changed, 66 insertions(+), 12 deletions(-)
> > > > > > 
> > > > > > diff --git a/drivers/char/tpm/tpm-interface.c
> > > > > > b/drivers/char/tpm/tpm-interface.c
> > > > > > index 4ed08ab..b90de3d 100644
> > > > > > --- a/drivers/char/tpm/tpm-interface.c
> > > > > > +++ b/drivers/char/tpm/tpm-interface.c
> > > > > > @@ -911,6 +911,52 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx,
> > > > > > const u8 *hash)
> > > > > >  EXPORT_SYMBOL_GPL(tpm_pcr_extend);
> > > > > > 
> > > > > >  /**
> > > > > > + * tpm_pcr_algorithms - get TPM IDs of active PCR banks algorithms
> > > > > 
> > > > > The grammar is incorrect here I believe. Should rather be
> > > > > 
> > > > >   "algorithms of the active PCR banks"
> > > > > 
> > > > > And there is no such thing as "TPM ID".
> > > > > 
> > > > > > + * @chip_num:    tpm idx # or ANY
> > > > > > + * @count:    # of items in algorithms
> > > > > > + * @algorithms:    array of TPM IDs
> > > > > > + *
> > > > > > + * Returns < 0 on error, and the number of active PCR banks on success.
> > > > > > + *
> > > > > > + * TPM 1.2 has always one SHA1 bank.
> > > > > > + */
> > > > > > +int tpm_pcr_algorithms(u32 chip_num, int count,
> > > > > > +               enum tpm2_algorithms *algorithms)
> > > > >                        unsigned int
> > > > > 
> > > > > In addition the function name is not too greatg,
> > > > > 
> > > > > Your syntax for return value is not correct. In addition after
> > > > > describing the return value there should not be anything. You should
> > > > > study
> > > > > 
> > > > > https://www.kernel.org/doc/Documentation/kernel-doc-nano-HOWTO.txt
> > > > > 
> > > > > Better name for the function would be tpm_get_pcr_algorithms().
> > > > > 
> > > > > > +{
> > > > > > +    struct tpm_chip *chip;
> > > > > > +    int i;
> > > > > > +
> > > > > > +    if (count <= 0 || algorithms == NULL)
> > > > > > +        return -EINVAL;
> > > > > 
> > > > > Is there a legal case where caller would pass these values? Now it
> > > > > looks like that there is.
> > > > > 
> > > > > 'count' should unsigned int and zero should be a legal value for
> > > > > count.
> > > > 
> > > > I wanted to avoid that a negative value returned by tpm_pcr_algorithms()
> > > > is passed to tpm_pcr_extend() as unsigned int.
> > > > 
> > > > 
> > > > > That said I think the whole design is wrong as you could calculate
> > > > > array for algs only one time and pass a const reference to it on
> > > > > request.
> > > > 
> > > > Ok. If I understood it correctly, you are saying to pass a const
> > > > reference of chip->active_banks. Then, I should also:
> > > 
> > > This is not a viable option. chip could be freed and the reference
> > > becomes invalid, without increasing the reference count.
> > > 
> > > Did you think about something different?
> > > 
> > > Thanks
> > > 
> > > Roberto
> > 
> > Two alternatives come in mind.
> > 
> > 1. add tpm_put to linclude/linux/tpm.h
> > 2. take put_ops away from the implementation
> > 3. add documentation that tpm_put needs to be called
> > 
> > or acceptable alternative would memcpy in the implementation
> > 
> > In any case, you should probably drop completely 'count' and have
> > function for getting the number of active banks.
> 
> Having a variable number, makes things more complicated.
> In the IMA patch set for multiple template digests,
> the array of algorithms is stored inside a structure
> called digest descriptor. The array size must be fixed,
> to avoid VLAIS (which is not supported by clang).

What is VLAI?

You can always allocate it from heap.

> Since the size of tpm_chip->active_banks is a small number,
> we can drop count, and assume that the size of the array
> passed to tpm_pcr_algorithms() always matches the size
> of the active_banks array.
> 
> Roberto

I don't understand what you mean.


/Jarkko

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Roberto Sassu May 30, 2017, 8:44 a.m. UTC | #8
On 5/24/2017 7:35 PM, Jarkko Sakkinen wrote:
> On Mon, May 22, 2017 at 11:07:54AM +0200, Roberto Sassu wrote:
>> On 5/20/2017 3:18 PM, Jarkko Sakkinen wrote:
>>> On Wed, May 17, 2017 at 10:42:35AM +0200, Roberto Sassu wrote:
>>>> On 5/15/2017 3:18 PM, Roberto Sassu wrote:
>>>>>
>>>>>
>>>>> On 5/15/2017 12:36 PM, Jarkko Sakkinen wrote:
>>>>>> On Fri, May 05, 2017 at 04:21:48PM +0200, Roberto Sassu wrote:
>>>>>>> This function allows TPM users to know which algorithms the TPM
>>>>>>> supports.
>>>>>>> It stores the algorithms in a static array of 'enum tpm2_algorithms',
>>>>>>> allocated by the caller. If the array is not large enough, the function
>>>>>>> returns an error. Otherwise, it returns the number of algorithms written
>>>>>>> to the array. If the TPM version is 1.2, the function writes
>>>>>>> TPM2_ALG_SHA1
>>>>>>> to first element of the array.
>>>>>>>
>>>>>>> Writing the algorithm also for TPM 1.2 has the advantage that callers
>>>>>>> can use the API, tpm_pcr_algorithms() and tpm_pcr_extend(), regardless
>>>>>>> of the TPM version.
>>>>>>>
>>>>>>> A minor change added to this patch was to make available the size of
>>>>>>> the active_banks array, member of the tpm_chip structure, outside
>>>>>>> the TPM driver. The array size (TPM_ACTIVE_BANKS_MAX) has been exported
>>>>>>> to include/linux/tpm.h.
>>>>>>>
>>>>>>> With this information, callers of tpm_pcr_algorithms() can provide
>>>>>>> a static array with enough room for all the algorithms, instead
>>>>>>> of receiving the pointer of a dynamic array that they have to free
>>>>>>> later.
>>>>>>>
>>>>>>> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
>>>>>>> ---
>>>>>>> v2
>>>>>>>
>>>>>>> - tpm_pcr_algorithms() returns supported algorithms also for TPM 1.2
>>>>>>>
>>>>>>>  drivers/char/tpm/tpm-interface.c | 46
>>>>>>> ++++++++++++++++++++++++++++++++++++++++
>>>>>>>  drivers/char/tpm/tpm.h           | 13 +-----------
>>>>>>>  include/linux/tpm.h              | 19 +++++++++++++++++
>>>>>>>  3 files changed, 66 insertions(+), 12 deletions(-)
>>>>>>>
>>>>>>> diff --git a/drivers/char/tpm/tpm-interface.c
>>>>>>> b/drivers/char/tpm/tpm-interface.c
>>>>>>> index 4ed08ab..b90de3d 100644
>>>>>>> --- a/drivers/char/tpm/tpm-interface.c
>>>>>>> +++ b/drivers/char/tpm/tpm-interface.c
>>>>>>> @@ -911,6 +911,52 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx,
>>>>>>> const u8 *hash)
>>>>>>>  EXPORT_SYMBOL_GPL(tpm_pcr_extend);
>>>>>>>
>>>>>>>  /**
>>>>>>> + * tpm_pcr_algorithms - get TPM IDs of active PCR banks algorithms
>>>>>>
>>>>>> The grammar is incorrect here I believe. Should rather be
>>>>>>
>>>>>>   "algorithms of the active PCR banks"
>>>>>>
>>>>>> And there is no such thing as "TPM ID".
>>>>>>
>>>>>>> + * @chip_num:    tpm idx # or ANY
>>>>>>> + * @count:    # of items in algorithms
>>>>>>> + * @algorithms:    array of TPM IDs
>>>>>>> + *
>>>>>>> + * Returns < 0 on error, and the number of active PCR banks on success.
>>>>>>> + *
>>>>>>> + * TPM 1.2 has always one SHA1 bank.
>>>>>>> + */
>>>>>>> +int tpm_pcr_algorithms(u32 chip_num, int count,
>>>>>>> +               enum tpm2_algorithms *algorithms)
>>>>>>                        unsigned int
>>>>>>
>>>>>> In addition the function name is not too greatg,
>>>>>>
>>>>>> Your syntax for return value is not correct. In addition after
>>>>>> describing the return value there should not be anything. You should
>>>>>> study
>>>>>>
>>>>>> https://www.kernel.org/doc/Documentation/kernel-doc-nano-HOWTO.txt
>>>>>>
>>>>>> Better name for the function would be tpm_get_pcr_algorithms().
>>>>>>
>>>>>>> +{
>>>>>>> +    struct tpm_chip *chip;
>>>>>>> +    int i;
>>>>>>> +
>>>>>>> +    if (count <= 0 || algorithms == NULL)
>>>>>>> +        return -EINVAL;
>>>>>>
>>>>>> Is there a legal case where caller would pass these values? Now it
>>>>>> looks like that there is.
>>>>>>
>>>>>> 'count' should unsigned int and zero should be a legal value for
>>>>>> count.
>>>>>
>>>>> I wanted to avoid that a negative value returned by tpm_pcr_algorithms()
>>>>> is passed to tpm_pcr_extend() as unsigned int.
>>>>>
>>>>>
>>>>>> That said I think the whole design is wrong as you could calculate
>>>>>> array for algs only one time and pass a const reference to it on
>>>>>> request.
>>>>>
>>>>> Ok. If I understood it correctly, you are saying to pass a const
>>>>> reference of chip->active_banks. Then, I should also:
>>>>
>>>> This is not a viable option. chip could be freed and the reference
>>>> becomes invalid, without increasing the reference count.
>>>>
>>>> Did you think about something different?
>>>>
>>>> Thanks
>>>>
>>>> Roberto
>>>
>>> Two alternatives come in mind.
>>>
>>> 1. add tpm_put to linclude/linux/tpm.h
>>> 2. take put_ops away from the implementation
>>> 3. add documentation that tpm_put needs to be called
>>>
>>> or acceptable alternative would memcpy in the implementation
>>>
>>> In any case, you should probably drop completely 'count' and have
>>> function for getting the number of active banks.
>>
>> Having a variable number, makes things more complicated.
>> In the IMA patch set for multiple template digests,
>> the array of algorithms is stored inside a structure
>> called digest descriptor. The array size must be fixed,
>> to avoid VLAIS (which is not supported by clang).
>
> What is VLAI?

Variable-length arrays in structures.


> You can always allocate it from heap.

The algorithms to be used by IMA are set in a __setup function.


>> Since the size of tpm_chip->active_banks is a small number,
>> we can drop count, and assume that the size of the array
>> passed to tpm_pcr_algorithms() always matches the size
>> of the active_banks array.
>>
>> Roberto
>
> I don't understand what you mean.

I meant that callers of tpm_pcr_algorithms() can always pass
an array whose size is the same of that of tpm_chip->active_banks.
Since the array size is known, passing count is not necessary.

Roberto

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Jarkko Sakkinen May 31, 2017, 11:39 a.m. UTC | #9
On Tue, May 30, 2017 at 10:44:50AM +0200, Roberto Sassu wrote:
> On 5/24/2017 7:35 PM, Jarkko Sakkinen wrote:
> > On Mon, May 22, 2017 at 11:07:54AM +0200, Roberto Sassu wrote:
> > > On 5/20/2017 3:18 PM, Jarkko Sakkinen wrote:
> > > > On Wed, May 17, 2017 at 10:42:35AM +0200, Roberto Sassu wrote:
> > > > > On 5/15/2017 3:18 PM, Roberto Sassu wrote:
> > > > > > 
> > > > > > 
> > > > > > On 5/15/2017 12:36 PM, Jarkko Sakkinen wrote:
> > > > > > > On Fri, May 05, 2017 at 04:21:48PM +0200, Roberto Sassu wrote:
> > > > > > > > This function allows TPM users to know which algorithms the TPM
> > > > > > > > supports.
> > > > > > > > It stores the algorithms in a static array of 'enum tpm2_algorithms',
> > > > > > > > allocated by the caller. If the array is not large enough, the function
> > > > > > > > returns an error. Otherwise, it returns the number of algorithms written
> > > > > > > > to the array. If the TPM version is 1.2, the function writes
> > > > > > > > TPM2_ALG_SHA1
> > > > > > > > to first element of the array.
> > > > > > > > 
> > > > > > > > Writing the algorithm also for TPM 1.2 has the advantage that callers
> > > > > > > > can use the API, tpm_pcr_algorithms() and tpm_pcr_extend(), regardless
> > > > > > > > of the TPM version.
> > > > > > > > 
> > > > > > > > A minor change added to this patch was to make available the size of
> > > > > > > > the active_banks array, member of the tpm_chip structure, outside
> > > > > > > > the TPM driver. The array size (TPM_ACTIVE_BANKS_MAX) has been exported
> > > > > > > > to include/linux/tpm.h.
> > > > > > > > 
> > > > > > > > With this information, callers of tpm_pcr_algorithms() can provide
> > > > > > > > a static array with enough room for all the algorithms, instead
> > > > > > > > of receiving the pointer of a dynamic array that they have to free
> > > > > > > > later.
> > > > > > > > 
> > > > > > > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > > > > > > > ---
> > > > > > > > v2
> > > > > > > > 
> > > > > > > > - tpm_pcr_algorithms() returns supported algorithms also for TPM 1.2
> > > > > > > > 
> > > > > > > >  drivers/char/tpm/tpm-interface.c | 46
> > > > > > > > ++++++++++++++++++++++++++++++++++++++++
> > > > > > > >  drivers/char/tpm/tpm.h           | 13 +-----------
> > > > > > > >  include/linux/tpm.h              | 19 +++++++++++++++++
> > > > > > > >  3 files changed, 66 insertions(+), 12 deletions(-)
> > > > > > > > 
> > > > > > > > diff --git a/drivers/char/tpm/tpm-interface.c
> > > > > > > > b/drivers/char/tpm/tpm-interface.c
> > > > > > > > index 4ed08ab..b90de3d 100644
> > > > > > > > --- a/drivers/char/tpm/tpm-interface.c
> > > > > > > > +++ b/drivers/char/tpm/tpm-interface.c
> > > > > > > > @@ -911,6 +911,52 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx,
> > > > > > > > const u8 *hash)
> > > > > > > >  EXPORT_SYMBOL_GPL(tpm_pcr_extend);
> > > > > > > > 
> > > > > > > >  /**
> > > > > > > > + * tpm_pcr_algorithms - get TPM IDs of active PCR banks algorithms
> > > > > > > 
> > > > > > > The grammar is incorrect here I believe. Should rather be
> > > > > > > 
> > > > > > >   "algorithms of the active PCR banks"
> > > > > > > 
> > > > > > > And there is no such thing as "TPM ID".
> > > > > > > 
> > > > > > > > + * @chip_num:    tpm idx # or ANY
> > > > > > > > + * @count:    # of items in algorithms
> > > > > > > > + * @algorithms:    array of TPM IDs
> > > > > > > > + *
> > > > > > > > + * Returns < 0 on error, and the number of active PCR banks on success.
> > > > > > > > + *
> > > > > > > > + * TPM 1.2 has always one SHA1 bank.
> > > > > > > > + */
> > > > > > > > +int tpm_pcr_algorithms(u32 chip_num, int count,
> > > > > > > > +               enum tpm2_algorithms *algorithms)
> > > > > > >                        unsigned int
> > > > > > > 
> > > > > > > In addition the function name is not too greatg,
> > > > > > > 
> > > > > > > Your syntax for return value is not correct. In addition after
> > > > > > > describing the return value there should not be anything. You should
> > > > > > > study
> > > > > > > 
> > > > > > > https://www.kernel.org/doc/Documentation/kernel-doc-nano-HOWTO.txt
> > > > > > > 
> > > > > > > Better name for the function would be tpm_get_pcr_algorithms().
> > > > > > > 
> > > > > > > > +{
> > > > > > > > +    struct tpm_chip *chip;
> > > > > > > > +    int i;
> > > > > > > > +
> > > > > > > > +    if (count <= 0 || algorithms == NULL)
> > > > > > > > +        return -EINVAL;
> > > > > > > 
> > > > > > > Is there a legal case where caller would pass these values? Now it
> > > > > > > looks like that there is.
> > > > > > > 
> > > > > > > 'count' should unsigned int and zero should be a legal value for
> > > > > > > count.
> > > > > > 
> > > > > > I wanted to avoid that a negative value returned by tpm_pcr_algorithms()
> > > > > > is passed to tpm_pcr_extend() as unsigned int.
> > > > > > 
> > > > > > 
> > > > > > > That said I think the whole design is wrong as you could calculate
> > > > > > > array for algs only one time and pass a const reference to it on
> > > > > > > request.
> > > > > > 
> > > > > > Ok. If I understood it correctly, you are saying to pass a const
> > > > > > reference of chip->active_banks. Then, I should also:
> > > > > 
> > > > > This is not a viable option. chip could be freed and the reference
> > > > > becomes invalid, without increasing the reference count.
> > > > > 
> > > > > Did you think about something different?
> > > > > 
> > > > > Thanks
> > > > > 
> > > > > Roberto
> > > > 
> > > > Two alternatives come in mind.
> > > > 
> > > > 1. add tpm_put to linclude/linux/tpm.h
> > > > 2. take put_ops away from the implementation
> > > > 3. add documentation that tpm_put needs to be called
> > > > 
> > > > or acceptable alternative would memcpy in the implementation
> > > > 
> > > > In any case, you should probably drop completely 'count' and have
> > > > function for getting the number of active banks.
> > > 
> > > Having a variable number, makes things more complicated.
> > > In the IMA patch set for multiple template digests,
> > > the array of algorithms is stored inside a structure
> > > called digest descriptor. The array size must be fixed,
> > > to avoid VLAIS (which is not supported by clang).
> > 
> > What is VLAI?
> 
> Variable-length arrays in structures.
> 
> 
> > You can always allocate it from heap.
> 
> The algorithms to be used by IMA are set in a __setup function.
> 
> 
> > > Since the size of tpm_chip->active_banks is a small number,
> > > we can drop count, and assume that the size of the array
> > > passed to tpm_pcr_algorithms() always matches the size
> > > of the active_banks array.
> > > 
> > > Roberto
> > 
> > I don't understand what you mean.
> 
> I meant that callers of tpm_pcr_algorithms() can always pass
> an array whose size is the same of that of tpm_chip->active_banks.
> Since the array size is known, passing count is not necessary.
> 
> Roberto

OK, got it.

/Jarkko

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
diff mbox

Patch

diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index 4ed08ab..b90de3d 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -911,6 +911,52 @@  int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
 EXPORT_SYMBOL_GPL(tpm_pcr_extend);
 
 /**
+ * tpm_pcr_algorithms - get TPM IDs of active PCR banks algorithms
+ * @chip_num:	tpm idx # or ANY
+ * @count:	# of items in algorithms
+ * @algorithms:	array of TPM IDs
+ *
+ * Returns < 0 on error, and the number of active PCR banks on success.
+ *
+ * TPM 1.2 has always one SHA1 bank.
+ */
+int tpm_pcr_algorithms(u32 chip_num, int count,
+		       enum tpm2_algorithms *algorithms)
+{
+	struct tpm_chip *chip;
+	int i;
+
+	if (count <= 0 || algorithms == NULL)
+		return -EINVAL;
+
+	chip = tpm_chip_find_get(chip_num);
+	if (chip == NULL)
+		return -ENODEV;
+
+	if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) {
+		algorithms[0] = TPM2_ALG_SHA1;
+		tpm_put_ops(chip);
+		return 1;
+	}
+
+	for (i = 0; i < ARRAY_SIZE(chip->active_banks) &&
+	     chip->active_banks[i] != TPM2_ALG_ERROR; i++) {
+		if (i >= count) {
+			dev_dbg(&chip->dev, "%s: insufficient array items %d\n",
+				__func__, count);
+			tpm_put_ops(chip);
+			return -EINVAL;
+		}
+
+		algorithms[i] = chip->active_banks[i];
+	}
+
+	tpm_put_ops(chip);
+	return i;
+}
+EXPORT_SYMBOL_GPL(tpm_pcr_algorithms);
+
+/**
  * tpm_do_selftest - have the TPM continue its selftest and wait until it
  *                   can receive further commands
  * @chip: TPM chip to use
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index e81d8c7..b22bc25 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -98,17 +98,6 @@  enum tpm2_return_codes {
 	TPM2_RC_REFERENCE_H0	= 0x0910,
 };
 
-enum tpm2_algorithms {
-	TPM2_ALG_ERROR		= 0x0000,
-	TPM2_ALG_SHA1		= 0x0004,
-	TPM2_ALG_KEYEDHASH	= 0x0008,
-	TPM2_ALG_SHA256		= 0x000B,
-	TPM2_ALG_SHA384		= 0x000C,
-	TPM2_ALG_SHA512		= 0x000D,
-	TPM2_ALG_NULL		= 0x0010,
-	TPM2_ALG_SM3_256	= 0x0012,
-};
-
 enum tpm2_command_codes {
 	TPM2_CC_FIRST		= 0x011F,
 	TPM2_CC_SELF_TEST	= 0x0143,
@@ -219,7 +208,7 @@  struct tpm_chip {
 	const struct attribute_group *groups[3];
 	unsigned int groups_cnt;
 
-	u16 active_banks[7];
+	u16 active_banks[TPM_ACTIVE_BANKS_MAX];
 #ifdef CONFIG_ACPI
 	acpi_handle acpi_dev_handle;
 	char ppi_version[TPM_PPI_VERSION_LEN + 1];
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index 5a090f5..b0d0061 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -23,6 +23,7 @@ 
 #define __LINUX_TPM_H__
 
 #define TPM_DIGEST_SIZE 20	/* Max TPM v1.2 PCR size */
+#define TPM_ACTIVE_BANKS_MAX 7	/* Max num of active banks for TPM 2.0 */
 
 /*
  * Chip num is this value or a valid tpm idx
@@ -37,6 +38,17 @@  enum TPM_OPS_FLAGS {
 	TPM_OPS_AUTO_STARTUP = BIT(0),
 };
 
+enum tpm2_algorithms {
+	TPM2_ALG_ERROR		= 0x0000,
+	TPM2_ALG_SHA1		= 0x0004,
+	TPM2_ALG_KEYEDHASH	= 0x0008,
+	TPM2_ALG_SHA256		= 0x000B,
+	TPM2_ALG_SHA384		= 0x000C,
+	TPM2_ALG_SHA512		= 0x000D,
+	TPM2_ALG_NULL		= 0x0010,
+	TPM2_ALG_SM3_256	= 0x0012,
+};
+
 struct tpm_class_ops {
 	unsigned int flags;
 	const u8 req_complete_mask;
@@ -57,6 +69,8 @@  struct tpm_class_ops {
 extern int tpm_is_tpm2(u32 chip_num);
 extern int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf);
 extern int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash);
+extern int tpm_pcr_algorithms(u32 chip_num, int count,
+			      enum tpm2_algorithms *algorithms);
 extern int tpm_send(u32 chip_num, void *cmd, size_t buflen);
 extern int tpm_get_random(u32 chip_num, u8 *data, size_t max);
 extern int tpm_seal_trusted(u32 chip_num,
@@ -76,6 +90,11 @@  static inline int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf) {
 static inline int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash) {
 	return -ENODEV;
 }
+static inline int tpm_pcr_algorithms(u32 chip_num, int count,
+				     enum tpm2_algorithms *algorithms)
+{
+	return -ENODEV;
+}
 static inline int tpm_send(u32 chip_num, void *cmd, size_t buflen) {
 	return -ENODEV;
 }