Re: [PATCH v3 1/6] tpm: Move buffer handling from static inlines to real functions
From: James Bottomley
Date: Sun Nov 05 2023 - 17:42:38 EST
On Mon, 2023-11-06 at 00:01 +0200, Jarkko Sakkinen wrote:
> On Sun, 2023-11-05 at 23:59 +0200, Jarkko Sakkinen wrote:
> > On Thu, 2023-10-26 at 13:55 -0400, James Bottomley wrote:
> > > On Thu, 2023-10-26 at 10:10 -0700, Jerry Snitselaar wrote:
> > > > On Wed, Oct 25, 2023 at 08:35:55PM +0300, Jarkko Sakkinen
> > > > wrote:
> > > > > On Wed Oct 25, 2023 at 12:03 PM EEST, Jerry Snitselaar wrote:
> > > > > > Reviewed-by: Jerry Snitselaar <jsnitsel@xxxxxxxxxx>
> > > > >
> > > > > On Wed, 2023-10-25 at 02:03 -0700, Jerry Snitselaar wrote:
> > > > > > Reviewed-by: Jerry Snitselaar <jsnitsel@xxxxxxxxxx>
> > > > > >
> > > > >
> > > > > Thanks I'll add it to the next round.
> > > > >
> > > > > For the tpm_buf_read(), I was thinking along the lines of:
> > > > >
> > > > > /**
> > > > > * tpm_buf_read() - Read from a TPM buffer
> > > > > * @buf: &tpm_buf instance
> > > > > * @pos: position within the buffer
> > > > > * @count: the number of bytes to read
> > > > > * @output: the output buffer
> > > > > *
> > > > > * Read bytes from a TPM buffer, and update the position.
> > > > > Returns
> > > > > false when the
> > > > > * amount of bytes requested would overflow the buffer, which
> > > > > is
> > > > > expected to
> > > > > * only happen in the case of hardware failure.
> > > > > */
> > > > > static bool tpm_buf_read(const struct tpm_buf *buf, off_t
> > > > > *pos,
> > > > > size_t count, void *output)
> > > > > {
> > > > > off_t next = *pos + count;
> > > > >
> > > > > if (next >= buf->length) {
> > > > > pr_warn("%s: %lu >= %lu\n", __func__, next,
> > > > > *offset);
> > > > > return false;
> > > > > }
> > > > >
> > > > > memcpy(output, &buf->data[*pos], count);
> > > > > *offset = next;
> > > > > return true;
> > > > > }
> > > > >
> > > > > BR, Jarkko
> > > > >
> > > >
> > > > Then the callers will check, and return -EIO?
> > >
> > > Really, no, why would we do that?
> > >
> > > The initial buffer is a page and no TPM currently can have a
> > > command that big, so if the buffer overflows, it's likely a
> > > programming error (failure to terminate loop or something) rather
> > > than a runtime one (a user actually induced a command that big
> > > and wanted it to be sent to the TPM). The only reason you might
> > > need to check is the no-alloc case and you passed in a much
> > > smaller buffer, but even there, I would guess it will come down
> > > to a coding fault not a possible runtime error.
> >
> >
> > Yeah, this was my thinking too. So in HMAC case you anyway would
> > not need to check it because crypto is destined to fail anyway.
> >
> > Returning boolean here does no harm so I thought that this is
> > overally good compromise.
>
> Or actually maybe we should go just with void, as it does have even
> then "return value", as it emits to klog, right?
Right, these functions are almost drop in replacements for the
get_inc_XX ones. The latter were void returning because all the
knowledge of what is being looked for is in the calling routine,
because it knows at a macro level what structure the buffer should
have.
James