On Wed, Jul 20, 2016 at 10:48:18AM -0600, Jason Gunthorpe wrote: > On Wed, Jul 20, 2016 at 03:16:32AM +0300, Jarkko Sakkinen wrote: > > Unseal and load operations should be done as an atomic unit. This > > commit fixes the issue by moving TPM mutex handling to tpm_try_get_ops() > > and tpm_put_ops(), which is probably more logical place for it anyway. > > No.. > > 'get_ops' is to be used to hold a persisent kref to a single tpm. It > cannot block other tpm access. > > Eg a upper protocol might get_ops to for a long period to ensure it > consistently talks to the same TPM in a multi-tpm system. > > We need something else to solve whatever you are concerned with > here..
The only use cases I see at the moment for it work this way: 1. Call tpm_try_get_ops. 2. Send a TPM command. 3. Call tpm_put_ops. I did not find any other form of use. The only use is to make sure that there are no transactions running before the ops are cleared. Or did I overlook something perhaps? Trusted key unseal operation with TPM2 is broken into two operations: 1. Load the given key blob. 2. Unseal the data. Without locking and unlocking mutex only once there is a race condition. /Jarkko
