tpm: Lazily flush auth session when getting random data

Message ID	Z8rRRdwlI6JW8RWF@earth.li (mailing list archive)
State	New
Headers	show Received: from the.earth.li (the.earth.li [93.93.131.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8AAFB1AA1EC; Fri, 7 Mar 2025 10:58:17 +0000 (UTC) Date: Fri, 7 Mar 2025 10:58:13 +0000 From: Jonathan McDowell <noodles@earth.li> To: Jarkko Sakkinen <jarkko@kernel.org>, Peter Huewe <peterhuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca> Cc: James Bottomley <James.Bottomley@hansenpartnership.com>, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] tpm: Lazily flush auth session when getting random data Message-ID: <Z8rRRdwlI6JW8RWF@earth.li> References: <Z8m8G0RfiRyYGH_t@earth.li> <Z8oV9lJ4hsHualcP@kernel.org> Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <Z8oV9lJ4hsHualcP@kernel.org>
Series	tpm: Lazily flush auth session when getting random data \| expand tpm: Lazily flush auth session when getting random data

Message ID

Z8rRRdwlI6JW8RWF@earth.li (mailing list archive)

State

New

Headers

Date: Fri, 7 Mar 2025 10:58:13 +0000
From: Jonathan McDowell <noodles@earth.li>
To: Jarkko Sakkinen <jarkko@kernel.org>, Peter Huewe <peterhuewe@gmx.de>,
	Jason Gunthorpe <jgg@ziepe.ca>
Cc: James Bottomley <James.Bottomley@hansenpartnership.com>,
	linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH] tpm: Lazily flush auth session when getting random data
Message-ID: <Z8rRRdwlI6JW8RWF@earth.li>
References: <Z8m8G0RfiRyYGH_t@earth.li>
 <Z8oV9lJ4hsHualcP@kernel.org>
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Z8oV9lJ4hsHualcP@kernel.org>

Series

tpm: Lazily flush auth session when getting random data | expand

Commit Message

Jonathan McDowell March 7, 2025, 10:58 a.m. UTC

From: Jonathan McDowell <noodles@meta.com>

Lazy flushing of TPM auth sessions was introduced to speed up IMA
measurments into the TPM. Make use of it in tpm2_get_random as well,
which has the added benefit of not needlessly cleaning up the session
that IMA is using when there are no userspace accesses taking place.

Command trace before for every call:

hwrng (0x00000161): 14 (52965242 ns)
hwrng (0x00000176): 48 (161612432 ns)
hwrng (0x00000165): 10 (2410494 ns)
hwrng (0x0000017B): 117 (70699883 ns)
hwrng (0x0000017B): 117 (70959666 ns)
hwrng (0x00000165): 10 (2756827 ns)

After, with repeated calls showing no setup:

hwrng (0x00000161): 14 (53044582 ns)
hwrng (0x00000176): 48 (160491333 ns)
hwrng (0x00000165): 10 (2408220 ns)
hwrng (0x0000017B): 117 (70695037 ns)
hwrng (0x0000017B): 117 (70994984 ns)
hwrng (0x0000017B): 117 (70195388 ns)
hwrng (0x0000017B): 117 (70973835 ns)

Signed-off-by: Jonathan McDowell <noodles@meta.com>
---
 drivers/char/tpm/tpm2-cmd.c | 1 -
 1 file changed, 1 deletion(-)

Comments

Jarkko Sakkinen March 7, 2025, 4:34 p.m. UTC | #1

On Fri, Mar 07, 2025 at 10:58:13AM +0000, Jonathan McDowell wrote:
> From: Jonathan McDowell <noodles@meta.com>
> 
> Lazy flushing of TPM auth sessions was introduced to speed up IMA
> measurments into the TPM. Make use of it in tpm2_get_random as well,
> which has the added benefit of not needlessly cleaning up the session
> that IMA is using when there are no userspace accesses taking place.
> 
> Command trace before for every call:
> 
> hwrng (0x00000161): 14 (52965242 ns)
> hwrng (0x00000176): 48 (161612432 ns)
> hwrng (0x00000165): 10 (2410494 ns)
> hwrng (0x0000017B): 117 (70699883 ns)
> hwrng (0x0000017B): 117 (70959666 ns)
> hwrng (0x00000165): 10 (2756827 ns)
> 
> After, with repeated calls showing no setup:
> 
> hwrng (0x00000161): 14 (53044582 ns)
> hwrng (0x00000176): 48 (160491333 ns)
> hwrng (0x00000165): 10 (2408220 ns)
> hwrng (0x0000017B): 117 (70695037 ns)
> hwrng (0x0000017B): 117 (70994984 ns)
> hwrng (0x0000017B): 117 (70195388 ns)
> hwrng (0x0000017B): 117 (70973835 ns)
> 
> Signed-off-by: Jonathan McDowell <noodles@meta.com>
> ---
>  drivers/char/tpm/tpm2-cmd.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index dfdcbd009720..524d802ede26 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -359,7 +359,6 @@ int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max)
>  	} while (retries-- && total < max);
>  
>  	tpm_buf_destroy(&buf);
> -	tpm2_end_auth_session(chip);
>  
>  	return total ? total : -EIO;
>  out:
> -- 
> 2.48.1
> 

Thanks for this. It is a good catch! I'll apply this over the weekend
when I apply Arm FF-A driver patches.

Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

BR, Jarkko

diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index dfdcbd009720..524d802ede26 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -359,7 +359,6 @@  int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max)
 	} while (retries-- && total < max);
 
 	tpm_buf_destroy(&buf);
-	tpm2_end_auth_session(chip);
 
 	return total ? total : -EIO;
 out:

tpm: Lazily flush auth session when getting random data

Commit Message

Comments

Patch