On Tue, Aug 23, 2016 at 08:57:22PM -0400, Jarkko Sakkinen wrote: > + if (flags & TPM_TRANSMIT_LOCK) > + mutex_lock(&chip->tpm_mutex); I think I would invert this. UNLOCKED is the exceptional case, so I'd make the 0 flags lock. If we see UNLOCKED in the caller then we know to audit for locking, 0 is much less obvious. > @@ -576,7 +576,7 @@ static int tpm2_load(struct tpm_chip *chip, > goto out; > } > > - rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, "loading blob"); > + rc = __tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, "loading blob", 0); All these points should accept a flags too and the caller should pass in the TPM_TRASNMIT_UNLOCKED if it needs it.. > + mutex_lock(&chip->tpm_mutex); > rc = tpm2_load(chip, payload, options, &blob_handle); > if (rc) So when we read here we see the pattern: > + mutex_lock(&chip->tpm_mutex); > rc = tpm2_load(chip, payload, options, &blob_handle, TPM_TRASNMIT_UNLOCKED); Which is much easier to audit.. Jason -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html