[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160619120157.GA29626@intel.com>
Date: Sun, 19 Jun 2016 14:12:14 +0200
From: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To: Ed Swierk <eswierk@...portsystems.com>
Cc: tpmdd-devel@...ts.sourceforge.net, stefanb@...ibm.com,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
jgunthorpe@...idianresearch.com
Subject: Re: [PATCH v6 3/5] tpm: Factor out reading of timeout and duration
capabilities
On Fri, Jun 10, 2016 at 06:55:05PM -0700, Ed Swierk wrote:
> Factor sending the TPM_GetCapability command and validating the result
> from tpm_get_timeouts() into a new function. Return all errors to the
> caller rather than swallowing them (e.g. when tpm_transmit_cmd()
> returns nonzero).
>
> Signed-off-by: Ed Swierk <eswierk@...portsystems.com>
> ---
> drivers/char/tpm/tpm-interface.c | 96 ++++++++++++++++++++++------------------
> 1 file changed, 52 insertions(+), 44 deletions(-)
I'm sorry but just now that I started applying these patches this patch
started to bother me.
> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> index cc1e5bc..4d1f62c 100644
> --- a/drivers/char/tpm/tpm-interface.c
> +++ b/drivers/char/tpm/tpm-interface.c
> @@ -502,6 +502,52 @@ static int tpm_startup(struct tpm_chip *chip, __be16 startup_type)
> "attempting to start the TPM");
> }
>
> +static int tpm_get_cap_prop(struct tpm_chip *chip, __be32 type, int size,
> + cap_t *cap, char *desc)
> +{
> + struct tpm_cmd_t tpm_cmd;
> + ssize_t rc;
> +
> + tpm_cmd.header.in = tpm_getcap_header;
> + tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;
> + tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
> + tpm_cmd.params.getcap_in.subcap = type;
> + rc = tpm_transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, NULL);
> +
> + if (rc == TPM_ERR_INVALID_POSTINIT) {
> + /* The TPM is not started, we are the first to talk to it.
> + Execute a startup command. */
> + dev_info(chip->pdev, "Issuing TPM_STARTUP\n");
> + if (tpm_startup(chip, TPM_ST_CLEAR))
> + return rc;
> +
> + tpm_cmd.header.in = tpm_getcap_header;
> + tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;
> + tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
> + tpm_cmd.params.getcap_in.subcap = type;
> + rc = tpm_transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE,
> + NULL);
> + }
I think inside tpm_get_timeouts() I'd rather something along the lines
(with error handling and such details taken away):
rc = tpm_getcap(...);
if (rc == TPM_ERR_INVALID_POSTINIT) {
tpm_startup(...);
tpm_getca(...);
}
> + if (rc) {
> + dev_err(chip->pdev,
> + "Error %zd reading %s\n", rc, desc);
> + return rc;
> + }
> +
> + if (be32_to_cpu(tpm_cmd.header.out.return_code) != 0 ||
> + be32_to_cpu(tpm_cmd.header.out.length)
> + != sizeof(tpm_cmd.header.out) + sizeof(u32) + size * sizeof(u32)) {
> + dev_err(chip->pdev,
> + "Bad return code or length reading %s\n", desc);
> + return -EINVAL;
> + }
This is bogus code. All this kind of checks should be contained in
tpm_transmit_cmd(). This is easily "fixed" by moving tpm_getcap() :)
/Jarkko
Powered by blists - more mailing lists