lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20200928001530.GF5283@linux.intel.com>
Date:   Mon, 28 Sep 2020 03:15:30 +0300
From:   Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:     James Bottomley <James.Bottomley@...senPartnership.com>
Cc:     Stefan Berger <stefanb@...ux.vnet.ibm.com>,
        linux-integrity@...r.kernel.org,
        linux-kernel <linux-kernel@...r.kernel.org>,
        Jerry Snitselaar <jsnitsel@...hat.com>
Subject: Re: [PATCH 2/2] tpm: Revert "tpm_tis_core: Turn on the TPM before
 probing IRQ's"

On Sun, Sep 27, 2020 at 01:06:03PM -0700, James Bottomley wrote:
> On Tue, 2019-11-26 at 08:17 -0500, Stefan Berger wrote:
> > From: Stefan Berger <stefanb@...ux.ibm.com>
> > 
> > Revert the patch that was turning the TPM on before probing for IRQs.
> > 
> > Fixes: 5b359c7c4372 ("tpm_tis_core: Turn on the TPM before probing
> > IRQ's")
> > Signed-off-by: Stefan Berger <stefanb@...ux.ibm.com>
> > Reported-by: Jerry Snitselaar <jsnitsel@...hat.com>
> > Cc: stable@...r.kernel.org
> > ---
> >  drivers/char/tpm/tpm_tis_core.c | 2 --
> >  1 file changed, 2 deletions(-)
> > 
> > diff --git a/drivers/char/tpm/tpm_tis_core.c
> > b/drivers/char/tpm/tpm_tis_core.c
> > index 5dc52c4e2292..27c6ca031e23 100644
> > --- a/drivers/char/tpm/tpm_tis_core.c
> > +++ b/drivers/char/tpm/tpm_tis_core.c
> > @@ -1059,7 +1059,6 @@ int tpm_tis_core_init(struct device *dev,
> > struct tpm_tis_data *priv, int irq,
> >  			goto out_err;
> >  		}
> >  
> > -		tpm_chip_start(chip);
> >  		if (irq) {
> >  			tpm_tis_probe_irq_single(chip, intmask,
> > IRQF_SHARED,
> >  						 irq);
> > @@ -1069,7 +1068,6 @@ int tpm_tis_core_init(struct device *dev,
> > struct tpm_tis_data *priv, int irq,
> >  		} else {
> >  			tpm_tis_probe_irq(chip, intmask);
> >  		}
> > -		tpm_chip_stop(chip);
> >  	}
> >  
> >  	rc = tpm_chip_register(chip);
> 
> This patch is completely bogus: it's not a full revert of what it
> claims to be.  With this patch applied all my TIS TPMs are returning
> 0xff to the status reads because the locality hasn't been properly
> requested.  The chip has to be started somewhere for the interrupt
> probe to work on these TPMs ... what the original patch did was
> eliminate a bunch of start/stops for a global one.  However, if the
> global one isn't working we should have gone back to the bunch of
> smaller ones i.e. a full revert.
> 
> The only real manifestation of the problems this patch causes is that
> interrupts never get enabled on TIS TPMs that have this issue, but they
> still work via polling.
> 
> The below is what fixes this for me with the minimum possible extend of
> additional chip start/stop in the code.  This should be checked against
> the previous failing laptops.
> 
> James
> 
> ---
> 
> From: James Bottomley <James.Bottomley@...senPartnership.com>
> Subject: [PATCH] tpm_tis: fix interrupt probing
> 
> When we send a command into the TPM core, the TPM must be started
> otherwise the register reads can be bogus.  There have been several
> bug reports about doing this inside the TIS core, so fix the issue by
> adding an external version of the tpm2_get_tpm_pt() call which adds a
> tpm ops get/put to set up the TPM correctly before the command is
> sent.
> 
> Fixes: aa4a63dd9816 (tpm: Revert "tpm_tis_core: Turn on the TPM before probing IRQ's")
> Signed-off-by: James Bottomley <James.Bottomley@...senPartnership.com>
> ---
>  drivers/char/tpm/tpm.h          |  2 ++
>  drivers/char/tpm/tpm2-cmd.c     | 30 ++++++++++++++++++++++++++++++
>  drivers/char/tpm/tpm_tis_core.c |  2 +-
>  3 files changed, 33 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
> index 947d1db0a5cc..041b0b5bd2a5 100644
> --- a/drivers/char/tpm/tpm.h
> +++ b/drivers/char/tpm/tpm.h
> @@ -223,6 +223,8 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
>  int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max);
>  ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id,
>  			u32 *value, const char *desc);
> +ssize_t tpm2_get_tpm_pt_cmd(struct tpm_chip *chip, u32 property_id,
> +			    u32 *value, const char *desc);
>  
>  ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip);
>  int tpm2_auto_startup(struct tpm_chip *chip);
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index eff1f12d981a..9b84158c5a9e 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -407,6 +407,36 @@ ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id,  u32 *value,
>  }
>  EXPORT_SYMBOL_GPL(tpm2_get_tpm_pt);
>  
> +/**
> + * tpm2_get_tpm_pt_cmd() - get value of a TPM_CAP_TPM_PROPERTIES type property
> + * @chip:		a &tpm_chip instance
> + * @property_id:	property ID.
> + * @value:		output variable.
> + * @desc:		passed to tpm_transmit_cmd()
> + *
> + * This calls the necessary tpm_try_get_ops()/tpm_put_ops() around
> + * tpm2_get_tpm_pt() and must be called where it is used stand alone
> + * outside the core code.
> + *
> + * Return:
> + *   0 on success,
> + *   -errno or a TPM return code otherwise
> + */
> +ssize_t tpm2_get_tpm_pt_cmd(struct tpm_chip *chip, u32 property_id,  u32 *value,
> +			    const char *desc)
> +{
> +	ssize_t rc;
> +
> +	rc = tpm_try_get_ops(chip);
> +	if (rc)
> +		return rc;
> +	rc = tpm2_get_tpm_pt(chip, property_id, value, desc);
> +	tpm_put_ops(chip);
> +
> +	return rc;
> +}
> +EXPORT_SYMBOL_GPL(tpm2_get_tpm_pt_cmd);

Hi, same comment as for the other, i.e. rename the function that does
not have get/put_ops as __tpm2_get_tpm_pt(). Otherwise, fine. Thank
you.

/Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ