lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20201208101746.GA45313@kernel.org>
Date:   Tue, 8 Dec 2020 12:17:46 +0200
From:   Jarkko Sakkinen <jarkko@...nel.org>
To:     Kai-Heng Feng <kai.heng.feng@...onical.com>
Cc:     linux-integrity@...r.kernel.org,
        open list <linux-kernel@...r.kernel.org>
Subject: Re: [Regression] Can only do S3 once after "tpm: take TPM chip power
 gating out of tpm_transmit()"

On Mon, Dec 07, 2020 at 12:42:53PM +0800, Kai-Heng Feng wrote:
> Hi Jarkko,
> 
> A user report that the system can only do S3 once. Subsequent S3 fails after commit a3fbfae82b4c ("tpm: take TPM chip power gating out of tpm_transmit()").
> 
> Dmesg with the issue, collected under 5.10-rc2:
> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1891502/comments/14
> 
> Dmesg without the issue, collected under 5.0.0-rc8:
> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1891502/comments/16
> 
> Full bug report here:
> https://bugs.launchpad.net/bugs/1891502
> 
> Kai-Heng

Relevant part:


[80601.620149] tpm tpm0: Error (28) sending savestate before suspend
[80601.620165] PM: __pnp_bus_suspend(): tpm_pm_suspend+0x0/0x90 returns 28
[80601.620172] PM: dpm_run_callback(): pnp_bus_suspend+0x0/0x20 returns 28
[80601.620178] PM: Device 00:01 failed to suspend: error 28

Looking at this there are two issues:

A. TPM_ORD_SAVESTATE command failing, this a new regression.
B. When tpm_pm_suspend() fails, it should not fail the whole suspend
   procedure. And it returns the TPM error code back to the upper
   layers when it does so, which makes no sense. This is an old
   issue revealed by A.

Let's look at tpm_pm_suspend():

/*
 * We are about to suspend. Save the TPM state
 * so that it can be restored.
 */
int tpm_pm_suspend(struct device *dev)
{
	struct tpm_chip *chip = dev_get_drvdata(dev);
	int rc = 0;

	if (!chip)
		return -ENODEV;

	if (chip->flags & TPM_CHIP_FLAG_ALWAYS_POWERED)
		goto suspended;

	if ((chip->flags & TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED) &&
	    !pm_suspend_via_firmware())
		goto suspended;

	if (!tpm_chip_start(chip)) {
		if (chip->flags & TPM_CHIP_FLAG_TPM2)
			tpm2_shutdown(chip, TPM2_SU_STATE);
		else
			rc = tpm1_pm_suspend(chip, tpm_suspend_pcr);

		tpm_chip_stop(chip);
	}

suspended:
	return rc;
}
EXPORT_SYMBOL_GPL(tpm_pm_suspend);

I would modify this into:

/*
 * We are about to suspend. Save the TPM state
 * so that it can be restored.
 */
int tpm_pm_suspend(struct device *dev)
{
	struct tpm_chip *chip = dev_get_drvdata(dev);
	int rc = 0;

	if (!chip)
		return -ENODEV;

	if (chip->flags & TPM_CHIP_FLAG_ALWAYS_POWERED)
		goto suspended;

	if ((chip->flags & TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED) &&
	    !pm_suspend_via_firmware())
		goto suspended;

	if (!tpm_chip_start(chip)) {
		if (chip->flags & TPM_CHIP_FLAG_TPM2)
			tpm2_shutdown(chip, TPM2_SU_STATE);
		else
			tpm1_pm_suspend(chip, tpm_suspend_pcr);

		tpm_chip_stop(chip);
	}

suspended:
	return rc;
}
EXPORT_SYMBOL_GPL(tpm_pm_suspend);

I.e. it's a good idea to put something into klog but that should not
fail the whole suspend procedure. TPM is essentially opt-in feature.

Of course issue A needs to be also sorted out but would this work as
a quick initial fix? I can queue a patch for this. Is it possible to
try out this fix for if I drop a patch?

/Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ