| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <gnbagkqjrfvqqhfpl2yt6xougl3wws4h4actl6scotv4xbrqde@czy5dz4l25ui>
Date: Tue, 6 May 2025 15:03:38 +0200
From: Stefano Garzarella <sgarzare@...hat.com>
To: Jarkko Sakkinen <jarkko@...nel.org>,
g@...rzare-redhat.smtp.subspace.kernel.org
Cc: Christophe Leroy <christophe.leroy@...roup.eu>,
Peter Huewe <peterhuewe@....de>, Alexandre Belloni <alexandre.belloni@...tlin.com>,
Jens Wiklander <jens.wiklander@...aro.org>, Claudiu Beznea <claudiu.beznea@...on.dev>,
Naveen N Rao <naveen@...nel.org>, Nicholas Piggin <npiggin@...il.com>,
linuxppc-dev@...ts.ozlabs.org, Nicolas Ferre <nicolas.ferre@...rochip.com>,
Michael Ellerman <mpe@...erman.id.au>, Madhavan Srinivasan <maddy@...ux.ibm.com>,
James Bottomley <James.Bottomley@...senpartnership.com>, linux-integrity@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org, Sumit Garg <sumit.garg@...nel.org>, linux-kernel@...r.kernel.org,
Jason Gunthorpe <jgg@...pe.ca>
Subject: Re: [PATCH v3 3/4] tpm/tpm_ftpm_tee: support TPM_CHIP_FLAG_SYNC
On Wed, Apr 30, 2025 at 06:47:51PM +0300, Jarkko Sakkinen wrote:
>On Mon, Apr 14, 2025 at 04:56:52PM +0200, Stefano Garzarella wrote:
>> From: Stefano Garzarella <sgarzare@...hat.com>
>>
>> This driver does not support interrupts, and receiving the response is
>> synchronous with sending the command.
>>
>> So we can set TPM_CHIP_FLAG_SYNC to support synchronous send() and
>
>"Enable synchronous send() with TPM_CHIP_FLAG_SYNC, which implies that
>->send() already fills the provided buffer with a reponse, and ->recv()
>is not implemented."
>
>So, instead of jargon it is better to explicitly state what the heck
>is going on.
Ack, I'll replace with your suggestion.
Thanks,
Stefano
>
>> return responses in the same buffer used for commands. This way we
>> don't need the 4KB internal buffer used to cache the response before
>> .send() and .recv(). Also we don't need to implement recv() op.
>>
>> Signed-off-by: Stefano Garzarella <sgarzare@...hat.com>
>> ---
>> v2:
>> - set TPM_CHIP_FLAG_SYNC and support it in the new send()
>> - removed Jens' T-b
>> v1:
>> - added Jens' T-b
>> ---
>> drivers/char/tpm/tpm_ftpm_tee.h | 4 ---
>> drivers/char/tpm/tpm_ftpm_tee.c | 64 ++++++++++-----------------------
>> 2 files changed, 19 insertions(+), 49 deletions(-)
>>
>> diff --git a/drivers/char/tpm/tpm_ftpm_tee.h b/drivers/char/tpm/tpm_ftpm_tee.h
>> index e39903b7ea07..8d5c3f0d2879 100644
>> --- a/drivers/char/tpm/tpm_ftpm_tee.h
>> +++ b/drivers/char/tpm/tpm_ftpm_tee.h
>> @@ -22,16 +22,12 @@
>> * struct ftpm_tee_private - fTPM's private data
>> * @chip: struct tpm_chip instance registered with tpm framework.
>> * @session: fTPM TA session identifier.
>> - * @resp_len: cached response buffer length.
>> - * @resp_buf: cached response buffer.
>> * @ctx: TEE context handler.
>> * @shm: Memory pool shared with fTPM TA in TEE.
>> */
>> struct ftpm_tee_private {
>> struct tpm_chip *chip;
>> u32 session;
>> - size_t resp_len;
>> - u8 resp_buf[MAX_RESPONSE_SIZE];
>> struct tee_context *ctx;
>> struct tee_shm *shm;
>> };
>> diff --git a/drivers/char/tpm/tpm_ftpm_tee.c b/drivers/char/tpm/tpm_ftpm_tee.c
>> index 637cc8b6599e..b9adc040ca6d 100644
>> --- a/drivers/char/tpm/tpm_ftpm_tee.c
>> +++ b/drivers/char/tpm/tpm_ftpm_tee.c
>> @@ -31,46 +31,18 @@ static const uuid_t ftpm_ta_uuid =
>> 0x82, 0xCB, 0x34, 0x3F, 0xB7, 0xF3, 0x78, 0x96);
>>
>> /**
>> - * ftpm_tee_tpm_op_recv() - retrieve fTPM response.
>> - * @chip: the tpm_chip description as specified in driver/char/tpm/tpm.h.
>> - * @buf: the buffer to store data.
>> - * @count: the number of bytes to read.
>> - *
>> - * Return:
>> - * In case of success the number of bytes received.
>> - * On failure, -errno.
>> - */
>> -static int ftpm_tee_tpm_op_recv(struct tpm_chip *chip, u8 *buf, size_t count)
>> -{
>> - struct ftpm_tee_private *pvt_data = dev_get_drvdata(chip->dev.parent);
>> - size_t len;
>> -
>> - len = pvt_data->resp_len;
>> - if (count < len) {
>> - dev_err(&chip->dev,
>> - "%s: Invalid size in recv: count=%zd, resp_len=%zd\n",
>> - __func__, count, len);
>> - return -EIO;
>> - }
>> -
>> - memcpy(buf, pvt_data->resp_buf, len);
>> - pvt_data->resp_len = 0;
>> -
>> - return len;
>> -}
>> -
>> -/**
>> - * ftpm_tee_tpm_op_send() - send TPM commands through the TEE shared memory.
>> + * ftpm_tee_tpm_op_send() - send TPM commands through the TEE shared memory
>> + * and retrieve the response.
>> * @chip: the tpm_chip description as specified in driver/char/tpm/tpm.h
>> - * @buf: the buffer to send.
>> - * @len: the number of bytes to send.
>> + * @buf: the buffer to send and to store the response.
>> + * @cmd_len: the number of bytes to send.
>> * @buf_size: the size of the buffer.
>> *
>> * Return:
>> - * In case of success, returns 0.
>> + * In case of success, returns the number of bytes received.
>> * On failure, -errno
>> */
>> -static int ftpm_tee_tpm_op_send(struct tpm_chip *chip, u8 *buf, size_t len,
>> +static int ftpm_tee_tpm_op_send(struct tpm_chip *chip, u8 *buf, size_t cmd_len,
>> size_t buf_size)
>> {
>> struct ftpm_tee_private *pvt_data = dev_get_drvdata(chip->dev.parent);
>> @@ -82,16 +54,15 @@ static int ftpm_tee_tpm_op_send(struct tpm_chip *chip, u8 *buf, size_t len,
>> struct tee_param command_params[4];
>> struct tee_shm *shm = pvt_data->shm;
>>
>> - if (len > MAX_COMMAND_SIZE) {
>> + if (cmd_len > MAX_COMMAND_SIZE) {
>> dev_err(&chip->dev,
>> "%s: len=%zd exceeds MAX_COMMAND_SIZE supported by fTPM TA\n",
>> - __func__, len);
>> + __func__, cmd_len);
>> return -EIO;
>> }
>>
>> memset(&transceive_args, 0, sizeof(transceive_args));
>> memset(command_params, 0, sizeof(command_params));
>> - pvt_data->resp_len = 0;
>>
>> /* Invoke FTPM_OPTEE_TA_SUBMIT_COMMAND function of fTPM TA */
>> transceive_args = (struct tee_ioctl_invoke_arg) {
>> @@ -105,7 +76,7 @@ static int ftpm_tee_tpm_op_send(struct tpm_chip *chip, u8 *buf, size_t len,
>> .attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT,
>> .u.memref = {
>> .shm = shm,
>> - .size = len,
>> + .size = cmd_len,
>> .shm_offs = 0,
>> },
>> };
>> @@ -117,7 +88,7 @@ static int ftpm_tee_tpm_op_send(struct tpm_chip *chip, u8 *buf, size_t len,
>> return PTR_ERR(temp_buf);
>> }
>> memset(temp_buf, 0, (MAX_COMMAND_SIZE + MAX_RESPONSE_SIZE));
>> - memcpy(temp_buf, buf, len);
>> + memcpy(temp_buf, buf, cmd_len);
>>
>> command_params[1] = (struct tee_param) {
>> .attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT,
>> @@ -158,17 +129,20 @@ static int ftpm_tee_tpm_op_send(struct tpm_chip *chip, u8 *buf, size_t len,
>> __func__, resp_len);
>> return -EIO;
>> }
>> + if (resp_len > buf_size) {
>> + dev_err(&chip->dev,
>> + "%s: resp_len=%zd exceeds buf_size=%zd\n",
>> + __func__, resp_len, buf_size);
>> + return -EIO;
>> + }
>>
>> - /* sanity checks look good, cache the response */
>> - memcpy(pvt_data->resp_buf, temp_buf, resp_len);
>> - pvt_data->resp_len = resp_len;
>> + memcpy(buf, temp_buf, resp_len);
>>
>> - return 0;
>> + return resp_len;
>> }
>>
>> static const struct tpm_class_ops ftpm_tee_tpm_ops = {
>> .flags = TPM_OPS_AUTO_STARTUP,
>> - .recv = ftpm_tee_tpm_op_recv,
>> .send = ftpm_tee_tpm_op_send,
>> };
>>
>> @@ -253,7 +227,7 @@ static int ftpm_tee_probe(struct device *dev)
>> }
>>
>> pvt_data->chip = chip;
>> - pvt_data->chip->flags |= TPM_CHIP_FLAG_TPM2;
>> + pvt_data->chip->flags |= TPM_CHIP_FLAG_TPM2 | TPM_CHIP_FLAG_SYNC;
>>
>> /* Create a character device for the fTPM */
>> rc = tpm_chip_register(pvt_data->chip);
>> --
>> 2.49.0
>>
>
>BR, Jarkko
>
Powered by blists - more mailing lists