lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <gnbagkqjrfvqqhfpl2yt6xougl3wws4h4actl6scotv4xbrqde@czy5dz4l25ui>
Date: Tue, 6 May 2025 15:03:38 +0200
From: Stefano Garzarella <sgarzare@...hat.com>
To: Jarkko Sakkinen <jarkko@...nel.org>,
	g@...rzare-redhat.smtp.subspace.kernel.org
Cc: Christophe Leroy <christophe.leroy@...roup.eu>, 
	Peter Huewe <peterhuewe@....de>, Alexandre Belloni <alexandre.belloni@...tlin.com>, 
	Jens Wiklander <jens.wiklander@...aro.org>, Claudiu Beznea <claudiu.beznea@...on.dev>, 
	Naveen N Rao <naveen@...nel.org>, Nicholas Piggin <npiggin@...il.com>, 
	linuxppc-dev@...ts.ozlabs.org, Nicolas Ferre <nicolas.ferre@...rochip.com>, 
	Michael Ellerman <mpe@...erman.id.au>, Madhavan Srinivasan <maddy@...ux.ibm.com>, 
	James Bottomley <James.Bottomley@...senpartnership.com>, linux-integrity@...r.kernel.org, 
	linux-arm-kernel@...ts.infradead.org, Sumit Garg <sumit.garg@...nel.org>, linux-kernel@...r.kernel.org, 
	Jason Gunthorpe <jgg@...pe.ca>
Subject: Re: [PATCH v3 3/4] tpm/tpm_ftpm_tee: support TPM_CHIP_FLAG_SYNC

On Wed, Apr 30, 2025 at 06:47:51PM +0300, Jarkko Sakkinen wrote:
>On Mon, Apr 14, 2025 at 04:56:52PM +0200, Stefano Garzarella wrote:
>> From: Stefano Garzarella <sgarzare@...hat.com>
>>
>> This driver does not support interrupts, and receiving the response is
>> synchronous with sending the command.
>>
>> So we can set TPM_CHIP_FLAG_SYNC to support synchronous send() and
>
>"Enable synchronous send() with TPM_CHIP_FLAG_SYNC, which implies that
>->send() already fills the provided buffer with a reponse, and ->recv()
>is not implemented."
>
>So, instead of jargon it is better to explicitly state what the heck
>is going on.

Ack, I'll replace with your suggestion.

Thanks,
Stefano

>
>> return responses in the same buffer used for commands. This way we
>> don't need the 4KB internal buffer used to cache the response before
>> .send() and .recv(). Also we don't need to implement recv() op.
>>
>> Signed-off-by: Stefano Garzarella <sgarzare@...hat.com>
>> ---
>> v2:
>> - set TPM_CHIP_FLAG_SYNC and support it in the new send()
>> - removed Jens' T-b
>> v1:
>> - added Jens' T-b
>> ---
>>  drivers/char/tpm/tpm_ftpm_tee.h |  4 ---
>>  drivers/char/tpm/tpm_ftpm_tee.c | 64 ++++++++++-----------------------
>>  2 files changed, 19 insertions(+), 49 deletions(-)
>>
>> diff --git a/drivers/char/tpm/tpm_ftpm_tee.h b/drivers/char/tpm/tpm_ftpm_tee.h
>> index e39903b7ea07..8d5c3f0d2879 100644
>> --- a/drivers/char/tpm/tpm_ftpm_tee.h
>> +++ b/drivers/char/tpm/tpm_ftpm_tee.h
>> @@ -22,16 +22,12 @@
>>   * struct ftpm_tee_private - fTPM's private data
>>   * @chip:     struct tpm_chip instance registered with tpm framework.
>>   * @session:  fTPM TA session identifier.
>> - * @resp_len: cached response buffer length.
>> - * @resp_buf: cached response buffer.
>>   * @ctx:      TEE context handler.
>>   * @shm:      Memory pool shared with fTPM TA in TEE.
>>   */
>>  struct ftpm_tee_private {
>>  	struct tpm_chip *chip;
>>  	u32 session;
>> -	size_t resp_len;
>> -	u8 resp_buf[MAX_RESPONSE_SIZE];
>>  	struct tee_context *ctx;
>>  	struct tee_shm *shm;
>>  };
>> diff --git a/drivers/char/tpm/tpm_ftpm_tee.c b/drivers/char/tpm/tpm_ftpm_tee.c
>> index 637cc8b6599e..b9adc040ca6d 100644
>> --- a/drivers/char/tpm/tpm_ftpm_tee.c
>> +++ b/drivers/char/tpm/tpm_ftpm_tee.c
>> @@ -31,46 +31,18 @@ static const uuid_t ftpm_ta_uuid =
>>  		  0x82, 0xCB, 0x34, 0x3F, 0xB7, 0xF3, 0x78, 0x96);
>>
>>  /**
>> - * ftpm_tee_tpm_op_recv() - retrieve fTPM response.
>> - * @chip:	the tpm_chip description as specified in driver/char/tpm/tpm.h.
>> - * @buf:	the buffer to store data.
>> - * @count:	the number of bytes to read.
>> - *
>> - * Return:
>> - *	In case of success the number of bytes received.
>> - *	On failure, -errno.
>> - */
>> -static int ftpm_tee_tpm_op_recv(struct tpm_chip *chip, u8 *buf, size_t count)
>> -{
>> -	struct ftpm_tee_private *pvt_data = dev_get_drvdata(chip->dev.parent);
>> -	size_t len;
>> -
>> -	len = pvt_data->resp_len;
>> -	if (count < len) {
>> -		dev_err(&chip->dev,
>> -			"%s: Invalid size in recv: count=%zd, resp_len=%zd\n",
>> -			__func__, count, len);
>> -		return -EIO;
>> -	}
>> -
>> -	memcpy(buf, pvt_data->resp_buf, len);
>> -	pvt_data->resp_len = 0;
>> -
>> -	return len;
>> -}
>> -
>> -/**
>> - * ftpm_tee_tpm_op_send() - send TPM commands through the TEE shared memory.
>> + * ftpm_tee_tpm_op_send() - send TPM commands through the TEE shared memory
>> + * and retrieve the response.
>>   * @chip:	the tpm_chip description as specified in driver/char/tpm/tpm.h
>> - * @buf:	the buffer to send.
>> - * @len:	the number of bytes to send.
>> + * @buf:	the buffer to send and to store the response.
>> + * @cmd_len:	the number of bytes to send.
>>   * @buf_size:	the size of the buffer.
>>   *
>>   * Return:
>> - *	In case of success, returns 0.
>> + *	In case of success, returns the number of bytes received.
>>   *	On failure, -errno
>>   */
>> -static int ftpm_tee_tpm_op_send(struct tpm_chip *chip, u8 *buf, size_t len,
>> +static int ftpm_tee_tpm_op_send(struct tpm_chip *chip, u8 *buf, size_t cmd_len,
>>  				size_t buf_size)
>>  {
>>  	struct ftpm_tee_private *pvt_data = dev_get_drvdata(chip->dev.parent);
>> @@ -82,16 +54,15 @@ static int ftpm_tee_tpm_op_send(struct tpm_chip *chip, u8 *buf, size_t len,
>>  	struct tee_param command_params[4];
>>  	struct tee_shm *shm = pvt_data->shm;
>>
>> -	if (len > MAX_COMMAND_SIZE) {
>> +	if (cmd_len > MAX_COMMAND_SIZE) {
>>  		dev_err(&chip->dev,
>>  			"%s: len=%zd exceeds MAX_COMMAND_SIZE supported by fTPM TA\n",
>> -			__func__, len);
>> +			__func__, cmd_len);
>>  		return -EIO;
>>  	}
>>
>>  	memset(&transceive_args, 0, sizeof(transceive_args));
>>  	memset(command_params, 0, sizeof(command_params));
>> -	pvt_data->resp_len = 0;
>>
>>  	/* Invoke FTPM_OPTEE_TA_SUBMIT_COMMAND function of fTPM TA */
>>  	transceive_args = (struct tee_ioctl_invoke_arg) {
>> @@ -105,7 +76,7 @@ static int ftpm_tee_tpm_op_send(struct tpm_chip *chip, u8 *buf, size_t len,
>>  		.attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT,
>>  		.u.memref = {
>>  			.shm = shm,
>> -			.size = len,
>> +			.size = cmd_len,
>>  			.shm_offs = 0,
>>  		},
>>  	};
>> @@ -117,7 +88,7 @@ static int ftpm_tee_tpm_op_send(struct tpm_chip *chip, u8 *buf, size_t len,
>>  		return PTR_ERR(temp_buf);
>>  	}
>>  	memset(temp_buf, 0, (MAX_COMMAND_SIZE + MAX_RESPONSE_SIZE));
>> -	memcpy(temp_buf, buf, len);
>> +	memcpy(temp_buf, buf, cmd_len);
>>
>>  	command_params[1] = (struct tee_param) {
>>  		.attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT,
>> @@ -158,17 +129,20 @@ static int ftpm_tee_tpm_op_send(struct tpm_chip *chip, u8 *buf, size_t len,
>>  			__func__, resp_len);
>>  		return -EIO;
>>  	}
>> +	if (resp_len > buf_size) {
>> +		dev_err(&chip->dev,
>> +			"%s: resp_len=%zd exceeds buf_size=%zd\n",
>> +			__func__, resp_len, buf_size);
>> +		return -EIO;
>> +	}
>>
>> -	/* sanity checks look good, cache the response */
>> -	memcpy(pvt_data->resp_buf, temp_buf, resp_len);
>> -	pvt_data->resp_len = resp_len;
>> +	memcpy(buf, temp_buf, resp_len);
>>
>> -	return 0;
>> +	return resp_len;
>>  }
>>
>>  static const struct tpm_class_ops ftpm_tee_tpm_ops = {
>>  	.flags = TPM_OPS_AUTO_STARTUP,
>> -	.recv = ftpm_tee_tpm_op_recv,
>>  	.send = ftpm_tee_tpm_op_send,
>>  };
>>
>> @@ -253,7 +227,7 @@ static int ftpm_tee_probe(struct device *dev)
>>  	}
>>
>>  	pvt_data->chip = chip;
>> -	pvt_data->chip->flags |= TPM_CHIP_FLAG_TPM2;
>> +	pvt_data->chip->flags |= TPM_CHIP_FLAG_TPM2 | TPM_CHIP_FLAG_SYNC;
>>
>>  	/* Create a character device for the fTPM */
>>  	rc = tpm_chip_register(pvt_data->chip);
>> --
>> 2.49.0
>>
>
>BR, Jarkko
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ