Message ID | 20221128195651.322822-1-Jason@zx2c4.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp5913151wrr; Mon, 28 Nov 2022 12:03:05 -0800 (PST) X-Google-Smtp-Source: AA0mqf5ikYnZ1t988+wmo1/im7S3O86qOqQ7XF++IFtwMPAPflgn4MUniIe/TngxwxhVBSOGEJKy X-Received: by 2002:ac2:4bd1:0:b0:4a2:4dc3:a2e with SMTP id o17-20020ac24bd1000000b004a24dc30a2emr13963155lfq.403.1669665784825; Mon, 28 Nov 2022 12:03:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669665784; cv=none; d=google.com; s=arc-20160816; b=ltOzAoKROCH15JWPYBwkFj8bypQW2Ffhvvahxrp8qWveqHjCdorrJShKGVTCmghM4g ctScNzBOIhWRwFDhEN9qg3iiLe0G6/6EAln820B/sQgdwK6Vz/hCnH9dCEtuf3v6E+ui kIiaF0KFTJTK8AlMcKUVff0Z7wqCy3ndtoYOJ0RTEy9U5IgbN2y29wa72F7QxkoFqyAu B69fgSdvuOaWrygn3SYCjConWEgXbzvY9r7N86z8Eq/5ASWU0JaxMPFbz6j7Thq9Rqjl LSMKbTHUfyNsM5FxrpOqNG7GJeTW0vBnATGad+BZrGla2pbSPIlfodtY9fB6NxMV3IF9 Dv9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=m+iodXvVaGO3w4QAQvXUTnn8uFbQvqV8cvcIq17x8pk=; b=0n4R8YQDlpOPfiKAZ/nSC8K4CamTPs2rmsyKs/qS1hID24emZLuv24v5t3hhnnKP3P clOEEWVDO5zvBoWzE+h6AF17AqVo5J6vtMnlTjFQ/W9anbS8T7j75+mLC7utRMhO2y8x k//Sk5KHrWAKopEYfaQspxt3F06ocw77mjM9A/4mssZFUKKpdBEo59LIuhHoFP8xvaMe makb5Zez09ZnRCJo1b8+HOpDOPYT7AlnQxw5hOjdcs2B6uU5M5IWibBEexI5a6dKiTSP ODehHkEAegd3YXsFeifrCNVbsarH8rNoYhelcwXHi9USE8CpvFoknvpsEbMJqLksqkmH Pt9w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=o7HB8omO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q16-20020a056402519000b00461c0fd2597si12604405edd.89.2022.11.28.12.02.38; Mon, 28 Nov 2022 12:03:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=o7HB8omO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233926AbiK1T6L (ORCPT <rfc822;gah0developer@gmail.com> + 99 others); Mon, 28 Nov 2022 14:58:11 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48308 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233872AbiK1T6A (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Mon, 28 Nov 2022 14:58:00 -0500 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F15D0B27; Mon, 28 Nov 2022 11:57:58 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id 5BF85CE1054; Mon, 28 Nov 2022 19:57:57 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D639DC433D7; Mon, 28 Nov 2022 19:57:53 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="o7HB8omO" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1669665472; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=m+iodXvVaGO3w4QAQvXUTnn8uFbQvqV8cvcIq17x8pk=; b=o7HB8omOA47EFDy7hMWwqFoQfP8SzKI7Hiwr2zSXBF18xLG1dXIrU794PbLD82ro2flwU3 GjkuPKeUnKW52xqpxZdEmBK/RYtXZ+1o51MRD+t7AVl+vfpg28dep1gm5ya7cM+WDyTWza SzfxbOW6IE9DGbhExXaD2cjPRnuYB3I= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id adff6e4d (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Mon, 28 Nov 2022 19:57:52 +0000 (UTC) From: "Jason A. Donenfeld" <Jason@zx2c4.com> To: Vlastimil Babka <vbabka@suse.cz>, Jarkko Sakkinen <jarkko@kernel.org>, =?utf-8?b?SmFuIETEhWJyb8Wb?= <jsd@semihalf.com>, linux-integrity@vger.kernel.org, peterhuewe@gmx.de, jgg@ziepe.ca, gregkh@linuxfoundation.org, arnd@arndb.de, rrangel@chromium.org, timvp@google.com, apronin@google.com, mw@semihalf.com, upstream@semihalf.com, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org Cc: "Jason A . Donenfeld" <Jason@zx2c4.com>, stable@vger.kernel.org Subject: [PATCH v3] char: tpm: Protect tpm_pm_suspend with locks Date: Mon, 28 Nov 2022 20:56:51 +0100 Message-Id: <20221128195651.322822-1-Jason@zx2c4.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750771469573365267?= X-GMAIL-MSGID: =?utf-8?q?1750771469573365267?= |
Series |
[v3] char: tpm: Protect tpm_pm_suspend with locks
|
|
Commit Message
Jason A. Donenfeld
Nov. 28, 2022, 7:56 p.m. UTC
From: Jan Dabros <jsd@semihalf.com> Currently tpm transactions are executed unconditionally in tpm_pm_suspend() function, which may lead to races with other tpm accessors in the system. Specifically, the hw_random tpm driver makes use of tpm_get_random(), and this function is called in a loop from a kthread, which means it's not frozen alongside userspace, and so can race with the work done during system suspend: [ 3.277834] tpm tpm0: tpm_transmit: tpm_recv: error -52 [ 3.278437] tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics [ 3.278445] CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135 [ 3.278450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 [ 3.278453] Call Trace: [ 3.278458] <TASK> [ 3.278460] dump_stack_lvl+0x34/0x44 [ 3.278471] tpm_tis_status.cold+0x19/0x20 [ 3.278479] tpm_transmit+0x13b/0x390 [ 3.278489] tpm_transmit_cmd+0x20/0x80 [ 3.278496] tpm1_pm_suspend+0xa6/0x110 [ 3.278503] tpm_pm_suspend+0x53/0x80 [ 3.278510] __pnp_bus_suspend+0x35/0xe0 [ 3.278515] ? pnp_bus_freeze+0x10/0x10 [ 3.278519] __device_suspend+0x10f/0x350 Fix this by calling tpm_try_get_ops(), which itself is a wrapper around tpm_chip_start(), but takes the appropriate mutex. Signed-off-by: Jan Dabros <jsd@semihalf.com> Reported-by: Vlastimil Babka <vbabka@suse.cz> Tested-by: Jason A. Donenfeld <Jason@zx2c4.com> Tested-by: Vlastimil Babka <vbabka@suse.cz> Link: https://lore.kernel.org/all/c5ba47ef-393f-1fba-30bd-1230d1b4b592@suse.cz/ Cc: stable@vger.kernel.org Fixes: e891db1a18bf ("tpm: turn on TPM on suspend for TPM 1.x") [Jason: reworked commit message, added metadata] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> --- drivers/char/tpm/tpm-interface.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
Comments
Linux regression tracking (Thorsten Leemhuis)
Dec. 2, 2022, 9:32 a.m. UTC |
#1
Addressed
Unaddressed
Hi, this is your Linux kernel regression tracker. On 28.11.22 20:56, Jason A. Donenfeld wrote: BTW, many thx for taking care of this Jason! > From: Jan Dabros <jsd@semihalf.com> > > Currently tpm transactions are executed unconditionally in > tpm_pm_suspend() function, which may lead to races with other tpm > accessors in the system. Specifically, the hw_random tpm driver makes > use of tpm_get_random(), and this function is called in a loop from a > kthread, which means it's not frozen alongside userspace, and so can > race with the work done during system suspend: Peter, Jarkko, did you look at this patch or even applied it already to send it to Linus soon? Doesn't look like it from here, but maybe I missed something. Thing is: the linked regression afaics is overdue fixing (for details see "Prioritize work on fixing regressions" in https://www.kernel.org/doc/html/latest/process/handling-regressions.html ). Hence if this doesn't make any progress I'll likely have to point Linus to this patch and suggest to apply it directly if it looks okay from his perspective. Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat) P.S.: As the Linux kernel's regression tracker I deal with a lot of reports and sometimes miss something important when writing mails like this. If that's the case here, don't hesitate to tell me in a public reply, it's in everyone's interest to set the public record straight. > [ 3.277834] tpm tpm0: tpm_transmit: tpm_recv: error -52 > [ 3.278437] tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics > [ 3.278445] CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135 > [ 3.278450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 > [ 3.278453] Call Trace: > [ 3.278458] <TASK> > [ 3.278460] dump_stack_lvl+0x34/0x44 > [ 3.278471] tpm_tis_status.cold+0x19/0x20 > [ 3.278479] tpm_transmit+0x13b/0x390 > [ 3.278489] tpm_transmit_cmd+0x20/0x80 > [ 3.278496] tpm1_pm_suspend+0xa6/0x110 > [ 3.278503] tpm_pm_suspend+0x53/0x80 > [ 3.278510] __pnp_bus_suspend+0x35/0xe0 > [ 3.278515] ? pnp_bus_freeze+0x10/0x10 > [ 3.278519] __device_suspend+0x10f/0x350 > > Fix this by calling tpm_try_get_ops(), which itself is a wrapper around > tpm_chip_start(), but takes the appropriate mutex. > > Signed-off-by: Jan Dabros <jsd@semihalf.com> > Reported-by: Vlastimil Babka <vbabka@suse.cz> > Tested-by: Jason A. Donenfeld <Jason@zx2c4.com> > Tested-by: Vlastimil Babka <vbabka@suse.cz> > Link: https://lore.kernel.org/all/c5ba47ef-393f-1fba-30bd-1230d1b4b592@suse.cz/ > Cc: stable@vger.kernel.org > Fixes: e891db1a18bf ("tpm: turn on TPM on suspend for TPM 1.x") > [Jason: reworked commit message, added metadata] > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> > --- > drivers/char/tpm/tpm-interface.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c > index 1621ce818705..d69905233aff 100644 > --- a/drivers/char/tpm/tpm-interface.c > +++ b/drivers/char/tpm/tpm-interface.c > @@ -401,13 +401,14 @@ int tpm_pm_suspend(struct device *dev) > !pm_suspend_via_firmware()) > goto suspended; > > - if (!tpm_chip_start(chip)) { > + rc = tpm_try_get_ops(chip); > + if (!rc) { > if (chip->flags & TPM_CHIP_FLAG_TPM2) > tpm2_shutdown(chip, TPM2_SU_STATE); > else > rc = tpm1_pm_suspend(chip, tpm_suspend_pcr); > > - tpm_chip_stop(chip); > + tpm_put_ops(chip); > } > > suspended:
Thanks for handling this, Thorsten. I had poked Jarkko about this earlier this week, but he didn't respond. So I'm glad you're on the case now getting this in somewhere. Probably this should make it to rc8, so there's still one week left of testing it. Jason
Hi Jason, Thanks for taking care of this! Re 2/3 and 3/3 as you mentioned earlier, will get back to this when I have some bandwidth and send it separately. Best Regards, Jan pt., 2 gru 2022 o 10:46 Jason A. Donenfeld <Jason@zx2c4.com> napisał(a): > > Thanks for handling this, Thorsten. I had poked Jarkko about this > earlier this week, but he didn't respond. So I'm glad you're on the case > now getting this in somewhere. Probably this should make it to rc8, so > there's still one week left of testing it. > > Jason
Hi Thorsten / Linus, On Fri, Dec 02, 2022 at 10:32:31AM +0100, Thorsten Leemhuis wrote: > Hi, this is your Linux kernel regression tracker. > > On 28.11.22 20:56, Jason A. Donenfeld wrote: > > BTW, many thx for taking care of this Jason! > > > From: Jan Dabros <jsd@semihalf.com> > > > > Currently tpm transactions are executed unconditionally in > > tpm_pm_suspend() function, which may lead to races with other tpm > > accessors in the system. Specifically, the hw_random tpm driver makes > > use of tpm_get_random(), and this function is called in a loop from a > > kthread, which means it's not frozen alongside userspace, and so can > > race with the work done during system suspend: > > Peter, Jarkko, did you look at this patch or even applied it already to > send it to Linus soon? Doesn't look like it from here, but maybe I > missed something. > > Thing is: the linked regression afaics is overdue fixing (for details > see "Prioritize work on fixing regressions" in > https://www.kernel.org/doc/html/latest/process/handling-regressions.html > ). Hence if this doesn't make any progress I'll likely have to point > Linus to this patch and suggest to apply it directly if it looks okay > from his perspective. I'm very concerned about this. Jan posted the original fix a month ago, and then it fizzled out. Then I got word of the bug last week and revived the fix [1], while also figuring out how to reproduce it together with the reporter. I emailed the tpm maintainers offlist to poke them, and nobody woke up. And tomorrow is rc8 day. Given that this patch is pretty simple, has been tested to fix an annoying regression, and that neither of the three maintainers has popped up this week to get things rolling, I think we should just commit this now anyway, to make sure it gets in for rc8. This way there's still a solid week of testing. I'm in general not a big fan of the "nuclear option" of not waiting for out to lunch maintainers, but given that it is now December 3, it seems like the right decision. [1] https://lore.kernel.org/all/20221128195651.322822-1-Jason@zx2c4.com/ Jason
On Mon, Nov 28, 2022 at 08:56:51PM +0100, Jason A. Donenfeld wrote: > From: Jan Dabros <jsd@semihalf.com> > > Currently tpm transactions are executed unconditionally in > tpm_pm_suspend() function, which may lead to races with other tpm > accessors in the system. Specifically, the hw_random tpm driver makes > use of tpm_get_random(), and this function is called in a loop from a > kthread, which means it's not frozen alongside userspace, and so can > race with the work done during system suspend: > > [ 3.277834] tpm tpm0: tpm_transmit: tpm_recv: error -52 > [ 3.278437] tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics > [ 3.278445] CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135 > [ 3.278450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 > [ 3.278453] Call Trace: > [ 3.278458] <TASK> > [ 3.278460] dump_stack_lvl+0x34/0x44 > [ 3.278471] tpm_tis_status.cold+0x19/0x20 > [ 3.278479] tpm_transmit+0x13b/0x390 > [ 3.278489] tpm_transmit_cmd+0x20/0x80 > [ 3.278496] tpm1_pm_suspend+0xa6/0x110 > [ 3.278503] tpm_pm_suspend+0x53/0x80 > [ 3.278510] __pnp_bus_suspend+0x35/0xe0 > [ 3.278515] ? pnp_bus_freeze+0x10/0x10 > [ 3.278519] __device_suspend+0x10f/0x350 > > Fix this by calling tpm_try_get_ops(), which itself is a wrapper around > tpm_chip_start(), but takes the appropriate mutex. > > Signed-off-by: Jan Dabros <jsd@semihalf.com> > Reported-by: Vlastimil Babka <vbabka@suse.cz> > Tested-by: Jason A. Donenfeld <Jason@zx2c4.com> > Tested-by: Vlastimil Babka <vbabka@suse.cz> > Link: https://lore.kernel.org/all/c5ba47ef-393f-1fba-30bd-1230d1b4b592@suse.cz/ > Cc: stable@vger.kernel.org > Fixes: e891db1a18bf ("tpm: turn on TPM on suspend for TPM 1.x") > [Jason: reworked commit message, added metadata] > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> > --- > drivers/char/tpm/tpm-interface.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c > index 1621ce818705..d69905233aff 100644 > --- a/drivers/char/tpm/tpm-interface.c > +++ b/drivers/char/tpm/tpm-interface.c > @@ -401,13 +401,14 @@ int tpm_pm_suspend(struct device *dev) > !pm_suspend_via_firmware()) > goto suspended; > > - if (!tpm_chip_start(chip)) { > + rc = tpm_try_get_ops(chip); > + if (!rc) { > if (chip->flags & TPM_CHIP_FLAG_TPM2) > tpm2_shutdown(chip, TPM2_SU_STATE); > else > rc = tpm1_pm_suspend(chip, tpm_suspend_pcr); > > - tpm_chip_stop(chip); > + tpm_put_ops(chip); > } > > suspended: > -- > 2.38.1 > Hi, sorry for the latency. Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> BR, Jarkko
On Sun, Dec 04, 2022 at 05:06:41PM +0000, Jarkko Sakkinen wrote: > On Mon, Nov 28, 2022 at 08:56:51PM +0100, Jason A. Donenfeld wrote: > > From: Jan Dabros <jsd@semihalf.com> > > > > Currently tpm transactions are executed unconditionally in > > tpm_pm_suspend() function, which may lead to races with other tpm > > accessors in the system. Specifically, the hw_random tpm driver makes > > use of tpm_get_random(), and this function is called in a loop from a > > kthread, which means it's not frozen alongside userspace, and so can > > race with the work done during system suspend: > > > > [ 3.277834] tpm tpm0: tpm_transmit: tpm_recv: error -52 > > [ 3.278437] tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics > > [ 3.278445] CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135 > > [ 3.278450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 > > [ 3.278453] Call Trace: > > [ 3.278458] <TASK> > > [ 3.278460] dump_stack_lvl+0x34/0x44 > > [ 3.278471] tpm_tis_status.cold+0x19/0x20 > > [ 3.278479] tpm_transmit+0x13b/0x390 > > [ 3.278489] tpm_transmit_cmd+0x20/0x80 > > [ 3.278496] tpm1_pm_suspend+0xa6/0x110 > > [ 3.278503] tpm_pm_suspend+0x53/0x80 > > [ 3.278510] __pnp_bus_suspend+0x35/0xe0 > > [ 3.278515] ? pnp_bus_freeze+0x10/0x10 > > [ 3.278519] __device_suspend+0x10f/0x350 > > > > Fix this by calling tpm_try_get_ops(), which itself is a wrapper around > > tpm_chip_start(), but takes the appropriate mutex. > > > > Signed-off-by: Jan Dabros <jsd@semihalf.com> > > Reported-by: Vlastimil Babka <vbabka@suse.cz> > > Tested-by: Jason A. Donenfeld <Jason@zx2c4.com> > > Tested-by: Vlastimil Babka <vbabka@suse.cz> > > Link: https://lore.kernel.org/all/c5ba47ef-393f-1fba-30bd-1230d1b4b592@suse.cz/ > > Cc: stable@vger.kernel.org > > Fixes: e891db1a18bf ("tpm: turn on TPM on suspend for TPM 1.x") > > [Jason: reworked commit message, added metadata] > > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> > > --- > > drivers/char/tpm/tpm-interface.c | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c > > index 1621ce818705..d69905233aff 100644 > > --- a/drivers/char/tpm/tpm-interface.c > > +++ b/drivers/char/tpm/tpm-interface.c > > @@ -401,13 +401,14 @@ int tpm_pm_suspend(struct device *dev) > > !pm_suspend_via_firmware()) > > goto suspended; > > > > - if (!tpm_chip_start(chip)) { > > + rc = tpm_try_get_ops(chip); > > + if (!rc) { > > if (chip->flags & TPM_CHIP_FLAG_TPM2) > > tpm2_shutdown(chip, TPM2_SU_STATE); > > else > > rc = tpm1_pm_suspend(chip, tpm_suspend_pcr); > > > > - tpm_chip_stop(chip); > > + tpm_put_ops(chip); > > } > > > > suspended: > > -- > > 2.38.1 > > > > Hi, sorry for the latency. > > Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git BR, Jarkko
On Sun, Dec 04, 2022 at 05:10:58PM +0000, Jarkko Sakkinen wrote: > On Sun, Dec 04, 2022 at 05:06:41PM +0000, Jarkko Sakkinen wrote: > > On Mon, Nov 28, 2022 at 08:56:51PM +0100, Jason A. Donenfeld wrote: > > > From: Jan Dabros <jsd@semihalf.com> > > > > > > Currently tpm transactions are executed unconditionally in > > > tpm_pm_suspend() function, which may lead to races with other tpm > > > accessors in the system. Specifically, the hw_random tpm driver makes > > > use of tpm_get_random(), and this function is called in a loop from a > > > kthread, which means it's not frozen alongside userspace, and so can > > > race with the work done during system suspend: > > > > > > [ 3.277834] tpm tpm0: tpm_transmit: tpm_recv: error -52 > > > [ 3.278437] tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics > > > [ 3.278445] CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135 > > > [ 3.278450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 > > > [ 3.278453] Call Trace: > > > [ 3.278458] <TASK> > > > [ 3.278460] dump_stack_lvl+0x34/0x44 > > > [ 3.278471] tpm_tis_status.cold+0x19/0x20 > > > [ 3.278479] tpm_transmit+0x13b/0x390 > > > [ 3.278489] tpm_transmit_cmd+0x20/0x80 > > > [ 3.278496] tpm1_pm_suspend+0xa6/0x110 > > > [ 3.278503] tpm_pm_suspend+0x53/0x80 > > > [ 3.278510] __pnp_bus_suspend+0x35/0xe0 > > > [ 3.278515] ? pnp_bus_freeze+0x10/0x10 > > > [ 3.278519] __device_suspend+0x10f/0x350 > > > > > > Fix this by calling tpm_try_get_ops(), which itself is a wrapper around > > > tpm_chip_start(), but takes the appropriate mutex. > > > > > > Signed-off-by: Jan Dabros <jsd@semihalf.com> > > > Reported-by: Vlastimil Babka <vbabka@suse.cz> > > > Tested-by: Jason A. Donenfeld <Jason@zx2c4.com> > > > Tested-by: Vlastimil Babka <vbabka@suse.cz> > > > Link: https://lore.kernel.org/all/c5ba47ef-393f-1fba-30bd-1230d1b4b592@suse.cz/ > > > Cc: stable@vger.kernel.org > > > Fixes: e891db1a18bf ("tpm: turn on TPM on suspend for TPM 1.x") > > > [Jason: reworked commit message, added metadata] > > > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> > > > --- > > > drivers/char/tpm/tpm-interface.c | 5 +++-- > > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > > > diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c > > > index 1621ce818705..d69905233aff 100644 > > > --- a/drivers/char/tpm/tpm-interface.c > > > +++ b/drivers/char/tpm/tpm-interface.c > > > @@ -401,13 +401,14 @@ int tpm_pm_suspend(struct device *dev) > > > !pm_suspend_via_firmware()) > > > goto suspended; > > > > > > - if (!tpm_chip_start(chip)) { > > > + rc = tpm_try_get_ops(chip); > > > + if (!rc) { > > > if (chip->flags & TPM_CHIP_FLAG_TPM2) > > > tpm2_shutdown(chip, TPM2_SU_STATE); > > > else > > > rc = tpm1_pm_suspend(chip, tpm_suspend_pcr); > > > > > > - tpm_chip_stop(chip); > > > + tpm_put_ops(chip); > > > } > > > > > > suspended: > > > -- > > > 2.38.1 > > > > > > > Hi, sorry for the latency. > > > > Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> > > Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git Oh thank goodness. You'll send this in for rc8 today? Jason
On Sun, Dec 04, 2022 at 08:14:31PM +0100, Jason A. Donenfeld wrote: > On Sun, Dec 04, 2022 at 05:10:58PM +0000, Jarkko Sakkinen wrote: > > On Sun, Dec 04, 2022 at 05:06:41PM +0000, Jarkko Sakkinen wrote: > > > On Mon, Nov 28, 2022 at 08:56:51PM +0100, Jason A. Donenfeld wrote: > > > > From: Jan Dabros <jsd@semihalf.com> > > > > > > > > Currently tpm transactions are executed unconditionally in > > > > tpm_pm_suspend() function, which may lead to races with other tpm > > > > accessors in the system. Specifically, the hw_random tpm driver makes > > > > use of tpm_get_random(), and this function is called in a loop from a > > > > kthread, which means it's not frozen alongside userspace, and so can > > > > race with the work done during system suspend: > > > > > > > > [ 3.277834] tpm tpm0: tpm_transmit: tpm_recv: error -52 > > > > [ 3.278437] tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics > > > > [ 3.278445] CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135 > > > > [ 3.278450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 > > > > [ 3.278453] Call Trace: > > > > [ 3.278458] <TASK> > > > > [ 3.278460] dump_stack_lvl+0x34/0x44 > > > > [ 3.278471] tpm_tis_status.cold+0x19/0x20 > > > > [ 3.278479] tpm_transmit+0x13b/0x390 > > > > [ 3.278489] tpm_transmit_cmd+0x20/0x80 > > > > [ 3.278496] tpm1_pm_suspend+0xa6/0x110 > > > > [ 3.278503] tpm_pm_suspend+0x53/0x80 > > > > [ 3.278510] __pnp_bus_suspend+0x35/0xe0 > > > > [ 3.278515] ? pnp_bus_freeze+0x10/0x10 > > > > [ 3.278519] __device_suspend+0x10f/0x350 > > > > > > > > Fix this by calling tpm_try_get_ops(), which itself is a wrapper around > > > > tpm_chip_start(), but takes the appropriate mutex. > > > > > > > > Signed-off-by: Jan Dabros <jsd@semihalf.com> > > > > Reported-by: Vlastimil Babka <vbabka@suse.cz> > > > > Tested-by: Jason A. Donenfeld <Jason@zx2c4.com> > > > > Tested-by: Vlastimil Babka <vbabka@suse.cz> > > > > Link: https://lore.kernel.org/all/c5ba47ef-393f-1fba-30bd-1230d1b4b592@suse.cz/ > > > > Cc: stable@vger.kernel.org > > > > Fixes: e891db1a18bf ("tpm: turn on TPM on suspend for TPM 1.x") > > > > [Jason: reworked commit message, added metadata] > > > > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> > > > > --- > > > > drivers/char/tpm/tpm-interface.c | 5 +++-- > > > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > > > > > diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c > > > > index 1621ce818705..d69905233aff 100644 > > > > --- a/drivers/char/tpm/tpm-interface.c > > > > +++ b/drivers/char/tpm/tpm-interface.c > > > > @@ -401,13 +401,14 @@ int tpm_pm_suspend(struct device *dev) > > > > !pm_suspend_via_firmware()) > > > > goto suspended; > > > > > > > > - if (!tpm_chip_start(chip)) { > > > > + rc = tpm_try_get_ops(chip); > > > > + if (!rc) { > > > > if (chip->flags & TPM_CHIP_FLAG_TPM2) > > > > tpm2_shutdown(chip, TPM2_SU_STATE); > > > > else > > > > rc = tpm1_pm_suspend(chip, tpm_suspend_pcr); > > > > > > > > - tpm_chip_stop(chip); > > > > + tpm_put_ops(chip); > > > > } > > > > > > > > suspended: > > > > -- > > > > 2.38.1 > > > > > > > > > > Hi, sorry for the latency. > > > > > > Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> > > > > Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git > > Oh thank goodness. You'll send this in for rc8 today? for 6.2-rc1 BR, Jarkko
On 12/8/22 10:23, Jarkko Sakkinen wrote: > On Sun, Dec 04, 2022 at 08:14:31PM +0100, Jason A. Donenfeld wrote: >> > >> > Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git >> >> Oh thank goodness. You'll send this in for rc8 today? > > for 6.2-rc1 Linus took it directly to rc8, so it would conflict now. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.1-rc8&id=23393c6461422df5bf8084a086ada9a7e17dc2ba > BR, Jarkko
On Thu, Dec 08, 2022 at 11:51:24AM +0100, Vlastimil Babka wrote: > On 12/8/22 10:23, Jarkko Sakkinen wrote: > > On Sun, Dec 04, 2022 at 08:14:31PM +0100, Jason A. Donenfeld wrote: > >> > > >> > Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git > >> > >> Oh thank goodness. You'll send this in for rc8 today? > > > > for 6.2-rc1 > > Linus took it directly to rc8, so it would conflict now. > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.1-rc8&id=23393c6461422df5bf8084a086ada9a7e17dc2ba Thanks for the remark! BR, Jarkko
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 1621ce818705..d69905233aff 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -401,13 +401,14 @@ int tpm_pm_suspend(struct device *dev) !pm_suspend_via_firmware()) goto suspended; - if (!tpm_chip_start(chip)) { + rc = tpm_try_get_ops(chip); + if (!rc) { if (chip->flags & TPM_CHIP_FLAG_TPM2) tpm2_shutdown(chip, TPM2_SU_STATE); else rc = tpm1_pm_suspend(chip, tpm_suspend_pcr); - tpm_chip_stop(chip); + tpm_put_ops(chip); } suspended: