| Message ID | 20240131170824.6183-4-dpsmith@apertussolutions.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel+bounces-46877-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7301:2087:b0:106:209c:c626 with SMTP id
gs7csp2033182dyb;
Wed, 31 Jan 2024 09:11:48 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IHZsDFY8a7vwWQOKa1pb3s8CT3AbgOvWRKuHynuodqZXkrf1/hgkOdtRaQrJHzSc+BRD4s3
X-Received: by 2002:a05:622a:1007:b0:42a:b360:fcce with SMTP id
d7-20020a05622a100700b0042ab360fccemr3106047qte.23.1706721107797;
Wed, 31 Jan 2024 09:11:47 -0800 (PST)
ARC-Seal: i=3; a=rsa-sha256; t=1706721107; cv=pass;
d=google.com; s=arc-20160816;
b=zPiO4uPmWxt7n12fXiDqW5+S8nmDz+gaQkKwGrdTKjaZpBd9qrZG69gqRFZOWSyCJ4
ihOKAeZLkRy8oxXQXnR9awlq8j7hlExML7K0drmztmqAQWe+Fcdh19nxvb9Lr8BDqLLx
Cbha0xXcBiuGBTmc1PikDZW1vDEyvNnLCsmTkrv4KTopHsqevABDHSMs83hf8b1olpTE
Uwmnl0/BnTAT7dSxi7Z6vqpJjiHEfxT9eM/0y0woQzPayK5GPSO7ucwyzYYTeR2iPs/W
hBp2vnZxIace2FFNDlwda3/gzaZkcktYRL6AzdddAfNXSuJrzmLo3yEu/2T4Fn0RlEuo
z/Qw==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=content-transfer-encoding:mime-version:list-unsubscribe
:list-subscribe:list-id:precedence:references:in-reply-to:message-id
:date:subject:cc:to:from:dkim-signature:delivered-to;
bh=oisGpTWFjqHAtfqypalRiEg2UzjE5idBdPhb3LBh9zU=;
fh=tHancUy5/7HF19x+iAj+CT3y/APykZ8yX543tM97gD0=;
b=wG4Y+K3Yb5mVTYh+RrSXuMh77iOW4O5IWR7nBz6X3/gONYYfqFYPzZ+h0qrNLBpJkp
6NDrugL/5jlRRTGBTiC9Y0cjrXveF3ix+SmWw6S8JGByzHlaXo/zJkyqlDCP83ar6Koc
5UIJG9+K93BFjwujY6/+cWow7fdxhilKUJYU9xvLVryO95tkzRnYJtcRoWZLGfjIChHS
tk3Y8NsaWQdd22ztNG3Qq159G1u+KsQdC7a5H3UoyNtRRFKyaCxHB3KhClTZCLlvR2CP
KtO7HjoObT1OnuhW0UXZdfP6NDcjh4WNkuDkBUWlz0KWNYXjjE6VrMnbmKjvzqkxY8HA
3w1w==;
dara=google.com
ARC-Authentication-Results: i=3; mx.google.com;
dkim=pass header.i=@apertussolutions.com header.s=zoho
header.b="eISNC/Lz";
arc=pass (i=2 spf=pass spfdomain=apertussolutions.com dkim=pass
dkdomain=apertussolutions.com);
spf=pass (google.com: domain of
linux-kernel+bounces-46877-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:45d1:ec00::1 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-46877-ouuuleilei=gmail.com@vger.kernel.org"
X-Forwarded-Encrypted: i=2;
AJvYcCUpJ9MWzsJygNRRY1c5+JFrvx0/eokFk/IqV+ONENL23YfIR9/3t0XR0jRWAsC5A6A+yCUgbM6sjGLpZsE3VEs3PwXXIA==
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org.
[2604:1380:45d1:ec00::1])
by mx.google.com with ESMTPS id
bp6-20020a05622a1b8600b0042b218f14f1si3421385qtb.647.2024.01.31.09.11.47
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 31 Jan 2024 09:11:47 -0800 (PST)
Received-SPF: pass (google.com: domain of
linux-kernel+bounces-46877-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
dkim=pass header.i=@apertussolutions.com header.s=zoho
header.b="eISNC/Lz";
arc=pass (i=2 spf=pass spfdomain=apertussolutions.com dkim=pass
dkdomain=apertussolutions.com);
spf=pass (google.com: domain of
linux-kernel+bounces-46877-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:45d1:ec00::1 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-46877-ouuuleilei=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
[52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ny.mirrors.kernel.org (Postfix) with ESMTPS id 95B671C216F1
for <ouuuleilei@gmail.com>; Wed, 31 Jan 2024 17:11:47 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id A6778135A65;
Wed, 31 Jan 2024 17:09:11 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=apertussolutions.com
header.i=dpsmith@apertussolutions.com header.b="eISNC/Lz"
Received: from sender4-of-o50.zoho.com (sender4-of-o50.zoho.com
[136.143.188.50])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6B91112CDAB;
Wed, 31 Jan 2024 17:09:07 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=pass smtp.client-ip=136.143.188.50
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1706720949; cv=pass;
b=T0O8fjpK/9w6CYh2+leekEdr+lFNg0HI3jjgPw0wgCCTAUaIZN9/emNqKd31fiMEzwPj6DUsrK6nojWtSwRRSCQhhUL9b3Z3nGmsz/AeXZ5LbJllmDZGRasg1maWKKrHFwW6GvFEsEvjU4h6NWcEp71vcrXSOcQ9HU8J0/RwY7o=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1706720949; c=relaxed/simple;
bh=trM7msgFSArPjPrDsbJnOiFND6qGuUZ3YFCmeWhK78U=;
h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
MIME-Version;
b=Xw1XzEUtJqlWGefjRadPw8SQTFihQY1IMzpP7+RUhHLPs15uyVzffBqb1adwaYQW5vxaVGqgar2WnHn1RMsomeZWIq5wdV8k2L/OIvU8Zb8HqIshtXtraIDEYD/3VsuKADsdq8qIbcMKV5wgI9Cckz6V054LH7JeKRCDnP/XSHc=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
dmarc=none (p=none dis=none) header.from=apertussolutions.com;
spf=pass smtp.mailfrom=apertussolutions.com;
dkim=pass (1024-bit key) header.d=apertussolutions.com
header.i=dpsmith@apertussolutions.com header.b=eISNC/Lz;
arc=pass smtp.client-ip=136.143.188.50
Authentication-Results: smtp.subspace.kernel.org;
dmarc=none (p=none dis=none) header.from=apertussolutions.com
Authentication-Results: smtp.subspace.kernel.org;
spf=pass smtp.mailfrom=apertussolutions.com
Delivered-To: dpsmith@apertussolutions.com
ARC-Seal: i=1; a=rsa-sha256; t=1706720920; cv=none;
d=zohomail.com; s=zohoarc;
b=PNN1/Biy48y5Kta70ks1MYvS51v2IjkqawXWdzI++/D9OtAgn/Ni3UrU4XXUpSYL5EgaDpwGI+G6ASISPtunVQXy2RE8z2jYD44qoPU10QsL8GmVsyiqvtvY94Js8qXOgcRr9MZ2fPwNxC7uTHjgwi0eW9fQ31ci2vK+JWkPrJs=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
s=zohoarc;
t=1706720920;
h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To;
bh=oisGpTWFjqHAtfqypalRiEg2UzjE5idBdPhb3LBh9zU=;
b=m8r5EFVqBaR9jLnuARSgDyHu3exFMmVu40uPCctDAO5NgzFJUqPLOMN6Mr+52hjIJP/3a5lA79N88l8Enkop9RV+SIvXWJP5CH8OEbqoGhvHMYxevHwpfICzOYbNj3Eoa0YFNHppQR/AwBeEddxZeY6vFX2f42ksmvYf7c3hzwE=
ARC-Authentication-Results: i=1; mx.zohomail.com;
dkim=pass header.i=apertussolutions.com;
spf=pass smtp.mailfrom=dpsmith@apertussolutions.com;
dmarc=pass header.from=<dpsmith@apertussolutions.com>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1706720920;
s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com;
h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Reply-To;
bh=oisGpTWFjqHAtfqypalRiEg2UzjE5idBdPhb3LBh9zU=;
b=eISNC/LzWk1CAU88clvqoeCIBlQfQmDJpqjp39np/pyvPIV10RakmWMjssapiZhe
mN0j9grEHlVjZo9s+1LsyemfPet8SnkP+pjVlww43PxseUbqbFnFjpb6cTA5BeWeTVt
km6K82n3tniVMj1cMWadWx7JZ1dy8tjsmIjbughk=
Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net
[72.81.132.2]) by mx.zohomail.com
with SMTPS id 1706720919703416.7846206921556;
Wed, 31 Jan 2024 09:08:39 -0800 (PST)
From: "Daniel P. Smith" <dpsmith@apertussolutions.com>
To: Jason Gunthorpe <jgg@ziepe.ca>,
linux-integrity@vger.kernel.org,
linux-kernel@vger.kernel.org
Cc: "Daniel P. Smith" <dpsmith@apertussolutions.com>,
Ross Philipson <ross.philipson@oracle.com>,
Peter Huewe <peterhuewe@gmx.de>,
Jarkko Sakkinen <jarkko@kernel.org>
Subject: [PATCH 3/3] tpm: make locality request return value consistent
Date: Wed, 31 Jan 2024 12:08:23 -0500
Message-Id: <20240131170824.6183-4-dpsmith@apertussolutions.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20240131170824.6183-1-dpsmith@apertussolutions.com>
References: <20240131170824.6183-1-dpsmith@apertussolutions.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-ZohoMailClient: External
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1789626792389341184
X-GMAIL-MSGID: 1789626792389341184
|
| Series |
[1/3] tpm: protect against locality counter underflow
|
|
Commit Message
Daniel P. Smith
Jan. 31, 2024, 5:08 p.m. UTC
The function tpm_tis_request_locality() is expected to return the locality value that was requested, or a negative error code upon failure. If it is called while locality_count of struct tis_data is non-zero, no actual locality request will be sent. Because the ret variable is initially set to 0, the locality_count will still get increased, and the function will return 0. For a caller, this would indicate that locality 0 was successfully requested and not the state changes just mentioned. Additionally, the function __tpm_tis_request_locality() provides inconsistent error codes. It will provide either a failed IO write or a -1 should it have timed out waiting for locality request to succeed. This commit changes __tpm_tis_request_locality() to return valid negative error codes to reflect the reason it fails. It then adjusts the return value check in tpm_tis_request_locality() to check for a non-negative return value before incrementing locality_cout. In addition, the initial value of the ret value is set to a negative error to ensure the check does not pass if __tpm_tis_request_locality() is not called. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> Signed-off-by: Ross Philipson <ross.philipson@oracle.com> --- drivers/char/tpm/tpm_tis_core.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-)
Comments
On Wed Jan 31, 2024 at 7:08 PM EET, Daniel P. Smith wrote: > The function tpm_tis_request_locality() is expected to return the locality > value that was requested, or a negative error code upon failure. If it is called > while locality_count of struct tis_data is non-zero, no actual locality request > will be sent. Because the ret variable is initially set to 0, the > locality_count will still get increased, and the function will return 0. For a > caller, this would indicate that locality 0 was successfully requested and not > the state changes just mentioned. > > Additionally, the function __tpm_tis_request_locality() provides inconsistent > error codes. It will provide either a failed IO write or a -1 should it have > timed out waiting for locality request to succeed. > > This commit changes __tpm_tis_request_locality() to return valid negative error > codes to reflect the reason it fails. It then adjusts the return value check in > tpm_tis_request_locality() to check for a non-negative return value before > incrementing locality_cout. In addition, the initial value of the ret value is > set to a negative error to ensure the check does not pass if > __tpm_tis_request_locality() is not called. This is way way too abtract explanation and since I don't honestly understand what I'm reading, the code changes look bunch of arbitrary changes with no sound logic as a whole. Please do not add more text to it. Instead write something more understandable. Again, we would need a legit scenario for each and any return value change.<F49> BR, Jarkko
On 2/1/24 17:49, Jarkko Sakkinen wrote: > On Wed Jan 31, 2024 at 7:08 PM EET, Daniel P. Smith wrote: >> The function tpm_tis_request_locality() is expected to return the locality >> value that was requested, or a negative error code upon failure. If it is called >> while locality_count of struct tis_data is non-zero, no actual locality request >> will be sent. Because the ret variable is initially set to 0, the >> locality_count will still get increased, and the function will return 0. For a >> caller, this would indicate that locality 0 was successfully requested and not >> the state changes just mentioned. >> >> Additionally, the function __tpm_tis_request_locality() provides inconsistent >> error codes. It will provide either a failed IO write or a -1 should it have >> timed out waiting for locality request to succeed. >> >> This commit changes __tpm_tis_request_locality() to return valid negative error >> codes to reflect the reason it fails. It then adjusts the return value check in >> tpm_tis_request_locality() to check for a non-negative return value before >> incrementing locality_cout. In addition, the initial value of the ret value is >> set to a negative error to ensure the check does not pass if >> __tpm_tis_request_locality() is not called. > > This is way way too abtract explanation and since I don't honestly > understand what I'm reading, the code changes look bunch of arbitrary > changes with no sound logic as a whole. In more simpler terms, the interface is inconsistent with its return values. To be specific, here are the sources for the possible values tpm_tis_request_locality() will return: 1. 0 - 4: _tpm_tis_request_locality() was able to set the locality 2. 0: a locality already open, no locality request made 3. -1: if timeout happens in __tpm_tis_request_locality() 4. -EINVAL: unlikely, return by IO write for incorrect sized write As can easily be seen, tpm_tis_request_locality() will return 0 for both a successful(1) and non-successful request(2). And to be explicit for (2), if tpm_tis_request_locality is called for a non-zero locality and the locality counter is not zero, it will return 0. Thus, making the value 0 reflect as success when locality 0 is successfully requested and as failure when a locality is requested with a locality already open. As for failures, correct me if I am wrong, but if a function is returning negative error codes, it should not be using a hard coded -1 as a generic error code. As I note, it is unlikely for the -EINVAL to be delivered, but the code path is still available should something in the future change the backing call logic. After this change, the possible return values for tpm_tis_request_locality() become: 1. 0 - 4: the locality that was successfully requested 2. -EBUSY: tpm busy, unable to request locality 3. -EINVAL: invalid parameter With this more consistent interface, I updated the return value checks at the call sites to check for negative error as the means to catch failures. v/r, dps
On Mon Feb 19, 2024 at 8:29 PM UTC, Daniel P. Smith wrote: > On 2/1/24 17:49, Jarkko Sakkinen wrote: > > On Wed Jan 31, 2024 at 7:08 PM EET, Daniel P. Smith wrote: > >> The function tpm_tis_request_locality() is expected to return the locality > >> value that was requested, or a negative error code upon failure. If it is called > >> while locality_count of struct tis_data is non-zero, no actual locality request > >> will be sent. Because the ret variable is initially set to 0, the > >> locality_count will still get increased, and the function will return 0. For a > >> caller, this would indicate that locality 0 was successfully requested and not > >> the state changes just mentioned. > >> > >> Additionally, the function __tpm_tis_request_locality() provides inconsistent > >> error codes. It will provide either a failed IO write or a -1 should it have > >> timed out waiting for locality request to succeed. > >> > >> This commit changes __tpm_tis_request_locality() to return valid negative error > >> codes to reflect the reason it fails. It then adjusts the return value check in > >> tpm_tis_request_locality() to check for a non-negative return value before > >> incrementing locality_cout. In addition, the initial value of the ret value is > >> set to a negative error to ensure the check does not pass if > >> __tpm_tis_request_locality() is not called. > > > > This is way way too abtract explanation and since I don't honestly > > understand what I'm reading, the code changes look bunch of arbitrary > > changes with no sound logic as a whole. > > In more simpler terms, the interface is inconsistent with its return > values. To be specific, here are the sources for the possible values > tpm_tis_request_locality() will return: > 1. 0 - 4: _tpm_tis_request_locality() was able to set the locality > 2. 0: a locality already open, no locality request made > 3. -1: if timeout happens in __tpm_tis_request_locality() > 4. -EINVAL: unlikely, return by IO write for incorrect sized write > > As can easily be seen, tpm_tis_request_locality() will return 0 for both > a successful(1) and non-successful request(2). And to be explicit for > (2), if tpm_tis_request_locality is called for a non-zero locality and > the locality counter is not zero, it will return 0. Thus, making the > value 0 reflect as success when locality 0 is successfully requested and > as failure when a locality is requested with a locality already open. > > As for failures, correct me if I am wrong, but if a function is > returning negative error codes, it should not be using a hard coded -1 > as a generic error code. As I note, it is unlikely for the -EINVAL to be > delivered, but the code path is still available should something in the > future change the backing call logic. > > After this change, the possible return values for > tpm_tis_request_locality() become: > 1. 0 - 4: the locality that was successfully requested > 2. -EBUSY: tpm busy, unable to request locality > 3. -EINVAL: invalid parameter > > With this more consistent interface, I updated the return value checks > at the call sites to check for negative error as the means to catch > failures. For all commits: your responses to my queries have much more to the point information and buy-in than the original commit messages. So for next version I would take them and edit a bit and then this all makes much much more sense. Thank you. > > v/r, > dps BR, Jarkko
On 19.02.2024 21:29, Daniel P. Smith wrote: > On 2/1/24 17:49, Jarkko Sakkinen wrote: >> On Wed Jan 31, 2024 at 7:08 PM EET, Daniel P. Smith wrote: >>> The function tpm_tis_request_locality() is expected to return the >>> locality >>> value that was requested, or a negative error code upon failure. If >>> it is called >>> while locality_count of struct tis_data is non-zero, no actual >>> locality request >>> will be sent. Because the ret variable is initially set to 0, the >>> locality_count will still get increased, and the function will return >>> 0. For a >>> caller, this would indicate that locality 0 was successfully >>> requested and not >>> the state changes just mentioned. >>> >>> Additionally, the function __tpm_tis_request_locality() provides >>> inconsistent >>> error codes. It will provide either a failed IO write or a -1 should >>> it have >>> timed out waiting for locality request to succeed. >>> >>> This commit changes __tpm_tis_request_locality() to return valid >>> negative error >>> codes to reflect the reason it fails. It then adjusts the return >>> value check in >>> tpm_tis_request_locality() to check for a non-negative return value >>> before >>> incrementing locality_cout. In addition, the initial value of the ret >>> value is >>> set to a negative error to ensure the check does not pass if >>> __tpm_tis_request_locality() is not called. >> >> This is way way too abtract explanation and since I don't honestly >> understand what I'm reading, the code changes look bunch of arbitrary >> changes with no sound logic as a whole. > > In more simpler terms, the interface is inconsistent with its return > values. To be specific, here are the sources for the possible values > tpm_tis_request_locality() will return: > 1. 0 - 4: _tpm_tis_request_locality() was able to set the locality > 2. 0: a locality already open, no locality request made > 3. -1: if timeout happens in __tpm_tis_request_locality() > 4. -EINVAL: unlikely, return by IO write for incorrect sized write > > As can easily be seen, tpm_tis_request_locality() will return 0 for both > a successful(1) and non-successful request(2). And to be explicit for > (2), if tpm_tis_request_locality is called for a non-zero locality and > the locality counter is not zero, it will return 0. Thus, making the > value 0 reflect as success when locality 0 is successfully requested and > as failure when a locality is requested with a locality already open. There is a potential problem here, but I think it is slightly different from what you describe: Currently, the kernel uses only locality 0, so case 1 and 2 are indistinguishable for the caller. Getting a return value of 0 simply means that the requested locality is now active. The callers don't care whether it had already been active before or not, so it is not a problem that the callers cannot distinguish case 1 and 2, and a return value of 0 always indicates "success". It might only become a problem once you make the kernel use localities != 0. Then a caller can get either 0 as the return value (if the locality was already active before) or the requested locality, and both values mean "success". In practice, this shouldn't cause any problems as far as I can tell, because all existing callers either check only for failures (negative return values), e.g. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/char/tpm/tpm_tis_core.c?h=v6.8-rc5#n1214, or explicitly request locality 0 and check for a return value of 0, e.g. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/char/tpm/tpm_tis_core.c?h=v6.8-rc5#n750. There is no caller that would be confused by case 2 because it requests an arbitrary locality and always expects that locality to be returned in order to indiciate "success". Still, such an inconsistency is not nice and should be fixed, but if I read your patch correctly, this is not what it does: In tpm_tis_request_locality(), you initialize ret with -EBUSY. For locality_count != 0, you never assign to ret again and therefore return -EBUSY, even though the locality is active and can be used. The correct fix would be to initialize ret with l, so that no error is returned in such cases. > As for failures, correct me if I am wrong, but if a function is > returning negative error codes, it should not be using a hard coded -1 > as a generic error code. As I note, it is unlikely for the -EINVAL to be > delivered, but the code path is still available should something in the > future change the backing call logic. > > After this change, the possible return values for > tpm_tis_request_locality() become: > 1. 0 - 4: the locality that was successfully requested > 2. -EBUSY: tpm busy, unable to request locality > 3. -EINVAL: invalid parameter > > With this more consistent interface, I updated the return value checks > at the call sites to check for negative error as the means to catch > failures. > > v/r, > dps >
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index 5709f87991d9..352fefc07823 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -208,7 +208,7 @@ static int __tpm_tis_request_locality(struct tpm_chip *chip, int l) again: timeout = stop - jiffies; if ((long)timeout <= 0) - return -1; + return -EBUSY; rc = wait_event_interruptible_timeout(priv->int_queue, (check_locality (chip, l)), @@ -227,18 +227,21 @@ static int __tpm_tis_request_locality(struct tpm_chip *chip, int l) tpm_msleep(TPM_TIMEOUT); } while (time_before(jiffies, stop)); } - return -1; + return -EBUSY; } static int tpm_tis_request_locality(struct tpm_chip *chip, int l) { struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); - int ret = 0; + int ret = -EBUSY; + + if (l < 0 || l > TPM_MAX_LOCALITY) + return -EINVAL; mutex_lock(&priv->locality_count_mutex); if (priv->locality_count == 0) ret = __tpm_tis_request_locality(chip, l); - if (!ret) + if (ret >= 0) priv->locality_count++; mutex_unlock(&priv->locality_count_mutex); return ret;