From patchwork Tue May 2 01:15:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 89222 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp286914vqo; Mon, 1 May 2023 18:25:52 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5tb2G8fy35xpsyfC4FLSqA15GqC5KiDyn1E2MvgyVh8Hhuds1KU948NkT8Oh+Qiz6CgA4H X-Received: by 2002:a05:6a21:32a2:b0:f0:5d68:e977 with SMTP id yt34-20020a056a2132a200b000f05d68e977mr24744312pzb.9.1682990752371; Mon, 01 May 2023 18:25:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682990752; cv=none; d=google.com; s=arc-20160816; b=QnMS+VZBjikdfyJS42IFyj+0vD80Ox1AqyvHxxGiUd2sNyCFEXK+hUlhcGFyYAyRTm 9AyYKzTf4jGHe6PwTOxYZFmNqzA5lmcSjNqspb8JG+lkVbYCefnNwpfnkzvswVXrRu4B 3OCBcRzSlpt3t/5C9t+xA0INUVmSOVNrDgyHllieBQ/wsIZWc75GE9IsD8O003NEb/0o k37e7ZhDxDi4n3nBt/s7+J0x9+EQxyF1Qx6vfbKKxFwDCDGAUAJQC0hYPpOyLfNo+LoT hl0zVebcLhXxoRbiEEdwvMmRuuVpzhFM8rRkhkNWdpbzis134kMHNPmYgmNRyWT8amkL h9wA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Co7LsfI8ju4s11Z6mGDBGGVj+O1EQtz0k3kw62g9CJw=; b=xySQvmI1URzfBK0PAX5vgR+0gAKFyIMqt94LyRkiKO6sSHzXaCACcD1ML//+D9MCFW bMNfcfIxu8ufcP6kuEJEr2YxwPzoKLRcYpcBwCcjE8Iqm59ou4Etvu6GCOnEQl8EYaCs KstvUUEbVY9AceshbpTvVs8v5EXC2nTW4O4yxWmO/PjlPmxMu6JKse93eSRsck803bKs tlN7Yqjl8BFdcuMa7HliM3rYTD3bI5zh9N/ULrNw5isrdPWQ61GrWT0FSLfTM6Fk+chE /xNqPdWDufR9Bci0WfLRYx691fZMdDFwQO7oCqlNsES+/M9jApTi9yFPYQw5MG9H+F5n IMkg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=tnImXpIi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r19-20020a63fc53000000b00520c7b6b833si28437719pgk.161.2023.05.01.18.25.37; Mon, 01 May 2023 18:25:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=tnImXpIi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233396AbjEBBQQ (ORCPT + 99 others); Mon, 1 May 2023 21:16:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58292 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233368AbjEBBQN (ORCPT ); Mon, 1 May 2023 21:16:13 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 400243AAB; Mon, 1 May 2023 18:16:12 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 6AF1461BCB; Tue, 2 May 2023 01:16:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7A88AC433EF; Tue, 2 May 2023 01:16:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1682990170; bh=eXbsWUEm5rfH7tVRp1FkbSx71ul691d63mXN77lfDz0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tnImXpIiGPwCS/61hLJyR6mv9N2a6EsMlKFONkoymo3eF1AaqQduOEUH6qFr4B4PJ Mmkoxc5/qGkbVyGYX3/b1RAVxpfta6Gk9mNyhV11uswntuML03E6kzPU+OzPmBgwWz LwJbFDoWbRyd4MANlemsvKMKgw+ikximDAM5T5oIntgT/0pPllejl0ZKctL/C/ENtn laJINLPrVvo4HekZBfUpM7zF8lgcVuB5Rdvz5Z/HaUGY/hqi+3TaIRE4/SQKZkrY1K qxRp2noTUaMcyfAVZuqfALNuq+P77qXiDNupX20WnQ2qLC4zwM5SXkR7w2eGXjaWy+ n3+MNrpbu2S/A== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Jarkko Sakkinen , Vlastimil Babka , "Jason A . Donenfeld" , Jason Gunthorpe , Jerry Snitselaar , stable@vger.kernel.org Subject: [PATCH v2 1/2] tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume Date: Tue, 2 May 2023 04:15:57 +0300 Message-Id: <20230502011558.10743-2-jarkko@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230502011558.10743-1-jarkko@kernel.org> References: <20230502011558.10743-1-jarkko@kernel.org> MIME-Version: 1.0 X-Spam-Status: No, score=-7.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1764743711465654552?= X-GMAIL-MSGID: =?utf-8?q?1764743711465654552?= Before sending a TPM command, CLKRUN protocol must be disabled. This is not done in the case of tpm1_do_selftest() call site inside tpm_tis_resume(). Address this by decorating the calls with tpm_chip_{start,stop}, which should be always used to arm and disarm the TPM chip for transmission. Finally, move the call to the main TPM driver callback as the last step because it should arm the chip by itself, if it needs that type of functionality. Cc: stable@vger.kernel.org Reported-by: Jason A. Donenfeld Closes: https://lore.kernel.org/linux-integrity/CS68AWILHXS4.3M36M1EKZLUMS@suppilovahvero/ Fixes: a3fbfae82b4c ("tpm: take TPM chip power gating out of tpm_transmit()") Reviewed-by: Jerry Snitselaar Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm_tis_core.c | 43 +++++++++++++++------------------ 1 file changed, 19 insertions(+), 24 deletions(-) diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index 02945d53fcef..558144fa707a 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -1209,25 +1209,20 @@ static void tpm_tis_reenable_interrupts(struct tpm_chip *chip) u32 intmask; int rc; - if (chip->ops->clk_enable != NULL) - chip->ops->clk_enable(chip, true); - - /* reenable interrupts that device may have lost or - * BIOS/firmware may have disabled + /* + * Re-enable interrupts that device may have lost or BIOS/firmware may + * have disabled. */ rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), priv->irq); - if (rc < 0) - goto out; + if (rc < 0) { + dev_err(&chip->dev, "Setting IRQ failed.\n"); + return; + } intmask = priv->int_mask | TPM_GLOBAL_INT_ENABLE; - - tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask); - -out: - if (chip->ops->clk_enable != NULL) - chip->ops->clk_enable(chip, false); - - return; + rc = tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask); + if (rc < 0) + dev_err(&chip->dev, "Enabling interrupts failed.\n"); } int tpm_tis_resume(struct device *dev) @@ -1235,27 +1230,27 @@ int tpm_tis_resume(struct device *dev) struct tpm_chip *chip = dev_get_drvdata(dev); int ret; - ret = tpm_tis_request_locality(chip, 0); - if (ret < 0) + ret = tpm_chip_start(chip); + if (ret) return ret; if (chip->flags & TPM_CHIP_FLAG_IRQ) tpm_tis_reenable_interrupts(chip); - ret = tpm_pm_resume(dev); - if (ret) - goto out; - /* * TPM 1.2 requires self-test on resume. This function actually returns * an error code but for unknown reason it isn't handled. */ if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) tpm1_do_selftest(chip); -out: - tpm_tis_relinquish_locality(chip, 0); - return ret; + tpm_chip_stop(chip); + + ret = tpm_pm_resume(dev); + if (ret) + return ret; + + return 0; } EXPORT_SYMBOL_GPL(tpm_tis_resume); #endif From patchwork Tue May 2 01:15:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 89223 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp287261vqo; Mon, 1 May 2023 18:26:35 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6/QUVW2YwUcfUAOjnAFrnBfU/i4Q5jL0y+lltbM1xiWbE+7XXtvWwv8fE7fDGY81eZ3qHI X-Received: by 2002:a05:6a20:4309:b0:f0:515d:1742 with SMTP id h9-20020a056a20430900b000f0515d1742mr20405409pzk.53.1682990795034; Mon, 01 May 2023 18:26:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682990795; cv=none; d=google.com; s=arc-20160816; b=XX+AfD5d/KLFIvhP6EfT7BlA/oBnG/FHaujbqCY4l0lPxt5pch/0sT4dtcnNeRRZVQ 68iNn+K6afpnTiNy67dpmoNQXP7lMBmL/cf8k9/yIBuOqj8DUc2qUwwDU0IfSU3E7nw4 5o3Xlsv9sfTwpLzdVmEHbnZbeUqg7nqfr2CqnuZZVfpBBtpVZhi3PWU+8ERATTrX11hg 6fG0YUkEhBFpxlnHCfu+TKr/vE63bK8inBMFgsNcZzlePIpRogv5BKBj37miIqBTi3/v Mkt37JQbFr9bj3f6cjV5qgPg0ha6hDn7xEZSbvMBctO7rSkYAGWsCXGA8GDEQyRLUmLu f/IQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=1um58xZnC+f7ac/hyHdVabf3bpzgdVN9gh0KO4xKFfc=; b=aqsYfvQXnXNJ0CSrOEA03E9aopDBpQUvosmHx1uz2D73AgyS78Q+IgwNPlz8A4fqU+ DxE4e3RtqP+TQ6Us2f3POgIWVlwT6Ry24xwbeUqQiEk9XbbC7zaGbIX1J1zo/j+pvC5X szZ0La4XFexrMB+f7OvmAv0darMW5IElq/TCTTx40DZ6pKXqr5t+g9S1qx0zadFr0qyw eXYNgpb1VIx6q7bnjSR3bnlyGQkniDpIHibSQOrkb30R7oG44UcoJtv9xC78nQdqy4dP /wngWH9s0ii7k2IlOWe1+BDlJ07HYFAwVLUFyAT21PEd+xukCXAHeYJ2ZkdDHsuK+jeE 8WDA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Yz+c4M9j; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r19-20020a63fc53000000b00520c7b6b833si28437719pgk.161.2023.05.01.18.26.20; Mon, 01 May 2023 18:26:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Yz+c4M9j; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233418AbjEBBQT (ORCPT + 99 others); Mon, 1 May 2023 21:16:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58342 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233390AbjEBBQQ (ORCPT ); Mon, 1 May 2023 21:16:16 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D1AB840F0; Mon, 1 May 2023 18:16:14 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 52A8561BCB; Tue, 2 May 2023 01:16:14 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5F6FCC433EF; Tue, 2 May 2023 01:16:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1682990173; bh=jw3tryjtZVR59Kgi2CPEHZnInV3fijXsH621FDHqksc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Yz+c4M9joX6zWN1bbjXLkOeBSzz8DYu6sRahMvg1Fn4IK7HBLCXzp7r1TD2BJoPWP NaKp45phmW9T1Q8qI4e/rp4pIeZibRVuKf9j/ZUinwU/HbCio4r3MsveQ2KhOvKGvZ qnyjXe10jUq/7r+rg7skmGyPLZngt/hK3bRCvPaswHe6ERIDJ1NLC6NUx+0ck6QE0F azfedMeoi58IKzbHv64oLR0HRgm08moVUV+IHhPpy3OFsQZtxbP1oFFzvkIWxmMfkP 4Mc7+1WxTkidJ/mEX8aeGVhIA4+wxkFdphHXLrhinajORTpG2zjshygfx1BvG4UH24 wGjNPCYO+r5Dg== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Jarkko Sakkinen , Vlastimil Babka , "Jason A . Donenfeld" , Jason Gunthorpe , Jerry Snitselaar , stable@vger.kernel.org Subject: [PATCH v2 2/2] tpm: Prevent hwrng from activating during resume Date: Tue, 2 May 2023 04:15:58 +0300 Message-Id: <20230502011558.10743-3-jarkko@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230502011558.10743-1-jarkko@kernel.org> References: <20230502011558.10743-1-jarkko@kernel.org> MIME-Version: 1.0 X-Spam-Status: No, score=-7.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1764743755843160590?= X-GMAIL-MSGID: =?utf-8?q?1764743755843160590?= Set TPM_CHIP_FLAG_SUSPENDED in tpm_pm_suspend() and reset in tpm_pm_resume(). While the flag is set, tpm_hwrng() gives back zero bytes. This prevents hwrng from racing during resume. Cc: stable@vger.kernel.org Fixes: 6e592a065d51 ("tpm: Move Linux RNG connection to hwrng") Reviewed-by: Jerry Snitselaar Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm-chip.c | 4 ++++ drivers/char/tpm/tpm-interface.c | 10 ++++++++++ include/linux/tpm.h | 1 + 3 files changed, 15 insertions(+) diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c index c10a4aa97373..cd48033b804a 100644 --- a/drivers/char/tpm/tpm-chip.c +++ b/drivers/char/tpm/tpm-chip.c @@ -571,6 +571,10 @@ static int tpm_hwrng_read(struct hwrng *rng, void *data, size_t max, bool wait) { struct tpm_chip *chip = container_of(rng, struct tpm_chip, hwrng); + /* Give back zero bytes, as TPM chip has not yet fully resumed: */ + if (chip->flags & TPM_CHIP_FLAG_SUSPENDED) + return 0; + return tpm_get_random(chip, data, max); } diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 4463d0018290..586ca10b0d72 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -412,6 +412,8 @@ int tpm_pm_suspend(struct device *dev) } suspended: + chip->flags |= TPM_CHIP_FLAG_SUSPENDED; + if (rc) dev_err(dev, "Ignoring error %d while suspending\n", rc); return 0; @@ -429,6 +431,14 @@ int tpm_pm_resume(struct device *dev) if (chip == NULL) return -ENODEV; + chip->flags &= ~TPM_CHIP_FLAG_SUSPENDED; + + /* + * Guarantee that SUSPENDED is written last, so that hwrng does not + * activate before the chip has been fully resumed. + */ + wmb(); + return 0; } EXPORT_SYMBOL_GPL(tpm_pm_resume); diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 77693389c3f9..6a1e8f157255 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -282,6 +282,7 @@ enum tpm_chip_flags { TPM_CHIP_FLAG_ALWAYS_POWERED = BIT(5), TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED = BIT(6), TPM_CHIP_FLAG_FIRMWARE_UPGRADE = BIT(7), + TPM_CHIP_FLAG_SUSPENDED = BIT(8), }; #define to_tpm_chip(d) container_of(d, struct tpm_chip, dev)