Commit Graph

754 Commits

Author SHA1 Message Date
Colin Ian King
0bbc931a07 tpm_tis: make array cmd_getticks static const to shrink object code size
Don't populate array cmd_getticks on the stack, instead make it static
const.  Makes the object code smaller by over 160 bytes:

Before:
   text	   data	    bss	    dec	    hex	filename
  18813	   3152	    128	  22093	   564d	drivers/char/tpm/tpm_tis_core.o

After:
   text	   data	    bss	    dec	    hex	filename
  18554	   3248	    128	  21930	   55aa	drivers/char/tpm/tpm_tis_core.o

Cc: stable@vger.kernel.org
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-10-18 18:28:23 +03:00
Jarkko Sakkinen
da379f3c1d tpm: migrate pubek_show to struct tpm_buf
Migrated pubek_show to struct tpm_buf and cleaned up its implementation.
Previously the output parameter structure was declared but left
completely unused. Now it is used to refer different fields of the
output. We can move it to tpm-sysfs.c as it does not have any use
outside of that file.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-10-12 14:28:59 +03:00
Linus Torvalds
1436ab068d Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull TPM updates from James Morris:
 "Here are the TPM updates from Jarkko for v4.14, which I've placed in
  their own branch (next-tpm). I ended up cherry-picking them as other
  changes had been made in Jarkko's branch after he sent me his original
  pull request.

  I plan on maintaining a separate branch for TPM (and other security
  subsystems) from now on.

  From Jarkko: 'Not much this time except a few fixes'"

* 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  tpm: ibmvtpm: simplify crq initialization and document crq format
  tpm: replace msleep() with  usleep_range() in TPM 1.2/2.0 generic drivers
  Documentation: tpm: add powered-while-suspended binding documentation
  tpm: tpm_crb: constify acpi_device_id.
  tpm: vtpm: constify vio_device_id
2017-09-24 11:34:28 -07:00
Michal Suchanek
fb154e0e0a tpm: ibmvtpm: simplify crq initialization and document crq format
The crq is passed in registers and is the same on BE and LE hosts.
However, current implementation allocates a structure on-stack to
represent the crq, initializes the members swapping them to BE, and
loads the structure swapping it from BE. This is pointless and causes
GCC warnings about ununitialized members. Get rid of the structure and
the warnings.

Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-09-23 21:51:38 -07:00
Hamza Attak
9f3fc7bcdd tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers
The patch simply replaces all msleep function calls with usleep_range calls
in the generic drivers.

Tested with an Infineon TPM 1.2, using the generic tpm-tis module, for a
thousand PCR extends, we see results going from 1m57s unpatched to 40s
with the new patch. We obtain similar results when using the original and
patched tpm_infineon driver, which is also part of the patch.
Similarly with a STM TPM 2.0, using the CRB driver, it takes about 20ms per
extend unpatched and around 7ms with the new patch.

Note that the PCR consistency is untouched with this patch, each TPM has
been tested with 10 million extends and the aggregated PCR value is
continuously verified to be correct.

As an extension of this work, this could potentially and easily be applied
to other vendor's drivers. Still, these changes are not included in the
proposed patch as they are untested.

Signed-off-by: Hamza Attak <hamza@hpe.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-09-23 21:51:00 -07:00
Arvind Yadav
e1ec650f9a tpm: tpm_crb: constify acpi_device_id.
acpi_device_id are not supposed to change at runtime. All functions
working with acpi_device_id provided by <acpi/acpi_bus.h> work with
const acpi_device_id. So mark the non-const structs as const.

File size before:
   text	   data	    bss	    dec	    hex	filename
   4198	    608	      0	   4806	   12c6	drivers/char/tpm/tpm_crb.o

File size After adding 'const':
   text	   data	    bss	    dec	    hex	filename
   4262	    520	      0	   4782	   12ae	drivers/char/tpm/tpm_crb.o

Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-09-23 21:49:52 -07:00
Arvind Yadav
c2a9c4bf03 tpm: vtpm: constify vio_device_id
vio_device_id are not supposed to change at runtime. All functions
working with vio_device_id provided by <asm/vio.h> work with
const vio_device_id. So mark the non-const structs as const.

Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-09-23 21:48:56 -07:00
Michal Suchanek
7521621e60 Do not disable driver and bus shutdown hook when class shutdown hook is set.
As seen from the implementation of the single class shutdown hook this
is not very sound design.

Rename the class shutdown hook to shutdown_pre to make it clear it runs
before the driver shutdown hook.

Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-08-28 18:02:46 +02:00
Enric Balletbo i Serra
b5d0ebc99b tpm: do not suspend/resume if power stays on
The suspend/resume behavior of the TPM can be controlled by setting
"powered-while-suspended" in the DTS. This is useful for the cases
when hardware does not power-off the TPM.

Signed-off-by: Sonny Rao <sonnyrao@chromium.org>
Signed-off-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-07-07 09:49:26 +10:00
Roberto Sassu
28707bf221 tpm: use tpm2_pcr_read() in tpm2_do_selftest()
tpm2_do_selftest() performs a PCR read during the TPM initialization phase.
This patch replaces the PCR read code with a call to tpm2_pcr_read().

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkine@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-07-07 09:49:26 +10:00
Roberto Sassu
91f7f3d773 tpm: use tpm_buf functions in tpm2_pcr_read()
tpm2_pcr_read() now builds the PCR read command buffer with tpm_buf
functions. This solution is preferred to using a tpm2_cmd structure,
as tpm_buf functions provide protection against buffer overflow.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-07-07 09:49:25 +10:00
Colin Ian King
bc397085ca tpm_tis: make ilb_base_addr static
The pointer ilb_base_addr does not need to be in global scope, so make
it static.

Cleans up sparse warning:
"symbol 'ilb_base_addr' was not declared. Should it be static?"

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-07-07 09:49:25 +10:00
Jarkko Sakkinen
19cbe4f680 tpm: consolidate the TPM startup code
Consolidated all the "manual" TPM startup code to a single function
in order to make code flows a bit cleaner and migrate to tpm_buf.

Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-07-07 09:49:25 +10:00
Azhar Shaikh
5e572cab92 tpm: Enable CLKRUN protocol for Braswell systems
To overcome a hardware limitation on Intel Braswell systems,
disable CLKRUN protocol during TPM transactions and re-enable
once the transaction is completed.

Signed-off-by: Azhar Shaikh <azhar.shaikh@intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-07-07 09:49:25 +10:00
Manuel Lauss
f128480f39 tpm/tpm_crb: fix priv->cmd_size initialisation
priv->cmd_size is never initialised if the cmd and rsp buffers reside
at different addresses.  Initialise it in the exit path of the function
when rsp buffer has also been successfully allocated.

Fixes: aa77ea0e43 ("tpm/tpm_crb: cache cmd_size register value.").
Signed-off-by: Manuel Lauss <manuel.lauss@gmail.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-07-07 09:49:25 +10:00
Jarkko Sakkinen
13b47cfcfc tpm: fix a kernel memory leak in tpm-sysfs.c
While cleaning up sysfs callback that prints EK we discovered a kernel
memory leak. This commit fixes the issue by zeroing the buffer used for
TPM command/response.

The leak happen when we use either tpm_vtpm_proxy, tpm_ibmvtpm or
xen-tpmfront.

Cc: stable@vger.kernel.org
Fixes: 0883743825 ("TPM: sysfs functions consolidation")
Reported-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-07-07 09:49:24 +10:00
Josh Zimmerman
d1bd4a792d tpm: Issue a TPM2_Shutdown for TPM2 devices.
If a TPM2 loses power without a TPM2_Shutdown command being issued (a
"disorderly reboot"), it may lose some state that has yet to be
persisted to NVRam, and will increment the DA counter. After the DA
counter gets sufficiently large, the TPM will lock the user out.

NOTE: This only changes behavior on TPM2 devices. Since TPM1 uses sysfs,
and sysfs relies on implicit locking on chip->ops, it is not safe to
allow this code to run in TPM1, or to add sysfs support to TPM2, until
that locking is made explicit.

Signed-off-by: Josh Zimmerman <joshz@google.com>
Cc: stable@vger.kernel.org
Fixes: 74d6b3ceaa ("tpm: fix suspend/resume paths for TPM 2.0")
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-07-07 09:49:24 +10:00
Linus Torvalds
e24dd9ee53 Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security layer updates from James Morris:

 - a major update for AppArmor. From JJ:

     * several bug fixes and cleanups

     * the patch to add symlink support to securityfs that was floated
       on the list earlier and the apparmorfs changes that make use of
       securityfs symlinks

     * it introduces the domain labeling base code that Ubuntu has been
       carrying for several years, with several cleanups applied. And it
       converts the current mediation over to using the domain labeling
       base, which brings domain stacking support with it. This finally
       will bring the base upstream code in line with Ubuntu and provide
       a base to upstream the new feature work that Ubuntu carries.

     * This does _not_ contain any of the newer apparmor mediation
       features/controls (mount, signals, network, keys, ...) that
       Ubuntu is currently carrying, all of which will be RFC'd on top
       of this.

 - Notable also is the Infiniband work in SELinux, and the new file:map
   permission. From Paul:

      "While we're down to 21 patches for v4.13 (it was 31 for v4.12),
       the diffstat jumps up tremendously with over 2k of line changes.

       Almost all of these changes are the SELinux/IB work done by
       Daniel Jurgens; some other noteworthy changes include a NFS v4.2
       labeling fix, a new file:map permission, and reporting of policy
       capabilities on policy load"

   There's also now genfscon labeling support for tracefs, which was
   lost in v4.1 with the separation from debugfs.

 - Smack incorporates a safer socket check in file_receive, and adds a
   cap_capable call in privilege check.

 - TPM as usual has a bunch of fixes and enhancements.

 - Multiple calls to security_add_hooks() can now be made for the same
   LSM, to allow LSMs to have hook declarations across multiple files.

 - IMA now supports different "ima_appraise=" modes (eg. log, fix) from
   the boot command line.

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (126 commits)
  apparmor: put back designators in struct initialisers
  seccomp: Switch from atomic_t to recount_t
  seccomp: Adjust selftests to avoid double-join
  seccomp: Clean up core dump logic
  IMA: update IMA policy documentation to include pcr= option
  ima: Log the same audit cause whenever a file has no signature
  ima: Simplify policy_func_show.
  integrity: Small code improvements
  ima: fix get_binary_runtime_size()
  ima: use ima_parse_buf() to parse template data
  ima: use ima_parse_buf() to parse measurements headers
  ima: introduce ima_parse_buf()
  ima: Add cgroups2 to the defaults list
  ima: use memdup_user_nul
  ima: fix up #endif comments
  IMA: Correct Kconfig dependencies for hash selection
  ima: define is_ima_appraise_enabled()
  ima: define Kconfig IMA_APPRAISE_BOOTPARAM option
  ima: define a set of appraisal rules requiring file signatures
  ima: extend the "ima_policy" boot command line to support multiple policies
  ...
2017-07-05 11:26:35 -07:00
Linus Torvalds
eceeae414e ACPI updates for v4.13-rc1
- Update the ACPICA code in the kernel to upstream revision
    revision 20170531 (which covers all of the new material from
    ACPI 6.2) including:
    * Support for the PinFunction(), PinConfig(), PinGroup(),
      PinGroupFunction(), and PinGroupConfig() resource descriptors
      (Mika Westerberg).
    * Support for new subtables in HEST and SRAT, new notify value
      for HEST, header support for TPM2 table changes, and BGRT
      Status field update (Bob Moore).
    * Support for new PCCT subtables (David Box).
    * Support for _LSI, _LSR, _LSW, and _HMA as predefined methods
      (Erik Schmauss).
    * Support for the new WSMT, HMAT, and PPTT tables (Lv Zheng).
    * New UUID values for Processor Properties (Bob Moore).
    * New notify values for memory attributes and graceful shutdown
      (Bob Moore).
    * Fix related to the PCAT_COMPAT MADT flag (Janosch Hildebrand).
    * Resource to AML conversion fix for resources containing GPIOs
      (Mika Westerberg).
    * Disassembler-related updates (Bob Moore, David Box, Erik
      Schmauss).
    * Assorted fixes and cleanups (Bob Moore, Erik Schmauss, Lv Zheng,
      Cao Jin).
 
  - Modify ACPICA to always use designated initializers for function
    pointer structures to make the structure layout randomization GCC
    plugin work with it (Kees Cook).
 
  - Update the tables configfs interface to unload SSDTs on configfs
    entry removal (Jan Kiszka).
 
  - Add support for the GPI1 regulator to the xpower PMIC Operation
    Region handler (Hans de Goede).
 
  - Fix ACPI EC issues related to conflicting EC definitions in the
    ECDT and in the ACPI namespace (Lv Zheng, Carlo Caione, Chris
    Chiu).
 
  - Fix an interrupt storm issue in the EC driver and make its debug
    output work with dynamic debug as expected (Lv Zheng).
 
  - Add ACPI backlight quirk for Dell Precision 7510 (Shih-Yuan Lee).
 
  - Fix whitespace in pr_fmt() to align log entries properly in some
    places in the ACPI subsystem (Vincent Legoll).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJZWrJyAAoJEILEb/54YlRxY2cP/1h2un46sEnP7uLVLK4lpEih
 NQ79+fA7NTidA9J6gin2Kjgl8BFgswAhQBJZG3cJxUrhIIRWItSeLGvHb0CXX+iY
 m7CpL0ralIKV9XCju8B5b2V+0qn2tPzHS5a8PSX9Gvs0N6G8Qnlq4jspIjXMa3zH
 3D/fmYbQZeuHjypiBqRlB5IE49O2FQL2+d4Vn1rryuAFFya610ulASOZxsQ015d4
 Xt2pSTqUbqeD8rG8+j4VKFy8x0Lj0eEU3FUgYNJHlO+pOG+wTTs3KPyNOa33h0OC
 US0Wc0XOUyz78P5YkEgA7Ve/j1E6bqQ9bVF6mIcqjvAOReqSe84RCJ86Ckjlewxf
 VMNjCT/qDDkB8d+IAX6e7uYwxuP8bTSfUGBHjoI16qaJ13zd1/jOVY8QH5zPg5Ml
 r06HO5iOrQS3yhumYRk3gIdV+cgdHt3SEQlfi30nFH5Yzp8epk85UPyjYUYPDwqy
 QP5QbYvmHyuIUSXW2HQxZYADSaqnKIglRizCIKcFHT5+J554DjM5T51A5UpyQkY3
 cjtgrpg4KA5qCrpUAqPPxA2mtUVsZk1h4HwhrkTVt4xaR9GP9gvvzonP552fmHrM
 nIX9tM2JEf+LC7eCV+yrk8dtGNTRYpmEBQw7go4R82pTE5YTOWDf1bNM59gTFoWP
 LXi28C9lb2aibWlX/0bw
 =ImFw
 -----END PGP SIGNATURE-----

Merge tag 'acpi-4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull ACPI updates from Rafael Wysocki:
 "These mostly update the ACPICA code in the kernel to upstream revision
  20170531 which covers all of the new material from ACPI 6.2, including
  new tables (WSMT, HMAT, PPTT), new subtables and definition changes
  for some existing tables (BGRT, HEST, SRAT, TPM2, PCCT), new resource
  descriptor macros for pin control, support for new predefined methods
  (_LSI, _LSR, _LSW, _HMA), fixes and cleanups.

  On top of that, an additional ACPICA change from Kees (which also is
  upstream already) switches all of the definitions of function pointer
  structures in ACPICA to use designated initializers so as to make the
  structure layout randomization GCC plugin work with it.

  The rest is a few fixes and cleanups in the EC driver, an xpower PMIC
  driver update, a new backlight blacklist entry, and update of the
  tables configfs interface and a messages formatting cleanup.

  Specifics:

   - Update the ACPICA code in the kernel to upstream revision revision
     20170531 (which covers all of the new material from ACPI 6.2)
     including:
      * Support for the PinFunction(), PinConfig(), PinGroup(),
        PinGroupFunction(), and PinGroupConfig() resource descriptors
        (Mika Westerberg).
      * Support for new subtables in HEST and SRAT, new notify value for
        HEST, header support for TPM2 table changes, and BGRT Status
        field update (Bob Moore).
      * Support for new PCCT subtables (David Box).
      * Support for _LSI, _LSR, _LSW, and _HMA as predefined methods
        (Erik Schmauss).
      * Support for the new WSMT, HMAT, and PPTT tables (Lv Zheng).
      * New UUID values for Processor Properties (Bob Moore).
      * New notify values for memory attributes and graceful shutdown
        (Bob Moore).
      * Fix related to the PCAT_COMPAT MADT flag (Janosch Hildebrand).
      * Resource to AML conversion fix for resources containing GPIOs
        (Mika Westerberg).
      * Disassembler-related updates (Bob Moore, David Box, Erik
        Schmauss).
      * Assorted fixes and cleanups (Bob Moore, Erik Schmauss, Lv Zheng,
        Cao Jin).

   - Modify ACPICA to always use designated initializers for function
     pointer structures to make the structure layout randomization GCC
     plugin work with it (Kees Cook).

   - Update the tables configfs interface to unload SSDTs on configfs
     entry removal (Jan Kiszka).

   - Add support for the GPI1 regulator to the xpower PMIC Operation
     Region handler (Hans de Goede).

   - Fix ACPI EC issues related to conflicting EC definitions in the
     ECDT and in the ACPI namespace (Lv Zheng, Carlo Caione, Chris
     Chiu).

   - Fix an interrupt storm issue in the EC driver and make its debug
     output work with dynamic debug as expected (Lv Zheng).

   - Add ACPI backlight quirk for Dell Precision 7510 (Shih-Yuan Lee).

   - Fix whitespace in pr_fmt() to align log entries properly in some
     places in the ACPI subsystem (Vincent Legoll)"

* tag 'acpi-4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (63 commits)
  ACPI / EC: Add quirk for GL720VMK
  ACPI / EC: Fix media keys not working problem on some Asus laptops
  ACPI / EC: Add support to skip boot stage DSDT probe
  ACPI / EC: Enhance boot EC sanity check
  ACPI / video: Add quirks for the Dell Precision 7510
  ACPI: EC: Fix EC command visibility for dynamic debug
  ACPI: EC: Fix an EC event IRQ storming issue
  ACPICA: Use designated initializers
  ACPICA: Update version to 20170531
  ACPICA: Update a couple of debug output messages
  ACPICA: acpiexec: enhance local signal handler
  ACPICA: Simplify output for the ACPI Debug Object
  ACPICA: Unix application OSL: Correctly handle control-c (EINTR)
  ACPICA: Improvements for debug output only
  ACPICA: Disassembler: allow conflicting external declarations to be emitted.
  ACPICA: Disassembler: add external op to namespace on first pass
  ACPICA: Disassembler: prevent external op's from opening a new scope
  ACPICA: Changed Gbl_disasm_flag to acpi_gbl_disasm_flag
  ACPICA: Changing External to a named object
  ACPICA: Update two error messages to emit control method name
  ...
2017-07-04 14:16:49 -07:00
Gustavo A. R. Silva
e4b0852798 tpm/tpm_atmel: remove unnecessary NULL check
Remove unnecessary NULL check.
Pointer _chip_ cannot be NULL in this instance.

Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkine@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkine@linux.intel.com> (compilation)
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-06-19 02:36:04 +02:00
Andy Shevchenko
23c3beae58 tpm/st33zp24: Switch to devm_acpi_dev_add_driver_gpios()
Switch to use managed variant of acpi_dev_add_driver_gpios() to simplify
error path and fix potentially wrong assignment if ->probe() fails.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkine@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkine@linux.intel.com> (compilation)
Signed-off-by: Jarkko Sakkinen <jarkko.sakkine@linux.intel.com>
2017-06-19 02:33:22 +02:00
Stefan Berger
d8b5d94538 tpm: vtpm_proxy: Prevent userspace from sending driver command
To prevent userspace from sending the TPM driver command to set
the locality, we need to check every command that is sent from
user space. To distinguish user space commands from internally
sent commands we introduce an additional state flag
STATE_DRIVER_COMMAND that is set while the driver sends this
command. Similar to the TPM 2 space commands we return an error
code when this command is detected.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-06-13 22:02:09 +03:00
Stefan Berger
be4c9acfe2 tpm: vtpm_proxy: Implement request_locality function.
Implement the request_locality function. To set the locality on the
backend we define vendor-specific TPM 1.2 and TPM 2 ordinals and send
a command to the backend to set the locality for the next commands.

To avoid recursing into requesting the locality, we set the
TPM_TRANSMIT_RAW flag when calling tpm_transmit_cmd. To avoid recursing
into TPM 2 space related commands, we set the space parameter to NULL.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-06-13 22:02:09 +03:00
Stefan Berger
85ab3bf305 tpm: Introduce flag TPM_TRANSMIT_RAW
Introduce the flag TPM_TRANSMIT_RAW that allows us to transmit
a command without recursing into the requesting of locality.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-06-13 22:02:09 +03:00
Stefan Berger
402149c647 tpm: vtpm_proxy: Suppress error logging when in closed state
Suppress the error logging when the core TPM driver sends commands
to the VTPM proxy driver and -EPIPE is returned in case the VTPM
proxy driver is 'closed' (closed anonymous file descriptor).  This
error code is only returned by the send function and by tpm_transmit
when the VTPM proxy driver is being used.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-06-13 22:02:09 +03:00
Peter Huewe
5e9fefd26b tpm, tpmrm: Mark tpmrm_write as static
sparse complains that tpmrm_write can be made static, and since it is
right we make it static.

Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-06-13 22:02:08 +03:00
Jarkko Sakkinen
8816188f06 tpm: remove struct tpm_pcrextend_in
Removed struct tpm_pcrextend_in as it is not used for anything anymore.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Peter Huewe <peterhuewe@gmx.de>
2017-06-13 22:02:08 +03:00
Jarkko Sakkinen
30bbafe3e0 tpm, tpm_infineon: remove useless snprintf() calls
The memory copy from rodata to stack is useless.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Peter Huewe <peterhuewe@gmx.de>
2017-06-13 22:02:08 +03:00
Jarkko Sakkinen
124bdcf4a6 tpm: fix byte order related arithmetic inconsistency in tpm_getcap()
You should not do arithmetic with __be32 or __le32 types because
sometimes it results incorrect results. Calculations must be done only
with integers that are in in the CPU byte order. This commit migrates
tpm_getcap() to struct tpm_buf in order to sort out these issues.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
2017-06-13 22:02:08 +03:00
Bryan Freed
d8c3eab5cb tpm: Apply a sane minimum adapterlimit value for retransmission.
When the I2C Infineon part is attached to an I2C adapter that imposes
a size limitation, large requests will fail with -EOPNOTSUPP. Retry
them with a sane minimum size without re-issuing the 0x05 command
as this appears to occasionally put the TPM in a bad state.

Signed-off-by: Bryan Freed <bfreed@chromium.org>
[rework the patch to adapt to the feedback received]
Signed-off-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
Acked-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-06-13 22:02:08 +03:00
Jason Gunthorpe
4cb586a188 tpm_tis: Consolidate the platform and acpi probe flow
Now that the platform device was merged for OF support we can use the
platform device to match ACPI devices as well and run everything
through tpm_tis_init.

pnp_acpi_device is replaced with ACPI_COMPANION, and ACPI_HANDLE is
pushed further down.

platform_get_resource is used instead of acpi_dev_get_resources.

The itpm global module parameter is no longer changed during itpm
detection, instead the phy specific bit is set directly.

Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jerry Snitselaar <jsnitsel@redhat.com> (with TPM 2.0)
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> (with TPM 1.2)
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-06-13 22:02:08 +03:00
Jason Gunthorpe
fc0e132229 tpm_tis: Use platform_get_irq
Replace the open coded IORESOURCE_IRQ with platform_get_irq, which
supports more cases.

Fixes: 00194826e6 ("tpm_tis: Clean up the force=1 module parameter")
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jerry Snitselaar <jsnitsel@redhat.com> (with TPM 2.0)
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> (with TPM 1.2)
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-06-13 22:02:08 +03:00
Jason Gunthorpe
d27f81f061 tpm_tis: Fix IRQ autoprobing when using platform_device
The test was backwards, triggering IRQ autoprobing if the firmware
did not specify an IRQ, instead of triggering it only when the
module force parameter was specified.

Since autoprobing is not enabled on !x86 and the platform device is
currently only used on !x86, or with force, this has gone unnoticed.

Fixes: 00194826e6 ("tpm_tis: Clean up the force=1 module parameter")
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jerry Snitselaar <jsnitsel@redhat.com> (with TPM 2.0)
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> (with TPM 1.2)
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-06-13 22:02:08 +03:00
Roberto Sassu
175d5b2a57 tpm: move TPM 1.2 code of tpm_pcr_extend() to tpm1_pcr_extend()
In preparation of the modifications to tpm_pcr_extend(), which will
allow callers to supply a digest for each PCR bank of a TPM 2.0,
the TPM 1.2 specific code has been moved to tpm1_pcr_extend().

tpm1_pcr_extend() uses tpm_buf_init() to prepare the command buffer,
which offers protection against buffer overflow. It is called by
tpm_pcr_extend() and tpm_pm_suspend().

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-06-13 22:02:08 +03:00
Roberto Sassu
a69faebf4d tpm: move endianness conversion of ordinals to tpm_input_header
Move CPU native value to big-endian conversion of ordinals to the
tpm_input_header declarations.

With the previous and this patch it will now be possible to modify TPM 1.2
functions to use tpm_buf_init(), which expects CPU native value for the
tag and ordinal arguments.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-06-13 22:02:08 +03:00
Roberto Sassu
06e93279ca tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header
In the long term, TPM 1.2 functions in the driver interface will be
modified to use tpm_buf_init().

However, tag and ordinals cannot be passed directly to tpm_buf_init(),
because this function performs CPU native to big-endian conversion of these
arguments. Since TPM_TAG_RQU_COMMAND and TPM_ORD_ are already converted,
passing them to the function will undo the previous conversion.

This patch moves the conversion of TPM_TAG_RQU_COMMAND from the tpm.h
header file in the driver directory to the tpm_input_header declarations
in the driver interface and tpm-sysfs.c.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-06-13 22:02:08 +03:00
Bob Moore
bff7f90bbe ACPICA: Add header support for TPM2 table changes
ACPICA commit b922ecaf9053dae3b8933664e951ed1ee8f86f07

Update to new version of the TCG/ACPI spec.
Does not include table compiler or disassembler support.

Link: https://github.com/acpica/acpica/commit/b922ecaf
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2017-06-12 14:58:38 +02:00
Andy Shevchenko
94116f8126 ACPI: Switch to use generic guid_t in acpi_evaluate_dsm()
acpi_evaluate_dsm() and friends take a pointer to a raw buffer of 16
bytes. Instead we convert them to use guid_t type. At the same time we
convert current users.

acpi_str_to_uuid() becomes useless after the conversion and it's safe to
get rid of it.

Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Cc: Borislav Petkov <bp@suse.de>
Acked-by: Dan Williams <dan.j.williams@intel.com>
Cc: Amir Goldstein <amir73il@gmail.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
Acked-by: Jani Nikula <jani.nikula@intel.com>
Cc: Ben Skeggs <bskeggs@redhat.com>
Acked-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Acked-by: Joerg Roedel <jroedel@suse.de>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: Yisen Zhuang <yisen.zhuang@huawei.com>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Acked-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Acked-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
2017-06-07 12:20:49 +02:00
Linus Torvalds
af82455f7d char/misc patches for 4.12-rc1
Here is the big set of new char/misc driver drivers and features for
 4.12-rc1.
 
 There's lots of new drivers added this time around, new firmware drivers
 from Google, more auxdisplay drivers, extcon drivers, fpga drivers, and
 a bunch of other driver updates.  Nothing major, except if you happen to
 have the hardware for these drivers, and then you will be happy :)
 
 All of these have been in linux-next for a while with no reported
 issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCWQvAgg8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+yknsACgzkAeyz16Z97J3UTaeejbR7nKUCAAoKY4WEHY
 8O9f9pr9gj8GMBwxeZQa
 =OIfB
 -----END PGP SIGNATURE-----

Merge tag 'char-misc-4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

Pull char/misc driver updates from Greg KH:
 "Here is the big set of new char/misc driver drivers and features for
  4.12-rc1.

  There's lots of new drivers added this time around, new firmware
  drivers from Google, more auxdisplay drivers, extcon drivers, fpga
  drivers, and a bunch of other driver updates. Nothing major, except if
  you happen to have the hardware for these drivers, and then you will
  be happy :)

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'char-misc-4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (136 commits)
  firmware: google memconsole: Fix return value check in platform_memconsole_init()
  firmware: Google VPD: Fix return value check in vpd_platform_init()
  goldfish_pipe: fix build warning about using too much stack.
  goldfish_pipe: An implementation of more parallel pipe
  fpga fr br: update supported version numbers
  fpga: region: release FPGA region reference in error path
  fpga altera-hps2fpga: disable/unprepare clock on error in alt_fpga_bridge_probe()
  mei: drop the TODO from samples
  firmware: Google VPD sysfs driver
  firmware: Google VPD: import lib_vpd source files
  misc: lkdtm: Add volatile to intentional NULL pointer reference
  eeprom: idt_89hpesx: Add OF device ID table
  misc: ds1682: Add OF device ID table
  misc: tsl2550: Add OF device ID table
  w1: Remove unneeded use of assert() and remove w1_log.h
  w1: Use kernel common min() implementation
  uio_mf624: Align memory regions to page size and set correct offsets
  uio_mf624: Refactor memory info initialization
  uio: Allow handling of non page-aligned memory regions
  hangcheck-timer: Fix typo in comment
  ...
2017-05-04 19:15:35 -07:00
Stefan Berger
8979b02aaf tpm: Fix reference count to main device
The main device is currently not properly released due to one additional
reference to the 'devs' device which is only released in case of a TPM 2.
So, also get the additional reference only in case of a TPM2.

Fixes: fdc915f7f7 ("tpm: expose spaces via a device link /dev/tpmrm<n>")
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-25 00:27:18 +03:00
Jerry Snitselaar
e6aef069b6 tpm_tis: convert to using locality callbacks
This patch converts tpm_tis to use of the new tpm class ops
request_locality, and relinquish_locality.

With the move to using the callbacks, release_locality is changed so
that we now release the locality even if there is no request pending.

This required some changes to the tpm_tis_core_init code path to
make sure locality is requested when needed:

  - tpm2_probe code path will end up calling request/release through
    callbacks, so request_locality prior to tpm2_probe not needed.

  - probe_itpm makes calls to tpm_tis_send_data which no longer calls
    request_locality, so add request_locality prior to tpm_tis_send_data
    calls. Also drop release_locality call in middleof probe_itpm, and
    keep locality until release_locality called at end of probe_itpm.

Cc: Peter Huewe <peterhuewe@gmx.de>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Cc: Marcel Selhorst <tpmdd@selhorst.net>
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-25 00:27:18 +03:00
Petr Vandrovec
fd5c78694f tpm: fix handling of the TPM 2.0 event logs
When TPM2 log has entries with more than 3 digests, or with digests
not listed in the log header, log gets misparsed, eventually
leading to kernel complaint that code tried to vmalloc 512MB of
memory (I have no idea what would happen on bigger system).

So code should not parse only first 3 digests: both event header
and event itself are already in memory, so we can parse any number
of digests, as long as we do not try to parse whole memory when
given count of 0xFFFFFFFF.

So this change:

* Rejects event entry with more digests than log header describes.
  Digest types should be unique, and all should be described in
  log header, so there cannot be more digests in the event than in
  the header.

* Reject event entry with digest that is not described in the
  log header.  In theory code could hardcode information about
  digest IDs already assigned by TCG, but if firmware authors
  cannot get event log format right, why should anyone believe
  that they got event log content right.

Cc: stable@vger.kernel.org
Fixes: 4d23cc323c ("tpm: add securityfs support for TPM 2.0 firmware event log")
Signed-off-by: Petr Vandrovec <petr@vmware.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-25 00:27:18 +03:00
Jarkko Sakkinen
3b395d67d9 tpm_crb: remove a cruft constant
Remove a useless constant that slipped through me when I did the code
review. This commit fixes the issue.

Cc: Jiandi An <anjiandi@codeaurora.org>
Fixes: 69c558de63c7 ("tpm/tpm_crb: Enable TPM CRB interface for ARM64")
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-25 00:27:18 +03:00
Jiandi An
08eff49d63 tpm/tpm_crb: Enable TPM CRB interface for ARM64
This enables TPM Command Response Buffer interface driver for
ARM64 and implements an ARM specific TPM CRB start method that
invokes a Secure Monitor Call (SMC) to request the TrustZone
Firmware to execute or cancel a TPM 2.0 command.

In ARM, TrustZone security extensions enable a secure software
environment with Secure Monitor mode.  A Secure Monitor Call
(SMC) is used to enter the Secure Monitor mode and perform a
Secure Monitor service to communicate with TrustZone firmware
which has control over the TPM hardware.

Signed-off-by: Jiandi An <anjiandi@codeaurora.org>
Tested-by: Shanker Donthineni <shankerd@codeaurora.org>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> (on x86/PTT)
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:03 +03:00
Jarkko Sakkinen
877c57d0d0 tpm_crb: request and relinquish locality 0
This commit adds support for requesting and relinquishing locality 0 in
tpm_crb for the course of command transmission.

In order to achieve this, two new callbacks are added to struct
tpm_class_ops:

- request_locality
- relinquish_locality

With CRB interface you first set either requestAccess or relinquish bit
from TPM_LOC_CTRL_x register and then wait for locAssigned and
tpmRegValidSts bits to be set in the TPM_LOC_STATE_x register.

The reason why were are doing this is to make sure that the driver
will work properly with Intel TXT that uses locality 2. There's no
explicit guarantee that it would relinquish this locality. In more
general sense this commit enables tpm_crb to be a well behaving
citizen in a multi locality environment.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
Tested-by: Jerry Snitselaar <jsnitsel@redhat.com>
2017-04-03 22:46:02 +03:00
Jerry Snitselaar
84d2594067 tpm: make check_locality return bool
Since check_locality is checking to see if a certain
locality is active, return true if active otherwise
return false.

Cc: Christophe Ricard <christophe.ricard@gmail.com>
Cc: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Cc: Marcel Selhorst <tpmdd@selhorst.net>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:02 +03:00
Jérémy Lefaure
67c2f3d388 tpm/tpm_crb: fix unused warnings on suspend/resume functions
When PM_SLEEP is disabled crb_pm_suspend and crb_pm_resume are not used by
SET_SYSTEM_SLEEP_PM_OPS even if PM is enabled:

drvers/char/tpm/tpm_crb.c:540:12: warning: ‘crb_pm_suspend’ defined but not
used [-Wunused-function]
 static int crb_pm_suspend(struct device *dev)
            ^
drivers/char/tpm/tpm_crb.c:551:12: warning: ‘crb_pm_resume’ defined but not
used [-Wunused-function]
 static int crb_pm_resume(struct device *dev)
            ^

The preprocessor condition should be on CONFIG_PM_SLEEP, not on CONFIG_PM.
However, this patch fixes this warning by using __maybe_unused on function
that are in the preprocessor condition.

Fixes: 848efcfb560c ("tpm/tpm_crb: enter the low power state upon device suspend")
Signed-off-by: Jérémy Lefaure <jeremy.lefaure@lse.epita.fr>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:02 +03:00
Nayna Jain
0afb7118ae tpm: add sleep only for retry in i2c_nuvoton_write_status()
Currently, there is an unnecessary 1 msec delay added in
i2c_nuvoton_write_status() for the successful case. This
function is called multiple times during send() and recv(),
which implies adding multiple extra delays for every TPM
operation.

This patch calls usleep_range() only if retry is to be done.

Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com>
Cc: stable@vger.kernel.org (linux-4.8)
Reviewed-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:02 +03:00
Andy Shevchenko
2d2e376f05 tpm/st33zp24: Add GPIO ACPI mapping table
In order to make GPIO ACPI library stricter prepare users of
gpiod_get_index() to correctly behave when there no mapping is
provided by firmware.

Here we add explicit mapping between _CRS GpioIo() resources and
their names used in the driver.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:02 +03:00
Hon Ching \(Vicky\) Lo
31574d321c vTPM: Fix missing NULL check
The current code passes the address of tpm_chip as the argument to
dev_get_drvdata() without prior NULL check in
tpm_ibmvtpm_get_desired_dma.  This resulted an oops during kernel
boot when vTPM is enabled in Power partition configured in active
memory sharing mode.

The vio_driver's get_desired_dma() is called before the probe(), which
for vtpm is tpm_ibmvtpm_probe, and it's this latter function that
initializes the driver and set data.  Attempting to get data before
the probe() caused the problem.

This patch adds a NULL check to the tpm_ibmvtpm_get_desired_dma.

fixes: 9e0d39d8a6 ("tpm: Remove useless priv field in struct tpm_vendor_specific")
Cc: <stable@vger.kernel.org>
Signed-off-by: Hon Ching(Vicky) Lo <honclo@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkine <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:02 +03:00
Jerry Snitselaar
8569defde8 tpm_crb: check for bad response size
Make sure size of response buffer is at least 6 bytes, or
we will underflow and pass large size_t to memcpy_fromio().
This was encountered while testing earlier version of
locality patchset.

Cc: stable@vger.kernel.org
Fixes: 30fc8d138e ("tpm: TPM 2.0 CRB Interface")
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:02 +03:00
James Bottomley
4d57856a21 tpm2: add session handle context saving and restoring to the space code
Sessions are different from transient objects in that their handles
may not be virtualized (because they're used for some hmac
calculations).  Additionally when a session is context saved, a
vestigial memory remains in the TPM and if it is also flushed, that
will be lost and the session context will refuse to load next time, so
the code is updated to flush only transient objects after a context
save.  Add a separate array (chip->session_tbl) to save and restore
sessions by handle.  Use the failure of a context save or load to
signal that the session has been flushed from the TPM and we can
remove its memory from chip->session_tbl.

Sessions are also isolated during each instance of a tpm space.  This
means that spaces shouldn't be able to see each other's sessions and
is enforced by ensuring that a space user may only refer to sessions
handles that are present in their own chip->session_tbl.  Finally when
a space is closed, all the sessions belonging to it should be flushed
so the handles may be re-used by other spaces.

Note that if we get a session save or load error, all sessions are
effectively flushed.  Even though we restore the session buffer, all
the old sessions will refuse to load after the flush and they'll be
purged from our session memory.  This means that while transient
context handling is still soft in the face of errors, session handling
is hard (any failure of the model means all sessions are lost).

Fixes-from: Colin Ian King <colin.king@canonical.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:02 +03:00
James Bottomley
fdc915f7f7 tpm: expose spaces via a device link /dev/tpmrm<n>
Currently the tpm spaces are not exposed to userspace.  Make this
exposure via a separate device, which can now be opened multiple times
because each read/write transaction goes separately via the space.

Concurrency is protected by the chip->tpm_mutex for each read/write
transaction separately.  The TPM is cleared of all transient objects
by the time the mutex is dropped, so there should be no interference
between the kernel and userspace.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:02 +03:00
James Bottomley
ecb38e2f52 tpm: split out tpm-dev.c into tpm-dev.c and tpm-common-dev.c
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:01 +03:00
Jarkko Sakkinen
745b361e98 tpm: infrastructure for TPM spaces
Added an ability to virtualize TPM commands into an isolated context
that we call a TPM space because the word context is already heavily
used in the TPM specification. Both the handle areas and bodies (where
necessary) are virtualized.

The mechanism works by adding a new parameter struct tpm_space to the
tpm_transmit() function. This new structure contains the list of virtual
handles and a buffer of page size (currently) for backing storage.

When tpm_transmit() is called with a struct tpm_space instance it will
execute the following sequence:

1. Take locks.
2. Load transient objects from the backing storage by using ContextLoad
   and map virtual handles to physical handles.
3. Perform the transaction.
4. Save transient objects to backing storage by using ContextSave and
   map resulting physical handle to virtual handle if there is such.

This commit does not implement virtualization support for hmac and
policy sessions.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2017-04-03 22:46:01 +03:00
Jarkko Sakkinen
58472f5cd4 tpm: validate TPM 2.0 commands
Check for every TPM 2.0 command that the command code is supported and
the command buffer has at least the length that can contain the header
and the handle area.

For ContextSave and FlushContext we mark the body to be part of the
handle area. This gives validation for these commands at zero
cost, including the body of the command.

The more important reason for this is that we can virtualize these
commands in the same way as you would virtualize the handle area of a
command.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2017-04-03 22:46:01 +03:00
Jarkko Sakkinen
9aa36b399a tpm: export tpm2_flush_context_cmd
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2017-04-03 22:46:01 +03:00
Jarkko Sakkinen
a147918e79 tpm: move length validation to tpm_transmit()
Check that the length matches the length reported by the response
header already in tpm_transmit() to improve validation.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2017-04-03 22:46:01 +03:00
Jarkko Sakkinen
38eb24ebb0 tpm_crb: encapsulate crb_wait_for_reg_32
Encapsulated crb_wait_for_reg32() so that state changes in other CRB
registers than TPM_CRB_CTRL_REQ_x can be waited.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
Tested-by: Gang Wei <gang.wei@intel.com>
2017-04-03 22:46:01 +03:00
Jarkko Sakkinen
13b1f4a571 tpm_crb: map locality registers
In order to provide access to locality registers, this commits adds
mapping of the head of the CRB registers, which are located right
before the control area.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
Tested-by: Gang Wei <gang.wei@intel.com>
2017-04-03 22:46:01 +03:00
Peter Huewe
5cc0101d1f tpm_tis_spi: Add small delay after last transfer
Testing the implementation with a Raspberry Pi 2 showed that under some
circumstances its SPI master erroneously releases the CS line before the
transfer is complete, i.e. before the end of the last clock. In this case
the TPM ignores the transfer and misses for example the GO command. The
driver is unable to detect this communication problem and will wait for a
command response that is never going to arrive, timing out eventually.

As a workaround, the small delay ensures that the CS line is held long
enough, even with a faulty SPI master. Other SPI masters are not affected,
except for a negligible performance penalty.

Cc: <stable@vger.kernel.org>
Fixes: 0edbfea537 ("tpm/tpm_tis_spi: Add support for spi phy")
Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com>
Signed-off-by: Peter Huewe <peter.huewe@infineon.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Benoit Houyere <benoit.houyere@st.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:01 +03:00
Peter Huewe
591e48c26c tpm_tis_spi: Remove limitation of transfers to MAX_SPI_FRAMESIZE bytes
Limiting transfers to MAX_SPI_FRAMESIZE was not expected by the upper
layers, as tpm_tis has no such limitation. Add a loop to hide that
limitation.

v2: Moved scope of spi_message to the top as requested by Jarkko
Cc: <stable@vger.kernel.org>
Fixes: 0edbfea537 ("tpm/tpm_tis_spi: Add support for spi phy")
Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com>
Signed-off-by: Peter Huewe <peter.huewe@infineon.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Benoit Houyere <benoit.houyere@st.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:01 +03:00
Peter Huewe
e110cc69dc tpm_tis_spi: Check correct byte for wait state indicator
Wait states are signaled in the last byte received from the TPM in
response to the header, not the first byte. Check rx_buf[3] instead of
rx_buf[0].

Cc: <stable@vger.kernel.org>
Fixes: 0edbfea537 ("tpm/tpm_tis_spi: Add support for spi phy")
Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com>
Signed-off-by: Peter Huewe <peter.huewe@infineon.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Benoit Houyere <benoit.houyere@st.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:01 +03:00
Peter Huewe
975094ddc3 tpm_tis_spi: Abort transfer when too many wait states are signaled
Abort the transfer with ETIMEDOUT when the TPM signals more than
TPM_RETRY wait states. Continuing with the transfer in this state
will only lead to arbitrary failures in other parts of the code.

Cc: <stable@vger.kernel.org>
Fixes: 0edbfea537 ("tpm/tpm_tis_spi: Add support for spi phy")
Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com>
Signed-off-by: Peter Huewe <peter.huewe@infineon.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Benoit Houyere <benoit.houyere@st.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:01 +03:00
Peter Huewe
f848f2143a tpm_tis_spi: Use single function to transfer data
The algorithm for sending data to the TPM is mostly identical to the
algorithm for receiving data from the TPM, so a single function is
sufficient to handle both cases.

This is a prequisite for all the other fixes, so we don't have to fix
everything twice (send/receive)

v2: u16 instead of u8 for the length.
Cc: <stable@vger.kernel.org>
Fixes: 0edbfea537 ("tpm/tpm_tis_spi: Add support for spi phy")
Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com>
Signed-off-by: Peter Huewe <peter.huewe@infineon.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Benoit Houyere <benoit.houyere@st.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:00 +03:00
Winkler, Tomas
095fc30c2c tpm/tpm_crb: enter the low power state upon device suspend
This fix enables a platform to enter the idle state (suspend-to-idle)

The driver needs to request explicitly go_idle upon completion
from the pm suspend handler.
The runtime pm is disabled on suspend during prepare state by calling
pm_runtime_get_noresume, hence we cannot relay on runtime pm to leave
the device in low power state. Symmetrically cmdReady is called
upon resume.

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Siged-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:00 +03:00
Arnd Bergmann
4bf4b4ed9d tpm: select CONFIG_CRYPTO
We get a newly introduced harmless warning when CONFIG_CRYPTO is disabled:

warning: (TCG_TPM && TRUSTED_KEYS && IMA) selects CRYPTO_HASH_INFO which has unmet direct dependencies (CRYPTO)

This adds another select to avoid the warning, consistent with other users
of the crypto code.

Fixes: c1f92b4b04 ("tpm: enhance TPM 2.0 PCR extend to support multiple banks")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Peter Huewe <peterhuewe@gmx.de>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:00 +03:00
Nayna Jain
a233a0289c tpm: msleep() delays - replace with usleep_range() in i2c nuvoton driver
Commit 500462a9de "timers: Switch to a non-cascading wheel" replaced
the 'classic' timer wheel, which aimed for near 'exact' expiry of the
timers.  Their analysis was that the vast majority of timeout timers
are used as safeguards, not as real timers, and are cancelled or
rearmed before expiration.  The only exception noted to this were
networking timers with a small expiry time.

Not included in the analysis was the TPM polling timer, which resulted
in a longer normal delay and, every so often, a very long delay.  The
non-cascading wheel delay is based on CONFIG_HZ.  For a description of
the different rings and their delays, refer to the comments in
kernel/time/timer.c.

Below are the delays given for rings 0 - 2, which explains the longer
"normal" delays and the very, long delays as seen on systems with
CONFIG_HZ 250.

* HZ 1000 steps
 * Level Offset  Granularity            Range
 *  0      0         1 ms                0 ms - 63 ms
 *  1     64         8 ms               64 ms - 511 ms
 *  2    128        64 ms              512 ms - 4095 ms (512ms - ~4s)

* HZ  250
 * Level Offset  Granularity            Range
 *  0      0         4 ms                0 ms - 255 ms
 *  1     64        32 ms              256 ms - 2047 ms (256ms - ~2s)
 *  2    128       256 ms             2048 ms - 16383 ms (~2s - ~16s)

Below is a comparison of extending the TPM with 1000 measurements,
using msleep() vs. usleep_delay() when configured for 1000 hz vs. 250
hz, before and after commit 500462a9de.

linux-4.7 | msleep() usleep_range()
1000 hz: 0m44.628s | 1m34.497s 29.243s
250 hz: 1m28.510s | 4m49.269s 32.386s

linux-4.7  | min-max (msleep)  min-max (usleep_range)
1000 hz: 0:017 - 2:760s | 0:015 - 3:967s    0:014 - 0:418s
250 hz: 0:028 - 1:954s | 0:040 - 4:096s    0:016 - 0:816s

This patch replaces the msleep() with usleep_range() calls in the
i2c nuvoton driver with a consistent max range value.

Signed-of-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: stable@vger.kernel.org (linux-4.8)
Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:00 +03:00
Jason Gunthorpe
b4e2eb0651 tpm crb: Work around BIOS's that report the wrong ACPI region size
The expectation is that the if the CRB cmd/rsp buffer falls within the
ACPI region that the entire buffer will be within the reason. Otherwise
resource reservation will fail when it crosses regions.

Work around this BIOS bug by limiting the cmd/rsp buffer to the length
of the declared ACPI region. BIOS vendors should fix this by making
the ACPI and register length declarations consistent.

Reported-by: Davide Guerri <davide.guerri@gmail.com>
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Davide Guerri <davide.guerri@gmail.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:00 +03:00
Alexander Steffen
302a6ad7fc tpm_tis_core: Choose appropriate timeout for reading burstcount
TIS v1.3 for TPM 1.2 and PTP for TPM 2.0 disagree about which timeout
value applies to reading a valid burstcount. It is TIMEOUT_D according to
TIS, but TIMEOUT_A according to PTP, so choose the appropriate value
depending on whether we deal with a TPM 1.2 or a TPM 2.0.

This is important since according to the PTP TIMEOUT_D is much smaller
than TIMEOUT_A. So the previous implementation could run into timeouts
with a TPM 2.0, even though the TPM was behaving perfectly fine.

During tpm2_probe TIMEOUT_D will be used even with a TPM 2.0, because
TPM_CHIP_FLAG_TPM2 is not yet set. This is fine, since the timeout values
will only be changed afterwards by tpm_get_timeouts. Until then
TIS_TIMEOUT_D_MAX applies, which is large enough.

Cc: stable@vger.kernel.org
Fixes: aec04cbdf7 ("tpm: TPM 2.0 FIFO Interface")

Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com>
Signed-off-by: Peter Huewe <peter.huewe@infineon.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-04-03 22:46:00 +03:00
Logan Gunthorpe
8dbbf58251 tpm-chip: utilize new cdev_device_add helper function
Replace the open coded registration of the cdev and dev with the
new device_add_cdev() helper. The helper replaces a common pattern by
taking the proper reference against the parent device and adding both
the cdev and the device.

Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-03-21 06:44:33 +01:00
Jarkko Sakkinen
61841be635 tpm: declare tpm2_get_pcr_allocation() as static
There's no need to export tpm2_get_pcr_alloation() because it is only
a helper function for tpm2_auto_startup(). For the same reason it does
not make much sense to maintain documentation for it.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-02-20 13:23:18 +02:00
Stefan Berger
51b0be640c tpm: Fix expected number of response bytes of TPM1.2 PCR Extend
The TPM1.2 PCR Extend operation only returns 20 bytes in the body,
which is the size of the PCR state.

This fixes a problem where IMA gets errors with every PCR Extend.

Fixes: c659af78eb ("tpm: Check size of response before accessing data")
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-02-15 20:09:52 +02:00
Julia Lawall
5cec5bacd3 tpm xen: drop unneeded chip variable
The call that used chip was dropped in 1f0f30e404.  Drop the
leftover declaration and initialization.

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-02-14 19:24:33 +02:00
Dmitry Torokhov
39f5712b8f tpm: fix misspelled "facilitate" in module parameter description
I typoed "facilitate" as "faciltate" a few years back...

Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-02-14 19:24:33 +02:00
Wei Yongjun
5939eaf4f9 tpm_tis: fix the error handling of init_tis()
Add the missing platform_driver_unregister() and remove the duplicate
platform_device_unregister(force_pdev) in the error handling case.

Fixes: 00194826e6 ("tpm_tis: Clean up the force=1 module parameter")
Cc: stable@vger.kernel.org
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-02-14 19:24:33 +02:00
Dan Carpenter
70ea163699 tpm: silence an array overflow warning
We should check that we're within bounds first before checking that
"chip->active_banks[i] != TPM2_ALG_ERROR" so I've re-ordered the two
checks.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-02-03 22:33:55 +02:00
Stefan Berger
a118cf2a5b tpm: fix the type of owned field in cap_t
In cap_t the size of the type bool is assumed to be one byte. This
commit sorts out the issue by changing the type to u8.

Fixes: c659af78eb ("tpm: Check size of response before accessing data")
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-02-03 22:03:14 +02:00
Nayna Jain
4d23cc323c tpm: add securityfs support for TPM 2.0 firmware event log
Unlike the device driver support for TPM 1.2, the TPM 2.0 does
not support the securityfs pseudo files for displaying the
firmware event log.

This patch enables support for providing the TPM 2.0 event log in
binary form. TPM 2.0 event log supports a crypto agile format that
records multiple digests, which is different from TPM 1.2. This
patch enables the tpm_bios_log_setup for TPM 2.0  and adds the
event log parser which understand the TPM 2.0 crypto agile format.

Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Kenneth Goldman <kgold@linux.vnet.ibm.com>
Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-02-03 22:03:14 +02:00
Nayna Jain
e46e22f12b tpm: enhance read_log_of() to support Physical TPM event log
Physical TPMs use Open Firmware Device Tree bindings that are similar
to the IBM Power virtual TPM to support event log. However, these
properties store the values in different endianness for Physical
and Virtual TPM.

This patch fixes the endianness issue by doing appropriate conversion
based on Physical or Virtual TPM.

Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Kenneth Goldman <kgold@linux.vnet.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-02-03 22:03:14 +02:00
Nayna Jain
c1f92b4b04 tpm: enhance TPM 2.0 PCR extend to support multiple banks
The current TPM 2.0 device driver extends only the SHA1 PCR bank
but the TCG Specification[1] recommends extending all active PCR
banks, to prevent malicious users from setting unused PCR banks with
fake measurements and quoting them.

The existing in-kernel interface(tpm_pcr_extend()) expects only a
SHA1 digest.  To extend all active PCR banks with differing
digest sizes, the SHA1 digest is padded with trailing 0's as needed.

This patch reuses the defined digest sizes from the crypto subsystem,
adding a dependency on CRYPTO_HASH_INFO module.

[1] TPM 2.0 Specification referred here is "TCG PC Client Specific
Platform Firmware Profile for TPM 2.0"

Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Kenneth Goldman <kgold@linux.vnet.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-02-03 22:03:14 +02:00
Nayna Jain
1db15344f8 tpm: implement TPM 2.0 capability to get active PCR banks
This patch implements the TPM 2.0 capability TPM_CAP_PCRS to
retrieve the active PCR banks from the TPM. This is needed
to enable extending all active banks as recommended by TPM 2.0
TCG Specification.

Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Kenneth Goldman <kgold@linux.vnet.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-02-03 22:03:14 +02:00
Jarkko Sakkinen
7d761119a9 tpm: fix RC value check in tpm2_seal_trusted
The error code handling is broken as any error code that has the same
bits set as TPM_RC_HASH passes. Implemented tpm2_rc_value() helper to
parse the error value from FMT0 and FMT1 error codes so that these types
of mistakes are prevented in the future.

Fixes: 5ca4c20cfd ("keys, trusted: select hash algorithm for TPM2 chips")
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
2017-02-03 22:03:14 +02:00
Maciej S. Szmigiero
419a16d9cd tpm_tis: fix iTPM probe via probe_itpm() function
probe_itpm() function is supposed to send command without an itpm flag set
and if this fails to repeat it, this time with the itpm flag set.

However, commit 41a5e1cf1f ("tpm/tpm_tis: Split tpm_tis driver into a
core and TCG TIS compliant phy") moved the itpm flag from an "itpm"
variable to a TPM_TIS_ITPM_POSSIBLE chip flag, so setting the
(now function-local) itpm variable no longer had any effect.

Finally, this function-local itpm variable was removed by
commit 56af322156 ("tpm/tpm_tis: remove unused itpm variable")

Tested only on non-iTPM TIS TPM.

Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-02-03 22:03:14 +02:00
Jason Gunthorpe
fa2825da6f tpm: Begin the process to deprecate user_read_timer
For a long time the cdev read/write interface had this strange
idea that userspace had to read the result within 60 seconds otherwise
it is discarded. Perhaps this made sense under some older locking regime,
but in the modern kernel it is not required and is just dangerous.

Since something may be relying on this, double the timeout and print a
warning. We can remove the code in a few years, but this should be
enough to prevent new users.

Suggested-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-02-03 22:03:14 +02:00
Jarkko Sakkinen
1d1915532b tpm: remove tpm_read_index and tpm_write_index from tpm.h
These are non-generic functions and do not belong to tpm.h.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
2017-02-03 22:03:14 +02:00
Stefan Berger
c659af78eb tpm: Check size of response before accessing data
Make sure that we have not received less bytes than what is indicated
in the header of the TPM response. Also, check the number of bytes in
the response before accessing its data.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkine@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkine@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkine@linux.intel.com>
2017-01-23 18:28:18 +02:00
Maciej S. Szmigiero
1d70fe9d9c tpm_tis: use default timeout value if chip reports it as zero
Since commit 1107d065fd ("tpm_tis: Introduce intermediate layer for
TPM access") Atmel 3203 TPM on ThinkPad X61S (TPM firmware version 13.9)
no longer works.  The initialization proceeds fine until we get and
start using chip-reported timeouts - and the chip reports C and D
timeouts of zero.

It turns out that until commit 8e54caf407 ("tpm: Provide a generic
means to override the chip returned timeouts") we had actually let
default timeout values remain in this case, so let's bring back this
behavior to make chips like Atmel 3203 work again.

Use a common code that was introduced by that commit so a warning is
printed in this case and /sys/class/tpm/tpm*/timeouts correctly says the
timeouts aren't chip-original.

Fixes: 1107d065fd ("tpm_tis: Introduce intermediate layer for TPM access")
Cc: stable@vger.kernel.org
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-01-23 18:28:18 +02:00
Jason Gunthorpe
62bfdacbac tpm: Do not print an error message when doing TPM auto startup
This is a regression when this code was reworked and made the error
print unconditional. The original code deliberately suppressed printing
of the first error message so it could quietly sense
TPM_ERR_INVALID_POSTINIT.

Fixes: a502feb67b47 ("tpm: Clean up reading of timeout and duration capabilities")
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-01-23 18:28:18 +02:00
Jiandi An
19b7bf51fc tpm, tpm_crb: Handle 64-bit resource in crb_check_resource()
crb_check_resource() in TPM CRB driver calls
acpi_dev_resource_memory() which only handles 32-bit resources.
Adding a call to acpi_dev_resource_address_space() in TPM CRB
driver which handles 64-bit resources.

Signed-off-by: Jiandi An <anjiandi@codeaurora.org>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-01-23 18:28:18 +02:00
Geliang Tang
aea7f54f3c tpm/tpm_tis_spi: drop duplicate header module.h
Drop duplicate header module.h from tpm_tis_spi.c.

Signed-off-by: Geliang Tang <geliangtang@gmail.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-01-23 18:28:18 +02:00
Corentin Labbe
176cebc56b tpm/st33zp24: Remove unneeded linux/miscdevice.h include
tpm/st33zp24/st33zp24.c does not use any miscdevice so this patch remove
this unnecessary inclusion.

Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-01-23 18:28:18 +02:00
Winkler, Tomas
93c12f293f tpm/vtpm: fix kdoc warnings
Use corret kdoc format for function description and eliminate warning
of type:

tpm_ibmvtpm.c:66: warning: No description found for parameter 'count'

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-01-23 18:28:18 +02:00
Winkler, Tomas
2998b02b2f tmp: use pdev for parent device in tpm_chip_alloc
The tpm stack uses pdev name convention for the parent device.
Fix that also in tpm_chip_alloc().

Fixes: 3897cd9c8d ("tpm: Split out the devm stuff from tpmm_chip_alloc")'
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-01-23 18:28:18 +02:00
Winkler, Tomas
794c6e109b tpm/tpm2-chip: fix kdoc errors
Use correct kdoc format, describe correct parameters and return values.

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-01-23 18:28:18 +02:00
Winkler, Tomas
f865c19685 tpm: add kdoc for tpm_transmit and tpm_transmit_cmd
Functions tpm_transmit and transmit_cmd are referenced
from other functions kdoc hence deserve documentation.

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2017-01-23 18:28:17 +02:00
Linus Torvalds
a57cb1c1d7 Merge branch 'akpm' (patches from Andrew)
Merge more updates from Andrew Morton:

 - a few misc things

 - kexec updates

 - DMA-mapping updates to better support networking DMA operations

 - IPC updates

 - various MM changes to improve DAX fault handling

 - lots of radix-tree changes, mainly to the test suite. All leading up
   to reimplementing the IDA/IDR code to be a wrapper layer over the
   radix-tree. However the final trigger-pulling patch is held off for
   4.11.

* emailed patches from Andrew Morton <akpm@linux-foundation.org>: (114 commits)
  radix tree test suite: delete unused rcupdate.c
  radix tree test suite: add new tag check
  radix-tree: ensure counts are initialised
  radix tree test suite: cache recently freed objects
  radix tree test suite: add some more functionality
  idr: reduce the number of bits per level from 8 to 6
  rxrpc: abstract away knowledge of IDR internals
  tpm: use idr_find(), not idr_find_slowpath()
  idr: add ida_is_empty
  radix tree test suite: check multiorder iteration
  radix-tree: fix replacement for multiorder entries
  radix-tree: add radix_tree_split_preload()
  radix-tree: add radix_tree_split
  radix-tree: add radix_tree_join
  radix-tree: delete radix_tree_range_tag_if_tagged()
  radix-tree: delete radix_tree_locate_item()
  radix-tree: improve multiorder iterators
  btrfs: fix race in btrfs_free_dummy_fs_info()
  radix-tree: improve dump output
  radix-tree: make radix_tree_find_next_bit more useful
  ...
2016-12-14 17:25:18 -08:00
Matthew Wilcox
37f4915fef tpm: use idr_find(), not idr_find_slowpath()
idr_find_slowpath() is not intended to be part of the public API, it's
an implementation detail.  There's no reason to skip straight to the
slowpath here.

Link: http://lkml.kernel.org/r/1480369871-5271-64-git-send-email-mawilcox@linuxonhyperv.com
Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com>
Tested-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Ross Zwisler <ross.zwisler@linux.intel.com>
Cc: Peter Huewe <peterhuewe@gmx.de>
Cc: Marcel Selhorst <tpmdd@selhorst.net>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Cc: Matthew Wilcox <mawilcox@microsoft.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-12-14 16:04:10 -08:00
Linus Torvalds
683b96f4d1 Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
 "Generally pretty quiet for this release. Highlights:

  Yama:
   - allow ptrace access for original parent after re-parenting

  TPM:
   - add documentation
   - many bugfixes & cleanups
   - define a generic open() method for ascii & bios measurements

  Integrity:
   - Harden against malformed xattrs

  SELinux:
   - bugfixes & cleanups

  Smack:
   - Remove unnecessary smack_known_invalid label
   - Do not apply star label in smack_setprocattr hook
   - parse mnt opts after privileges check (fixes unpriv DoS vuln)"

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (56 commits)
  Yama: allow access for the current ptrace parent
  tpm: adjust return value of tpm_read_log
  tpm: vtpm_proxy: conditionally call tpm_chip_unregister
  tpm: Fix handling of missing event log
  tpm: Check the bios_dir entry for NULL before accessing it
  tpm: return -ENODEV if np is not set
  tpm: cleanup of printk error messages
  tpm: replace of_find_node_by_name() with dev of_node property
  tpm: redefine read_log() to handle ACPI/OF at runtime
  tpm: fix the missing .owner in tpm_bios_measurements_ops
  tpm: have event log use the tpm_chip
  tpm: drop tpm1_chip_register(/unregister)
  tpm: replace dynamically allocated bios_dir with a static array
  tpm: replace symbolic permission with octal for securityfs files
  char: tpm: fix kerneldoc tpm2_unseal_trusted name typo
  tpm_tis: Allow tpm_tis to be bound using DT
  tpm, tpm_vtpm_proxy: add kdoc comments for VTPM_PROXY_IOC_NEW_DEV
  tpm: Only call pm_runtime_get_sync if device has a parent
  tpm: define a generic open() method for ascii & bios measurements
  Documentation: tpm: add the Physical TPM device tree binding documentation
  ...
2016-12-14 13:57:44 -08:00
Jason Gunthorpe
9430066a15 tpm: adjust return value of tpm_read_log
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2016-11-28 01:31:33 +02:00