summaryrefslogtreecommitdiffstats
path: root/drivers/char/tpm
AgeCommit message (Collapse)Author
2013-04-17TPM: Retry SaveState command in suspend pathDuncan Laurie
If the TPM has already been sent a SaveState command before the driver is loaded it may have problems sending that same command again later. This issue is seen with the Chromebook Pixel due to a firmware bug in the legacy mode boot path which is sending the SaveState command before booting the kernel. More information is available at http://crbug.com/203524 This change introduces a retry of the SaveState command in the suspend path in order to work around this issue. A future firmware update should fix this but this is also a trivial workaround in the driver that has no effect on systems that do not show this problem. When this does happen the TPM responds with a non-fatal TPM_RETRY code that is defined in the specification: The TPM is too busy to respond to the command immediately, but the command could be resubmitted at a later time. The TPM MAY return TPM_RETRY for any command at any time. It can take several seconds before the TPM will respond again. I measured a typical time between 3 and 4 seconds and the timeout is set at a safe 5 seconds. It is also possible to reproduce this with commands via /dev/tpm0. The bug linked above has a python script attached which can be used to test for this problem. I tested a variety of TPMs from Infineon, Nuvoton, Atmel, and STMicro but was only able to reproduce this with LPC and I2C TPMs from Infineon. The TPM specification only loosely defines this behavior: TPM Main Level 2 Part 3 v1.2 r116, section 3.3. TPM_SaveState: The TPM MAY declare all preserved values invalid in response to any command other than TPM_Init. TCG PC Client BIOS Spec 1.21 section 8.3.1. After issuing a TPM_SaveState command, the OS SHOULD NOT issue TPM commands before transitioning to S3 without issuing another TPM_SaveState command. TCG PC Client TIS 1.21, section 4. Power Management: The TPM_SaveState command allows a Static OS to indicate to the TPM that the platform may enter a low power state where the TPM will be required to enter into the D3 power state. The use of the term "may" is significant in that there is no requirement for the platform to actually enter the low power state after sending the TPM_SaveState command. The software may, in fact, send subsequent commands after sending the TPM_SaveState command. Change-Id: I52b41e826412688e5b6c8ddd3bb16409939704e9 Signed-off-by: Duncan Laurie <dlaurie@chromium.org> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-04-12tpm/tpm_i2c_infineon: Add small comment about return value of __i2c_transferPeter Huewe
Kent Yoder indicated that the code might be a bit clearer with a comment here, so this patch adds a small explanation of the code. Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-04-12tpm/tpm_i2c_infineon.c: Add OF attributes type and name to the of_device_id ↵Peter Huewe
table entries As the subject says. It's probably a good idea to have these fields populated. Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-04-12tpm_i2c_stm_st33: Remove duplicate inclusion of header filesSachin Kamat
module.h and sched.h were included twice. Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-04-12tpm: Add support for new Infineon I2C TPM (SLB 9645 TT 1.2 I2C)Peter Huewe
This driver adds support for Infineon's new SLB 9645 TT 1.2 I2C TPMs, which supports clockstretching, combined reads and a bus speed of up to 400khz. The device also has a new device id. The driver works now also fine with device trees, so you can instantiate your device by adding: + tpm { + compatible = "infineon,slb9645tt"; + reg = <0x20>; + }; for SLB 9645 devices or + tpm { + compatible = "infineon,slb9635tt"; + reg = <0x20>; + }; for SLB 9635 devices to your device tree. tpm_i2c_infineon is also retained as a compatible id as a fallback to slb9635 protocol. The driver was tested on Beaglebone. Signed-off-by: Peter Huewe <peter.huewe@infineon.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-04-12char/tpm: Convert struct i2c_msg initialization to C99 formatShubhrajyoti Datta
Convert the struct i2c_msg initialization to C99 format. This makes maintaining and editing the code simpler. Also helps once other fields like transferred are added in future. Thanks to Julia Lawall for automating the conversion. Signed-off-by: Shubhrajyoti D <shubhrajyoti@ti.com> Acked-by: Peter Huewe <peter.huewe@infineon.com> Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-04-12drivers/char/tpm/tpm_ppi: use strlcpy instead of strncpyChen Gang
Ensure that the 'version' string includes a NULL terminator after its copied out of the acpi table. Signed-off-by: Chen Gang <gang.chen@asianux.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-04-12tpm/tpm_i2c_stm_st33: formatting and white space changesPeter Huewe
Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-14tpm/ibmvtpm: build only when IBM pseries is configuredKent Yoder
Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05tpm_tis: check pnp_acpi_device return codeKent Yoder
Reported-by: Peter Hüwe <peterhuewe@gmx.de> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05char/tpm/tpm_i2c_stm_st33: drop temporary variable for return valuePeter Huewe
We don't need a temporary variable just to store the return value which gets return in the next statement. Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05char/tpm/tpm_i2c_stm_st33: remove dead assignment in tpm_st33_i2c_probePeter Huewe
Err is never read before it is assigned again -> remove the dead assigment. Found with clang static analyzer Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05char/tpm/tpm_i2c_stm_st33: Remove __devexit attributePeter Huewe
With the HOTPLUG changes 3.8 this attribute is going away. Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05char/tpm/tpm_i2c_stm_st33: Don't use memcpy for one byte assignmentPeter Huewe
We don't need to call memcpy for one byte, but assign it directly. And to make the offset clearer we use the array syntax on the subsequent call to memset to make the relationship clearer. Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05tpm_i2c_stm_st33: removed unused variables/codeKent Yoder
Reported-by: Peter Hüwe <PeterHuewe@gmx.de> Signed-off-by: Peter Hüwe <PeterHuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05TPM: Wait for TPM_ACCESS tpmRegValidSts to go high at startupJason Gunthorpe
The TIS specification (pg 47) says the valid bit must be set, but the TPM will not set it until it has completed its internal startup. The driver checks that the valid bit is set during request_locality, but it issues a TPM_ACCESS_REQUEST_USE without validating the valid bit is set. Some TPMs will ignore the TPM_ACCESS_REQUEST_USE, until valid is set which causes the request_locality to timeout, which breaks the driver attach. Wait one timeout unit for valid to assert. If valid does not assert then assume -ENODEV. Seen on embedded with a: 1.2 TPM (device-id 0x3204, rev-id 64) Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05tpm: Fix cancellation of TPM commands (interrupt mode)Stefan Berger
Support cancellation of TPM commands when driver is used in interrupt mode. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05tpm: Fix cancellation of TPM commands (polling mode)Stefan Berger
On one of my machines the cancellation of TPM commands does not work. The reason is that by writing into sysfs 'cancel' the tpm_tis_ready call causes the status flag TPM_STS_VALID to be set in the statusregister. However, the TIS driver seems to wait for TPM_STS_COMMAND_READY. Once a 2nd time sysfs 'cancel' is written to, the TPM_STS_COMMAND_READY flag also gets set, resulting in TPM_STS_VALID|TPM_STS_COMMAND_READY to be read from the status register. This patch now converts req_canceled into a function to enable more complex comparisons against possible cancellation status codes. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05tpm: Store TPM vendor IDStefan Berger
Store the TPM vendor ID for later use. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05TPM: Work around buggy TPMs that block during continue self testJason Gunthorpe
We've been testing an alternative TPM for our embedded products and found random kernel boot failures due to time outs after the continue self test command. This was happening randomly, and has been *very* hard to track down, but it looks like with this chip there is some kind of race with the tpm_tis_status() check of TPM_STS_COMMAND_READY. If things get there 'too fast' then it sees the chip is ready, or tpm_tis_ready() works. Otherwise it takes somewhere over 400ms before the chip will return TPM_STS_COMMAND_READY. Adding some delay after tpm_continue_selftest() makes things reliably hit the failure path, otherwise it is a crapshot. The spec says it should be returning TPM_WARN_DOING_SELFTEST, not holding off on ready.. Boot log during this event looks like this: tpm_tis 70030000.tpm_tis: 1.2 TPM (device-id 0x3204, rev-id 64) tpm_tis 70030000.tpm_tis: Issuing TPM_STARTUP tpm_tis 70030000.tpm_tis: tpm_transmit: tpm_send: error -62 tpm_tis 70030000.tpm_tis: [Hardware Error]: TPM command timed out during continue self test tpm_tis 70030000.tpm_tis: tpm_transmit: tpm_send: error -62 tpm_tis 70030000.tpm_tis: [Hardware Error]: TPM command timed out during continue self test tpm_tis 70030000.tpm_tis: tpm_transmit: tpm_send: error -62 tpm_tis 70030000.tpm_tis: [Hardware Error]: TPM command timed out during continue self test tpm_tis 70030000.tpm_tis: tpm_transmit: tpm_send: error -62 tpm_tis 70030000.tpm_tis: [Hardware Error]: TPM command timed out during continue self test The other TPM vendor we use doesn't show this wonky behaviour: tpm_tis 70030000.tpm_tis: 1.2 TPM (device-id 0xFE, rev-id 70) Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05tpm_i2c_stm_st33: fix oops when i2c client is unavailableKent Yoder
When no i2c bus exists, user-space can cause an oops by triggering a device probe through a message sent to an i2c "new_device" sysfs entry. Adding a check for a NULL i2c client structure in the probe function closes the hole. This patch also fixes accessing the NULL client struct in the print function call reporting the error. Reported-by: Peter Hüwe <PeterHuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05char/tpm: Use struct dev_pm_ops for power managementPeter Huewe
This patch converts the suspend and resume functions for tpm_i2c_stm_st33 to the new dev_pm_ops. Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05TPM: STMicroelectronics ST33 I2C BUILD STUFFMathias Leblanc
* STMicroelectronics version 1.2.0, Copyright (C) 2010 * STMicroelectronics comes with ABSOLUTELY NO WARRANTY. * This is free software, and you are welcome to redistribute it * under certain conditions. This is the driver for TPM chip from ST Microelectronics. If you have a TPM security chip from STMicroelectronics working with an I2C, in menuconfig or .config choose the tpm driver on device --> tpm and activate the protocol of your choice before compiling the kernel. The driver will be accessible from within Linux. Tested on linux x86/x64, beagleboard REV B & XM REV C and CHROMIUM OS Signed-off-by: Mathias Leblanc <mathias.leblanc@st.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05tpm: rename STM driver to match other i2c driversKent Yoder
Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05tpm: STM i2c driver fixesKent Yoder
Store the i2c_client struct in the vendor private pointer. Get rid of the unnecessary include/linux/i2c/ header. Moved include files into the driver c file. Fix smatch warnings. Make use of module_i2c_driver(). Removed unused code from the tpm_stm_st33_i2c.h file. Fix return variable signedness in tpm_stm_i2c_send() and tpm_st33_i2c_probe(). Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05tpm: rename vendor data to priv and provide an accessorKent Yoder
"data" was too generic a name for what's being used as a generic private pointer by vendor-specific code. Rename it to "priv" and provide a #define for users. Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05TPM: STMicroelectronics ST33 I2C KERNEL 3.xMathias Leblanc
* STMicroelectronics version 1.2.0, Copyright (C) 2010 * STMicroelectronics comes with ABSOLUTELY NO WARRANTY. * This is free software, and you are welcome to redistribute it * under certain conditions. This is the driver for TPM chip from ST Microelectronics. If you have a TPM security chip from STMicroelectronics working with an I2C, in menuconfig or .config choose the tpm driver on device --> tpm and activate the protocol of your choice before compiling the kernel. The driver will be accessible from within Linux. Tested on linux x86/x64 on kernel 3.x Signed-off-by: Mathias Leblanc <mathias.leblanc@st.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05char/tpm: Use true and false for boolsPeter Huewe
Bool initializations should use true and false. Bool tests don't need comparisons. Based on contributions from Joe Perches, Rusty Russell and Bruce W Allan. The semantic patch that makes this output is available in scripts/coccinelle/misc/boolinit.cocci. More information about semantic patching is available at http://coccinelle.lip6.fr/ Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05TPM: Switch to __packed instead of __attribute__((packed))Jason Gunthorpe
This seems to be preferred these days. Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05TPM: Issue TPM_STARTUP at driver load if the TPM has not been startedJason Gunthorpe
The TPM will respond to TPM_GET_CAP with TPM_ERR_INVALID_POSTINIT if TPM_STARTUP has not been issued. Detect this and automatically issue TPM_STARTUP. This is for embedded applications where the kernel is the first thing to touch the TPM. Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Tested-by: Peter Huewe <peter.huewe@infineon.com> Reviewed-by: Peter Huewe <peter.huewe@infineon.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05char/tpm: simplify duration calculation and eliminate smatch warning.Peter Huewe
This patch changes the semantics of the duration calculation for an ordinal, by masking out the higher bits of a tpm command, which specify whether it's an TPM_PROTECTED_COMMAND, TPM_UNPROTECTED_COMMAND, TPM_CONNECTION_COMMAND, TPM_CONNECTION_COMMAND, TPM_VENDOR_COMMAND. (See TPM Main Spec Part 2 Section 17 for details). For all TPM_PROTECTED and TPM_CONNECTION commands the results are unchanged. The TPM_UNPROTECTED commands are TSS commands and thus irrelevant as they are not sent to the tpm. For vendor commands the semantics change for ordinals 10 and 11 but they were probably wrong anyway. For everything else which has the ordinal set to 10 or 11 the semantics change as it now uses TPM_UNDEFINED instead of TPM_SHORT which was probably wrong anyway (but irrelevant as not defined by the standard). This patch also gets rid of the (false positive) smatch warning: drivers/char/tpm/tpm.c:360 tpm_calc_ordinal_duration() error: buffer overflow 'tpm_protected_ordinal_duration' 12 <= 243 Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2013-02-05char/tpm: Remove duplicated lookup tablePeter Huewe
The entries in tpm_protected_ordinal_duration are exactly the same as the first 12 in tpm_ordinal_duration, so we can simply remove this one, and save some bytes. This does not change the behavior of the driver. Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2012-12-16Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull security subsystem updates from James Morris: "A quiet cycle for the security subsystem with just a few maintenance updates." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: Smack: create a sysfs mount point for smackfs Smack: use select not depends in Kconfig Yama: remove locking from delete path Yama: add RCU to drop read locking drivers/char/tpm: remove tasklet and cleanup KEYS: Use keyring_alloc() to create special keyrings KEYS: Reduce initial permissions on keys KEYS: Make the session and process keyrings per-thread seccomp: Make syscall skipping and nr changes more consistent key: Fix resource leak keys: Fix unreachable code KEYS: Add payload preparsing opportunity prior to key instantiate or update
2012-12-11Merge tag 'char-misc-3.8-rc1' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull Char/Misc driver merge from Greg Kroah-Hartman: "Here is the "big" char/misc driver patches for 3.8-rc1. I'm starting to put random driver subsystems that I had previously sent you through the driver-core tree in this tree, as it makes more sense to do so. Nothing major here, the various __dev* removals, some mei driver updates, and other random driver-specific things from the different maintainers and developers. Note, some MFD drivers got added through this tree, and they are also coming in through the "real" MFD tree as well, due to some major mis-communication between me and the different developers. If you have any merge conflicts, take the ones from the MFD tree, not these ones, sorry about that. All of this has been in linux-next for a while. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>" Fix up trivial conflict in drivers/mmc/host/Kconfig due to new drivers having been added (both at the end, as usual..) * tag 'char-misc-3.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (84 commits) MAINTAINERS: remove drivers/staging/hv/ misc/st_kim: Free resources in the error path of probe() drivers/char: for hpet, add count checking, and ~0UL instead of -1 w1-gpio: Simplify & get rid of defines w1-gpio: Pinctrl-fy extcon: remove use of __devexit_p extcon: remove use of __devinit extcon: remove use of __devexit drivers: uio: Only allocate new private data when probing device tree node drivers: uio_dmem_genirq: Allow partial success when opening device drivers: uio_dmem_genirq: Don't use DMA_ERROR_CODE to indicate unmapped regions drivers: uio_dmem_genirq: Don't mix address spaces for dynamic region vaddr uio: remove use of __devexit uio: remove use of __devinitdata uio: remove use of __devinit uio: remove use of __devexit_p char: remove use of __devexit char: remove use of __devinitconst char: remove use of __devinitdata char: remove use of __devinit ...
2012-11-28tpm_infineon: remove use of __devexit_pBill Pemberton
CONFIG_HOTPLUG is going away as an option so __devexit_p is no longer needed. Signed-off-by: Bill Pemberton <wfp5p@virginia.edu> Cc: Rajiv Andrade <mail@srajiv.net> Cc: Marcel Selhorst <tpmdd@selhorst.net> Cc: Sirrix AG <tpmdd@sirrix.com> Acked-by: Kent Yoder <key@linux.vnet.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-11-28tpm: remove use of __devinitBill Pemberton
CONFIG_HOTPLUG is going away as an option so __devinit is no longer needed. Signed-off-by: Bill Pemberton <wfp5p@virginia.edu> Cc: Rajiv Andrade <mail@srajiv.net> Cc: Marcel Selhorst <tpmdd@selhorst.net> Cc: Sirrix AG <tpmdd@sirrix.com> Acked-by: Kent Yoder <key@linux.vnet.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-11-21char: remove use of __devexitBill Pemberton
CONFIG_HOTPLUG is going away as an option so __devexit is no longer needed. Signed-off-by: Bill Pemberton <wfp5p@virginia.edu> Cc: David Airlie <airlied@linux.ie> Cc: Olof Johansson <olof@lixom.net> Cc: Mattia Dongili <malattia@linux.it> Cc: Kent Yoder <key@linux.vnet.ibm.com> Cc: Rajiv Andrade <mail@srajiv.net> Cc: Marcel Selhorst <tpmdd@selhorst.net> Cc: Sirrix AG <tpmdd@sirrix.com> Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-arm-kernel@lists.infradead.org Cc: openipmi-developer@lists.sourceforge.net Cc: platform-driver-x86@vger.kernel.org Cc: tpmdd-devel@lists.sourceforge.net Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-11-21char: remove use of __devinitdataBill Pemberton
CONFIG_HOTPLUG is going away as an option so __devinitdata is no longer needed. Signed-off-by: Bill Pemberton <wfp5p@virginia.edu> Cc: David Airlie <airlied@linux.ie> Cc: Kent Yoder <key@linux.vnet.ibm.com> Cc: Rajiv Andrade <mail@srajiv.net> Cc: Marcel Selhorst <tpmdd@selhorst.net> Cc: Sirrix AG <tpmdd@sirrix.com> Cc: openipmi-developer@lists.sourceforge.net Cc: tpmdd-devel@lists.sourceforge.net Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-11-01drivers/char/tpm: remove tasklet and cleanupAshley Lai
This patch removed the tasklet and moved the wait queue into the private structure. It also cleaned up the response CRQ path. Signed-off-by: Ashley Lai <adlai@us.ibm.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2012-10-11Merge branch 'tpmdd-next-v3.6' of git://github.com/shpedoikal/linux into ↵James Morris
for-linus
2012-10-10tpm: Propagate error from tpm_transmit to fix a timeout hangPeter Huewe
tpm_write calls tpm_transmit without checking the return value and assigns the return value unconditionally to chip->pending_data, even if it's an error value. This causes three bugs. So if we write to /dev/tpm0 with a tpm_param_size bigger than TPM_BUFSIZE=0x1000 (e.g. 0x100a) and a bufsize also bigger than TPM_BUFSIZE (e.g. 0x100a) tpm_transmit returns -E2BIG which is assigned to chip->pending_data as -7, but tpm_write returns that TPM_BUFSIZE bytes have been successfully been written to the TPM, altough this is not true (bug #1). As we did write more than than TPM_BUFSIZE bytes but tpm_write reports that only TPM_BUFSIZE bytes have been written the vfs tries to write the remaining bytes (in this case 10 bytes) to the tpm device driver via tpm_write which then blocks at /* cannot perform a write until the read has cleared either via tpm_read or a user_read_timer timeout */ while (atomic_read(&chip->data_pending) != 0) msleep(TPM_TIMEOUT); for 60 seconds, since data_pending is -7 and nobody is able to read it (since tpm_read luckily checks if data_pending is greater than 0) (#bug 2). After that the remaining bytes are written to the TPM which are interpreted by the tpm as a normal command. (bug #3) So if the last bytes of the command stream happen to be a e.g. tpm_force_clear this gets accidentally sent to the TPM. This patch fixes all three bugs, by propagating the error code of tpm_write and returning -E2BIG if the input buffer is too big, since the response from the tpm for a truncated value is bogus anyway. Moreover it returns -EBUSY to userspace if there is a response ready to be read. Signed-off-by: Peter Huewe <peter.huewe@infineon.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2012-10-10driver/char/tpm: fix regression causesd by ppiGang Wei
This patch try to fix the S3 regression https://lkml.org/lkml/2012/10/5/433, which includes below line: [ 1554.684638] sysfs: cannot create duplicate filename '/devices/pnp0/00:0c/ppi' The root cause is that ppi sysfs teardown code is MIA, so while S3 resume, the ppi kobject will be created again upon existing one. To make the tear down code simple, change the ppi subfolder creation from using kobject_create_and_add to just using a named ppi attribute_group. Then ppi sysfs teardown could be done with a simple sysfs_remove_group call. Adjusted the name & return type for ppi sysfs init function. Reported-by: Ben Guthro <ben@guthro.net> Signed-off-by: Gang Wei <gang.wei@intel.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2012-10-02Merge branch 'next' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull security subsystem updates from James Morris: "Highlights: - Integrity: add local fs integrity verification to detect offline attacks - Integrity: add digital signature verification - Simple stacking of Yama with other LSMs (per LSS discussions) - IBM vTPM support on ppc64 - Add new driver for Infineon I2C TIS TPM - Smack: add rule revocation for subject labels" Fixed conflicts with the user namespace support in kernel/auditsc.c and security/integrity/ima/ima_policy.c. * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (39 commits) Documentation: Update git repository URL for Smack userland tools ima: change flags container data type Smack: setprocattr memory leak fix Smack: implement revoking all rules for a subject label Smack: remove task_wait() hook. ima: audit log hashes ima: generic IMA action flag handling ima: rename ima_must_appraise_or_measure audit: export audit_log_task_info tpm: fix tpm_acpi sparse warning on different address spaces samples/seccomp: fix 31 bit build on s390 ima: digital signature verification support ima: add support for different security.ima data types ima: add ima_inode_setxattr/removexattr function and calls ima: add inode_post_setattr call ima: replace iint spinblock with rwlock/read_lock ima: allocating iint improvements ima: add appraise action keywords and default rules ima: integrity appraisal extension vfs: move ima_file_free before releasing the file ...
2012-10-02Merge branch 'for-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wqLinus Torvalds
Pull workqueue changes from Tejun Heo: "This is workqueue updates for v3.7-rc1. A lot of activities this round including considerable API and behavior cleanups. * delayed_work combines a timer and a work item. The handling of the timer part has always been a bit clunky leading to confusing cancelation API with weird corner-case behaviors. delayed_work is updated to use new IRQ safe timer and cancelation now works as expected. * Another deficiency of delayed_work was lack of the counterpart of mod_timer() which led to cancel+queue combinations or open-coded timer+work usages. mod_delayed_work[_on]() are added. These two delayed_work changes make delayed_work provide interface and behave like timer which is executed with process context. * A work item could be executed concurrently on multiple CPUs, which is rather unintuitive and made flush_work() behavior confusing and half-broken under certain circumstances. This problem doesn't exist for non-reentrant workqueues. While non-reentrancy check isn't free, the overhead is incurred only when a work item bounces across different CPUs and even in simulated pathological scenario the overhead isn't too high. All workqueues are made non-reentrant. This removes the distinction between flush_[delayed_]work() and flush_[delayed_]_work_sync(). The former is now as strong as the latter and the specified work item is guaranteed to have finished execution of any previous queueing on return. * In addition to the various bug fixes, Lai redid and simplified CPU hotplug handling significantly. * Joonsoo introduced system_highpri_wq and used it during CPU hotplug. There are two merge commits - one to pull in IRQ safe timer from tip/timers/core and the other to pull in CPU hotplug fixes from wq/for-3.6-fixes as Lai's hotplug restructuring depended on them." Fixed a number of trivial conflicts, but the more interesting conflicts were silent ones where the deprecated interfaces had been used by new code in the merge window, and thus didn't cause any real data conflicts. Tejun pointed out a few of them, I fixed a couple more. * 'for-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq: (46 commits) workqueue: remove spurious WARN_ON_ONCE(in_irq()) from try_to_grab_pending() workqueue: use cwq_set_max_active() helper for workqueue_set_max_active() workqueue: introduce cwq_set_max_active() helper for thaw_workqueues() workqueue: remove @delayed from cwq_dec_nr_in_flight() workqueue: fix possible stall on try_to_grab_pending() of a delayed work item workqueue: use hotcpu_notifier() for workqueue_cpu_down_callback() workqueue: use __cpuinit instead of __devinit for cpu callbacks workqueue: rename manager_mutex to assoc_mutex workqueue: WORKER_REBIND is no longer necessary for idle rebinding workqueue: WORKER_REBIND is no longer necessary for busy rebinding workqueue: reimplement idle worker rebinding workqueue: deprecate __cancel_delayed_work() workqueue: reimplement cancel_delayed_work() using try_to_grab_pending() workqueue: use mod_delayed_work() instead of __cancel + queue workqueue: use irqsafe timer for delayed_work workqueue: clean up delayed_work initializers and add missing one workqueue: make deferrable delayed_work initializer names consistent workqueue: cosmetic whitespace updates for macro definitions workqueue: deprecate system_nrt[_freezable]_wq workqueue: deprecate flush[_delayed]_work_sync() ...
2012-09-12tpm: fix tpm_acpi sparse warning on different address spacesKent Yoder
acpi_os_map_memory expects its return value to be in the __iomem address space. Tag the variable we're using as such and use memcpy_fromio to avoid further sparse warnings. Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
2012-09-04driver/char/tpm: declare internal symbols as staticXiaoyan Zhang
This patch declares the internal struct and functions as static to provide more security. Signed-off-by: Xiaoyan Zhang <xiaoyan.zhang@intel.com> Signed-off-by: Fengguang Wu <fengguang.wu@intel.com> Reviewed-by: Kent Yoder <key@linux.vnet.ibm.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
2012-08-22driver: add PPI support in tpm driverXiaoyan Zhang
The Physical Presence Interface enables the OS and the BIOS to cooperate and provides a simple and straightforward platform user experience for administering the TPM without sacrificing security. V2: separate the patch out in a separate source file, add #ifdef CONFIG_ACPI so it compiles out on ppc, use standard error instead of ACPI error as return code of show/store fns. V3: move #ifdef CONFIG_ACPI from .c file to .h file. V4: move tpm_ppi code from tpm module to tpm_bios module. V5: modify sys_add_ppi() so that ppi_attr_grp doesn't need to be exported Signed-off-by: Xiaoyan Zhang <xiaoyan.zhang@intel.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2012-08-22tpm: Do not dereference NULL pointer if acpi_os_map_memory() fails.Jesper Juhl
In drivers/char/tpm/tpm_acpi.c::read_log() we call acpi_os_map_memory(). That call may fail for a number of reasons (invalid address, out of memory etc). If the call fails it returns NULL and we just pass that to memcpy() unconditionally, which will go bad when it tries to dereference the pointer. Unfortunately we just get NULL back, so we can't really tell the user exactely what went wrong, but we can at least avoid crashing and return an error (-EIO seemed more generic and more suitable here than -ENOMEM or something else, so I picked that). Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2012-08-22drivers/char/tpm: Add securityfs support for event logAshley Lai
This patch retrieves the event log data from the device tree during file open. The event log data will then displayed through securityfs. Signed-off-by: Ashley Lai <adlai@us.ibm.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2012-08-22drivers/char/tpm: Add new device driver to support IBM vTPMAshley Lai
This patch adds a new device driver to support IBM virtual TPM (vTPM) for PPC64. IBM vTPM is supported through the adjunct partition with firmware release 740 or higher. With vTPM support, each lpar is able to have its own vTPM without the physical TPM hardware. This driver provides TPM functionalities by communicating with the vTPM adjunct partition through Hypervisor calls (Hcalls) and Command/Response Queue (CRQ) commands. Signed-off-by: Ashley Lai <adlai@us.ibm.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>