tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'tpmdd-next-6.19-rc1-v4' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd

Pull tpm updates from Jarkko Sakkinen:
"This contains changes to unify TPM return code translation between
trusted_tpm2 and TPM driver itself. Other than that the changes are
either bug fixes or minor imrovements"

* tag 'tpmdd-next-6.19-rc1-v4' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd:
KEYS: trusted: Use tpm_ret_to_err() in trusted_tpm2
tpm: Use -EPERM as fallback error code in tpm_ret_to_err
tpm: Cap the number of PCR banks
tpm: Remove tpm_find_get_ops
tpm: add WQ_PERCPU to alloc_workqueue users
tpm_crb: add missing loc parameter to kerneldoc
tpm_crb: Fix a spelling mistake
selftests: tpm2: Fix ill defined assertions

Linus Torvalds 028bd4a1 16460bf9

+42 -81
-37
drivers/char/tpm/tpm-chip.c
··· 231 231 EXPORT_SYMBOL_GPL(tpm_default_chip); 232 232 233 233 /** 234 - * tpm_find_get_ops() - find and reserve a TPM chip 235 - * @chip: a &struct tpm_chip instance, %NULL for the default chip 236 - * 237 - * Finds a TPM chip and reserves its class device and operations. The chip must 238 - * be released with tpm_put_ops() after use. 239 - * This function is for internal use only. It supports existing TPM callers 240 - * by accepting NULL, but those callers should be converted to pass in a chip 241 - * directly. 242 - * 243 - * Return: 244 - * A reserved &struct tpm_chip instance. 245 - * %NULL if a chip is not found. 246 - * %NULL if the chip is not available. 247 - */ 248 - struct tpm_chip *tpm_find_get_ops(struct tpm_chip *chip) 249 - { 250 - int rc; 251 - 252 - if (chip) { 253 - if (!tpm_try_get_ops(chip)) 254 - return chip; 255 - return NULL; 256 - } 257 - 258 - chip = tpm_default_chip(); 259 - if (!chip) 260 - return NULL; 261 - rc = tpm_try_get_ops(chip); 262 - /* release additional reference we got from tpm_default_chip() */ 263 - put_device(&chip->dev); 264 - if (rc) 265 - return NULL; 266 - return chip; 267 - } 268 - 269 - /** 270 234 * tpm_dev_release() - free chip memory and the device number 271 235 * @dev: the character device for the TPM chip 272 236 * ··· 246 282 247 283 kfree(chip->work_space.context_buf); 248 284 kfree(chip->work_space.session_buf); 249 - kfree(chip->allocated_banks); 250 285 #ifdef CONFIG_TCG_TPM2_HMAC 251 286 kfree(chip->auth); 252 287 #endif
+2 -1
drivers/char/tpm/tpm-dev-common.c
··· 275 275 276 276 int __init tpm_dev_common_init(void) 277 277 { 278 - tpm_dev_wq = alloc_workqueue("tpm_dev_wq", WQ_MEM_RECLAIM, 0); 278 + tpm_dev_wq = alloc_workqueue("tpm_dev_wq", WQ_MEM_RECLAIM | WQ_PERCPU, 279 + 0); 279 280 280 281 return !tpm_dev_wq ? -ENOMEM : 0; 281 282 }
+16 -4
drivers/char/tpm/tpm-interface.c
··· 313 313 { 314 314 int rc; 315 315 316 - chip = tpm_find_get_ops(chip); 317 316 if (!chip) 318 317 return -ENODEV; 318 + 319 + rc = tpm_try_get_ops(chip); 320 + if (rc) 321 + return rc; 319 322 320 323 rc = (chip->flags & TPM_CHIP_FLAG_TPM2) != 0; 321 324 ··· 341 338 { 342 339 int rc; 343 340 344 - chip = tpm_find_get_ops(chip); 345 341 if (!chip) 346 342 return -ENODEV; 343 + 344 + rc = tpm_try_get_ops(chip); 345 + if (rc) 346 + return rc; 347 347 348 348 if (chip->flags & TPM_CHIP_FLAG_TPM2) 349 349 rc = tpm2_pcr_read(chip, pcr_idx, digest, NULL); ··· 375 369 int rc; 376 370 int i; 377 371 378 - chip = tpm_find_get_ops(chip); 379 372 if (!chip) 380 373 return -ENODEV; 374 + 375 + rc = tpm_try_get_ops(chip); 376 + if (rc) 377 + return rc; 381 378 382 379 for (i = 0; i < chip->nr_allocated_banks; i++) { 383 380 if (digests[i].alg_id != chip->allocated_banks[i].alg_id) { ··· 501 492 if (!out || max > TPM_MAX_RNG_DATA) 502 493 return -EINVAL; 503 494 504 - chip = tpm_find_get_ops(chip); 505 495 if (!chip) 506 496 return -ENODEV; 497 + 498 + rc = tpm_try_get_ops(chip); 499 + if (rc) 500 + return rc; 507 501 508 502 if (chip->flags & TPM_CHIP_FLAG_TPM2) 509 503 rc = tpm2_get_random(chip, out, max);
-1
drivers/char/tpm/tpm.h
··· 267 267 int tpm_chip_bootstrap(struct tpm_chip *chip); 268 268 int tpm_chip_start(struct tpm_chip *chip); 269 269 void tpm_chip_stop(struct tpm_chip *chip); 270 - struct tpm_chip *tpm_find_get_ops(struct tpm_chip *chip); 271 270 272 271 struct tpm_chip *tpm_chip_alloc(struct device *dev, 273 272 const struct tpm_class_ops *ops);
-5
drivers/char/tpm/tpm1-cmd.c
··· 799 799 */ 800 800 int tpm1_get_pcr_allocation(struct tpm_chip *chip) 801 801 { 802 - chip->allocated_banks = kcalloc(1, sizeof(*chip->allocated_banks), 803 - GFP_KERNEL); 804 - if (!chip->allocated_banks) 805 - return -ENOMEM; 806 - 807 802 chip->allocated_banks[0].alg_id = TPM_ALG_SHA1; 808 803 chip->allocated_banks[0].digest_size = hash_digest_size[HASH_ALGO_SHA1]; 809 804 chip->allocated_banks[0].crypto_id = HASH_ALGO_SHA1;
+3 -5
drivers/char/tpm/tpm2-cmd.c
··· 550 550 551 551 nr_possible_banks = be32_to_cpup( 552 552 (__be32 *)&buf.data[TPM_HEADER_SIZE + 5]); 553 - 554 - chip->allocated_banks = kcalloc(nr_possible_banks, 555 - sizeof(*chip->allocated_banks), 556 - GFP_KERNEL); 557 - if (!chip->allocated_banks) { 553 + if (nr_possible_banks > TPM2_MAX_PCR_BANKS) { 554 + pr_err("tpm: out of bank capacity: %u > %u\n", 555 + nr_possible_banks, TPM2_MAX_PCR_BANKS); 558 556 rc = -ENOMEM; 559 557 goto out; 560 558 }
+3 -1
drivers/char/tpm/tpm_crb.c
··· 179 179 * 180 180 * @dev: crb device 181 181 * @priv: crb private data 182 + * @loc: locality 182 183 * 183 184 * Write CRB_CTRL_REQ_GO_IDLE to TPM_CRB_CTRL_REQ 184 185 * The device should respond within TIMEOUT_C by clearing the bit. ··· 234 233 * 235 234 * @dev: crb device 236 235 * @priv: crb private data 236 + * @loc: locality 237 237 * 238 238 * Write CRB_CTRL_REQ_CMD_READY to TPM_CRB_CTRL_REQ 239 239 * and poll till the device acknowledge it by clearing the bit. ··· 414 412 #ifdef CONFIG_ARM64 415 413 /* 416 414 * This is a TPM Command Response Buffer start method that invokes a 417 - * Secure Monitor Call to requrest the firmware to execute or cancel 415 + * Secure Monitor Call to request the firmware to execute or cancel 418 416 * a TPM 2.0 command. 419 417 */ 420 418 static int tpm_crb_smc_start(struct device *dev, unsigned long func_id)
+1 -2
drivers/char/tpm/tpm_tis_core.c
··· 265 265 266 266 /* 267 267 * Dump stack for forensics, as invalid TPM_STS.x could be 268 - * potentially triggered by impaired tpm_try_get_ops() or 269 - * tpm_find_get_ops(). 268 + * potentially triggered by impaired tpm_try_get_ops(). 270 269 */ 271 270 dump_stack(); 272 271 }
+8 -4
include/linux/tpm.h
··· 26 26 #include <crypto/aes.h> 27 27 28 28 #define TPM_DIGEST_SIZE 20 /* Max TPM v1.2 PCR size */ 29 - #define TPM_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE 29 + 30 + #define TPM2_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE 31 + #define TPM2_MAX_PCR_BANKS 8 30 32 31 33 struct tpm_chip; 32 34 struct trusted_key_payload; ··· 70 68 71 69 struct tpm_digest { 72 70 u16 alg_id; 73 - u8 digest[TPM_MAX_DIGEST_SIZE]; 71 + u8 digest[TPM2_MAX_DIGEST_SIZE]; 74 72 } __packed; 75 73 76 74 struct tpm_bank_info { ··· 191 189 unsigned int groups_cnt; 192 190 193 191 u32 nr_allocated_banks; 194 - struct tpm_bank_info *allocated_banks; 192 + struct tpm_bank_info allocated_banks[TPM2_MAX_PCR_BANKS]; 195 193 #ifdef CONFIG_ACPI 196 194 acpi_handle acpi_dev_handle; 197 195 char ppi_version[TPM_PPI_VERSION_LEN + 1]; ··· 456 454 return 0; 457 455 case TPM2_RC_SESSION_MEMORY: 458 456 return -ENOMEM; 457 + case TPM2_RC_HASH: 458 + return -EINVAL; 459 459 default: 460 - return -EFAULT; 460 + return -EPERM; 461 461 } 462 462 } 463 463
+7 -19
security/keys/trusted-keys/trusted_tpm2.c
··· 333 333 } 334 334 335 335 blob_len = tpm2_key_encode(payload, options, &buf.data[offset], blob_len); 336 + if (blob_len < 0) 337 + rc = blob_len; 336 338 337 339 out: 338 340 tpm_buf_destroy(&sized); 339 341 tpm_buf_destroy(&buf); 340 342 341 - if (rc > 0) { 342 - if (tpm2_rc_value(rc) == TPM2_RC_HASH) 343 - rc = -EINVAL; 344 - else 345 - rc = -EPERM; 346 - } 347 - if (blob_len < 0) 348 - rc = blob_len; 349 - else 343 + if (!rc) 350 344 payload->blob_len = blob_len; 351 345 352 346 out_put: 353 347 tpm_put_ops(chip); 354 - return rc; 348 + return tpm_ret_to_err(rc); 355 349 } 356 350 357 351 /** ··· 449 455 out: 450 456 tpm_buf_destroy(&buf); 451 457 452 - if (rc > 0) 453 - rc = -EPERM; 454 - 455 - return rc; 458 + return tpm_ret_to_err(rc); 456 459 } 457 460 458 461 /** ··· 512 521 tpm_buf_fill_hmac_session(chip, &buf); 513 522 rc = tpm_transmit_cmd(chip, &buf, 6, "unsealing"); 514 523 rc = tpm_buf_check_hmac_response(chip, &buf, rc); 515 - if (rc > 0) 516 - rc = -EPERM; 517 524 518 525 if (!rc) { 519 526 data_len = be16_to_cpup( ··· 544 555 545 556 out: 546 557 tpm_buf_destroy(&buf); 547 - return rc; 558 + return tpm_ret_to_err(rc); 548 559 } 549 560 550 561 /** ··· 576 587 577 588 out: 578 589 tpm_put_ops(chip); 579 - 580 - return rc; 590 + return tpm_ret_to_err(rc); 581 591 }
+2 -2
tools/testing/selftests/tpm2/tpm2.py
··· 437 437 438 438 def extend_pcr(self, i, dig, bank_alg = TPM2_ALG_SHA1): 439 439 ds = get_digest_size(bank_alg) 440 - assert(ds == len(dig)) 440 + assert ds == len(dig) 441 441 442 442 auth_cmd = AuthCommand() 443 443 ··· 589 589 def seal(self, parent_key, data, auth_value, policy_dig, 590 590 name_alg = TPM2_ALG_SHA1): 591 591 ds = get_digest_size(name_alg) 592 - assert(not policy_dig or ds == len(policy_dig)) 592 + assert not policy_dig or ds == len(policy_dig) 593 593 594 594 attributes = 0 595 595 if not policy_dig: