From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Paul Menzel <pmenzel@molgen.mpg.de>,
linux-integrity <linux-integrity@vger.kernel.org>
Subject: Re: TPM selftest failure in 4.15
Date: Thu, 01 Feb 2018 21:00:04 +0100 [thread overview]
Message-ID: <1517515204.3145.51.camel@HansenPartnership.com> (raw)
In-Reply-To: <20180201185909.GW17053@ziepe.ca>
On Thu, 2018-02-01 at 11:59 -0700, Jason Gunthorpe wrote:
> On Thu, Feb 01, 2018 at 07:46:04PM +0100, James Bottomley wrote:
>
> >
> > I honestly don't think we should be waiting for the self test at
> > all.
> > We should kick it off and treat any TPM_RC_TESTING error as
> > -EAGAIN.
> > We're already under fire for slow boot sequences and adding 2s just
> > to
> > wait for the TPM to self test adds to that for no real value.
>
> Arguably the BIOS should have completed the selftest - this stuff
> generally only exists to support embedded.
>
> I don't like the idea of EAGAIN, that just expose all our users to
> this mess.
>
> I would support making transmit_cmd genericly wait and retry if the
> TPM insists we need to wait for selftest to complete the specific
> command though.
OK, how about this then?
James
---
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index 1d6729be4cd6..84ed271c060b 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -521,12 +521,32 @@ ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_space *space,
const struct tpm_output_header *header = buf;
int err;
ssize_t len;
+ unsigned int delay_msec = 20;
- len = tpm_transmit(chip, space, (u8 *)buf, bufsiz, flags);
- if (len < 0)
- return len;
+ /*
+ * on first probe we kick off a TPM self test in the
+ * background This means the TPM may return RC_TESTING to any
+ * command that tries to use a subsystem under test, so do an
+ * exponential backoff wait if that happens
+ */
+ for (;;) {
+ len = tpm_transmit(chip, space, (u8 *)buf, bufsiz, flags);
+ if (len < 0)
+ return len;
+
+ err = be32_to_cpu(header->return_code);
+ if (err != TPM2_RC_TESTING ||
+ (flags & TPM_TRANSMIT_NOWAIT))
+ break;
+
+ delay_msec *= 2;
+ if (delay_msec > TPM2_DURATION_LONG) {
+ dev_err(&chip->dev,"TPM: still running self tests, giving up waiting\n");
+ break;
+ }
+ tpm_msleep(delay_msec);
+ }
- err = be32_to_cpu(header->return_code);
if (err != 0 && desc)
dev_err(&chip->dev, "A TPM error (%d) occurred %s\n", err,
desc);
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 528cffbd49d3..47c5a5206325 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -495,6 +495,7 @@ extern struct idr dev_nums_idr;
enum tpm_transmit_flags {
TPM_TRANSMIT_UNLOCKED = BIT(0),
TPM_TRANSMIT_RAW = BIT(1),
+ TPM_TRANSMIT_NOWAIT = BIT(2),
};
ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space,
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index f40d20671a78..106c126b4fe0 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -849,28 +849,24 @@ static const struct tpm_input_header tpm2_selftest_header = {
static int tpm2_do_selftest(struct tpm_chip *chip)
{
int rc;
- unsigned int delay_msec = 20;
- long duration;
struct tpm2_cmd cmd;
- duration = jiffies_to_msecs(
- tpm2_calc_ordinal_duration(chip, TPM2_CC_SELF_TEST));
-
- while (duration > 0) {
- cmd.header.in = tpm2_selftest_header;
- cmd.params.selftest_in.full_test = 0;
-
- rc = tpm_transmit_cmd(chip, NULL, &cmd, TPM2_SELF_TEST_IN_SIZE,
- 0, 0, "continue selftest");
-
- if (rc != TPM2_RC_TESTING)
- break;
-
- tpm_msleep(delay_msec);
- duration -= delay_msec;
-
- /* wait longer the next round */
- delay_msec *= 2;
+ cmd.header.in = tpm2_selftest_header;
+ cmd.params.selftest_in.full_test = 0;
+
+ rc = tpm_transmit_cmd(chip, NULL, &cmd, TPM2_SELF_TEST_IN_SIZE,
+ 0, TPM_TRANSMIT_NOWAIT, "continue selftest");
+
+ if (rc == TPM2_RC_TESTING) {
+ /*
+ * A return of RC_TESTING means the TPM is still
+ * running self tests. If one fails it will go into
+ * failure mode and return RC_FAILED to every command,
+ * so treat a still in testing return as a success
+ * rather than causing a driver detach.
+ */
+ dev_info(&chip->dev,"TPM: Running self test in background\n");
+ rc = TPM2_RC_SUCCESS;
}
return rc;
next prev parent reply other threads:[~2018-02-01 20:00 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-01 12:16 TPM selftest failure in 4.15 James Bottomley
2018-02-01 12:21 ` Paul Menzel
2018-02-01 12:42 ` James Bottomley
2018-02-01 15:24 ` James Bottomley
2018-02-01 17:40 ` Jason Gunthorpe
2018-02-01 18:46 ` James Bottomley
2018-02-01 18:59 ` Jason Gunthorpe
2018-02-01 20:00 ` James Bottomley [this message]
2018-02-01 20:35 ` Jason Gunthorpe
2018-02-01 21:06 ` James Bottomley
2018-02-08 13:10 ` Jarkko Sakkinen
2018-02-08 17:02 ` James Bottomley
2018-02-09 10:02 ` Jarkko Sakkinen
2018-02-09 10:30 ` Nayna Jain
2018-02-15 12:00 ` Jarkko Sakkinen
2018-02-09 11:47 ` Alexander Steffen
2018-02-15 12:12 ` Jarkko Sakkinen
2018-02-15 15:13 ` Mimi Zohar
2018-02-16 18:30 ` Alexander Steffen
2018-02-19 9:15 ` Nayna Jain
2018-02-19 22:26 ` Jason Gunthorpe
2018-02-16 18:27 ` Alexander Steffen
2018-02-20 13:05 ` Jarkko Sakkinen
2018-02-09 12:26 ` Mimi Zohar
2018-02-09 16:23 ` James Bottomley
2018-02-09 21:23 ` Mimi Zohar
2018-04-08 18:27 ` Ken Goldman
2018-02-09 16:18 ` James Bottomley
2018-02-08 17:27 ` Ken Goldman
2018-02-01 19:16 ` TPM selftest failure in 4.15 (Dell XPS 13, Nuvoton 6xx) Paul Menzel
2018-02-01 19:17 ` Paul Menzel
2018-02-01 20:12 ` Mario.Limonciello
2018-02-01 21:06 ` Mario.Limonciello
2018-02-01 22:22 ` Jason Gunthorpe
2018-02-02 5:46 ` James Bottomley
2018-02-02 5:46 ` James Bottomley
2018-02-08 16:53 ` Ken Goldman
2018-02-08 13:18 ` Jarkko Sakkinen
2018-02-08 13:05 ` TPM selftest failure in 4.15 Jarkko Sakkinen
2018-02-08 13:03 ` Jarkko Sakkinen
2018-02-08 12:49 ` Jarkko Sakkinen
2018-02-08 18:45 ` Ken Goldman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1517515204.3145.51.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=pmenzel@molgen.mpg.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.