From: Jarkko Sakkinen <jarkko@kernel.org>
To: Jason Andryuk <jandryuk@gmail.com>
Cc: Peter Huewe <peterhuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca>,
Chen Jun <chenjun102@huawei.com>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
stable@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] tpm_tis: Hold locality open during probe
Date: Mon, 11 Jul 2022 05:58:20 +0300 [thread overview]
Message-ID: <YsuRzGBss/lMG2+W@kernel.org> (raw)
In-Reply-To: <20220706164043.417780-1-jandryuk@gmail.com>
On Wed, Jul 06, 2022 at 12:40:43PM -0400, Jason Andryuk wrote:
> WEC TPMs (in 1.2 mode) and NTC (in 2.0 mode) have been observer to
> frequently, but intermittently, fail probe with:
> tpm_tis: probe of 00:09 failed with error -1
>
> Added debugging output showed that the request_locality in
> tpm_tis_core_init succeeds, but then the tpm_chip_start fails when its
> call to tpm_request_locality -> request_locality fails.
>
> The access register in check_locality would show:
> 0x80 TPM_ACCESS_VALID
> 0x82 TPM_ACCESS_VALID | TPM_ACCESS_REQUEST_USE
> 0x80 TPM_ACCESS_VALID
> continuing until it times out. TPM_ACCESS_ACTIVE_LOCALITY (0x20) doesn't
> get set which would end the wait.
>
> My best guess is something racy was going on between release_locality's
> write and request_locality's write. There is no wait in
> release_locality to ensure that the locality is released, so the
> subsequent request_locality could confuse the TPM?
>
> tpm_chip_start grabs locality 0, and updates chip->locality. Call that
> before the TPM_INT_ENABLE write, and drop the explicit request/release
> calls. tpm_chip_stop performs the release. With this, we switch to
> using chip->locality instead of priv->locality. The probe failure is
> not seen after this.
>
> commit 0ef333f5ba7f ("tpm: add request_locality before write
> TPM_INT_ENABLE") added a request_locality/release_locality pair around
> tpm_tis_write32 TPM_INT_ENABLE, but there is a read of
> TPM_INT_ENABLE for the intmask which should also have the locality
> grabbed. tpm_chip_start is moved before that to have the locality open
> during the read.
>
> Fixes: 0ef333f5ba7f ("tpm: add request_locality before write TPM_INT_ENABLE")
> CC: stable@vger.kernel.org
> Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
> ---
> The probe failure was seen on 5.4, 5.15 and 5.17.
>
> commit e42acf104d6e ("tpm_tis: Clean up locality release") removed the
> release wait. I haven't tried, but re-introducing that would probably
> fix this issue. It's hard to know apriori when a synchronous wait is
> needed, and they don't seem to be needed typically. Re-introducing the
> wait would re-introduce a wait in all cases.
>
> Surrounding the read of TPM_INT_ENABLE with grabbing the locality may
> not be necessary? It looks like the code only grabs a locality for
> writing, but that asymmetry is surprising to me.
>
> tpm_chip and tpm_tis_data track the locality separately. Should the
> tpm_tis_data one be removed so they don't get out of sync?
> ---
> drivers/char/tpm/tpm_tis_core.c | 20 ++++++++------------
> 1 file changed, 8 insertions(+), 12 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
> index dc56b976d816..529c241800c0 100644
> --- a/drivers/char/tpm/tpm_tis_core.c
> +++ b/drivers/char/tpm/tpm_tis_core.c
> @@ -986,8 +986,13 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
> goto out_err;
> }
>
> + /* Grabs locality 0. */
> + rc = tpm_chip_start(chip);
> + if (rc)
> + goto out_err;
> +
> /* Take control of the TPM's interrupt hardware and shut it off */
> - rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
> + rc = tpm_tis_read32(priv, TPM_INT_ENABLE(chip->locality), &intmask);
> if (rc < 0)
> goto out_err;
>
> @@ -995,19 +1000,10 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
> TPM_INTF_DATA_AVAIL_INT | TPM_INTF_STS_VALID_INT;
> intmask &= ~TPM_GLOBAL_INT_ENABLE;
>
> - rc = request_locality(chip, 0);
> - if (rc < 0) {
> - rc = -ENODEV;
> - goto out_err;
> - }
> -
> - tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
> - release_locality(chip, 0);
> + tpm_tis_write32(priv, TPM_INT_ENABLE(chip->locality), intmask);
>
> - rc = tpm_chip_start(chip);
> - if (rc)
> - goto out_err;
> rc = tpm2_probe(chip);
> + /* Releases locality 0. */
> tpm_chip_stop(chip);
> if (rc)
> goto out_err;
> --
> 2.36.1
>
Can you test against
https://lore.kernel.org/linux-integrity/20220629232653.1306735-1-LinoSanfilippo@gmx.de/T/#t
BR, Jarkko
next prev parent reply other threads:[~2022-07-11 2:58 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-06 16:40 [PATCH] tpm_tis: Hold locality open during probe Jason Andryuk
2022-07-07 7:48 ` chenjun (AM)
2022-07-07 12:16 ` Jason Andryuk
2022-07-11 2:58 ` Jarkko Sakkinen [this message]
2022-07-11 19:37 ` Jason Andryuk
2022-07-12 15:29 ` Jason Andryuk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YsuRzGBss/lMG2+W@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=chenjun102@huawei.com \
--cc=jandryuk@gmail.com \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.