From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752265AbbIPHT1 (ORCPT ); Wed, 16 Sep 2015 03:19:27 -0400 Received: from mga03.intel.com ([134.134.136.65]:9164 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751822AbbIPHT0 (ORCPT ); Wed, 16 Sep 2015 03:19:26 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.17,537,1437462000"; d="scan'208";a="805481083" Date: Wed, 16 Sep 2015 10:19:17 +0300 From: Jarkko Sakkinen To: Jason Gunthorpe Cc: Jarkko Sakkinen , tpmdd-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org, Peter Huewe , Marcel Selhorst Subject: Re: [PATCH v3] tpm, tpm_crb: fix unaligned read of the command buffer address Message-ID: <20150916071917.GA15204@intel.com> References: <1442336740-9383-1-git-send-email-jarkko.sakkinen@linux.intel.com> <20150915172227.GA24173@obsidianresearch.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150915172227.GA24173@obsidianresearch.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Sep 15, 2015 at 11:22:27AM -0600, Jason Gunthorpe wrote: > On Tue, Sep 15, 2015 at 08:05:40PM +0300, Jarkko Sakkinen wrote: > > The command buffer address must be read with exactly two 32-bit reads. > > Otherwise, on some HW platforms, it seems that HW will abort the read > > operation, which causes CPU to fill the read bytes with 1's. Therefore, > > we cannot rely on memcpy_fromio() but must call ioread32() two times > > instead. > > > > Also, this matches the PC Client Platform TPM Profile specification, > > which defines command buffer address with two 32-bit fields. > > > > Signed-off-by: Jarkko Sakkinen > > drivers/char/tpm/tpm_crb.c | 7 ++++--- > > 1 file changed, 4 insertions(+), 3 deletions(-) > > > > diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c > > index b4564b6..c09b370 100644 > > +++ b/drivers/char/tpm/tpm_crb.c > > @@ -68,7 +68,8 @@ struct crb_control_area { > > u32 int_enable; > > u32 int_sts; > > u32 cmd_size; > > - u64 cmd_pa; > > + u32 cmd_pa_low; > > + u32 cmd_pa_high; > > u32 rsp_size; > > u64 rsp_pa; > > What about rsp_pa? It's naturally aligned and defined as 64-bit field in: http://www.trustedcomputinggroup.org/developers/pc_client/specifications Also in a platform (not available in public yet) it gets read correctly. > > } __packed; > > As I mentioned, drop the __packed. I didn't do that because it is not mandatory for the bug fix. I would rather submit it as a separate commit later on. > Otherwise: > > Reviewed-By: Jason Gunthorpe > > Jason /Jarkko