[PATCH v3] tpm, tpm_crb: fix unaligned read of the command buffer address

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH v3] tpm, tpm_crb: fix unaligned read of the command buffer address
@ 2015-09-15 17:05 Jarkko Sakkinen
  2015-09-15 17:22 ` Jason Gunthorpe
  2015-10-09 10:58 ` Jarkko Sakkinen
  0 siblings, 2 replies; 5+ messages in thread
From: Jarkko Sakkinen @ 2015-09-15 17:05 UTC (permalink / raw)
  To: tpmdd-devel, linux-kernel
  Cc: Jarkko Sakkinen, Peter Huewe, Marcel Selhorst, Jason Gunthorpe

The command buffer address must be read with exactly two 32-bit reads.
Otherwise, on some HW platforms, it seems that HW will abort the read
operation, which causes CPU to fill the read bytes with 1's. Therefore,
we cannot rely on memcpy_fromio() but must call ioread32() two times
instead.

Also, this matches the PC Client Platform TPM Profile specification,
which defines command buffer address with two 32-bit fields.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 drivers/char/tpm/tpm_crb.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
index b4564b6..c09b370 100644
--- a/drivers/char/tpm/tpm_crb.c
+++ b/drivers/char/tpm/tpm_crb.c
@@ -68,7 +68,8 @@ struct crb_control_area {
 	u32 int_enable;
 	u32 int_sts;
 	u32 cmd_size;
-	u64 cmd_pa;
+	u32 cmd_pa_low;
+	u32 cmd_pa_high;
 	u32 rsp_size;
 	u64 rsp_pa;
 } __packed;
@@ -263,8 +264,8 @@ static int crb_acpi_add(struct acpi_device *device)
 		return -ENOMEM;
 	}
 
-	memcpy_fromio(&pa, &priv->cca->cmd_pa, 8);
-	pa = le64_to_cpu(pa);
+	pa = ((u64) le32_to_cpu(ioread32(&priv->cca->cmd_pa_high)) << 32) +
+		(u64) le32_to_cpu(ioread32(&priv->cca->cmd_pa_low));
 	priv->cmd = devm_ioremap_nocache(dev, pa,
 					 ioread32(&priv->cca->cmd_size));
 	if (!priv->cmd) {
-- 
2.5.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH v3] tpm, tpm_crb: fix unaligned read of the command buffer address
  2015-09-15 17:05 [PATCH v3] tpm, tpm_crb: fix unaligned read of the command buffer address Jarkko Sakkinen
@ 2015-09-15 17:22 ` Jason Gunthorpe
  2015-09-16  7:19   ` Jarkko Sakkinen
  2015-10-09 10:58 ` Jarkko Sakkinen
  1 sibling, 1 reply; 5+ messages in thread
From: Jason Gunthorpe @ 2015-09-15 17:22 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: tpmdd-devel, linux-kernel, Peter Huewe, Marcel Selhorst

On Tue, Sep 15, 2015 at 08:05:40PM +0300, Jarkko Sakkinen wrote:
> The command buffer address must be read with exactly two 32-bit reads.
> Otherwise, on some HW platforms, it seems that HW will abort the read
> operation, which causes CPU to fill the read bytes with 1's. Therefore,
> we cannot rely on memcpy_fromio() but must call ioread32() two times
> instead.
> 
> Also, this matches the PC Client Platform TPM Profile specification,
> which defines command buffer address with two 32-bit fields.
> 
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
>  drivers/char/tpm/tpm_crb.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
> index b4564b6..c09b370 100644
> +++ b/drivers/char/tpm/tpm_crb.c
> @@ -68,7 +68,8 @@ struct crb_control_area {
>  	u32 int_enable;
>  	u32 int_sts;
>  	u32 cmd_size;
> -	u64 cmd_pa;
> +	u32 cmd_pa_low;
> +	u32 cmd_pa_high;
>  	u32 rsp_size;
>  	u64 rsp_pa;

What about rsp_pa?

>  } __packed;

As I mentioned, drop the __packed.

Otherwise:

Reviewed-By: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>

Jason

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v3] tpm, tpm_crb: fix unaligned read of the command buffer address
  2015-09-15 17:22 ` Jason Gunthorpe
@ 2015-09-16  7:19   ` Jarkko Sakkinen
  2015-09-16 13:34     ` Jarkko Sakkinen
  0 siblings, 1 reply; 5+ messages in thread
From: Jarkko Sakkinen @ 2015-09-16  7:19 UTC (permalink / raw)
  To: Jason Gunthorpe
  Cc: Jarkko Sakkinen, tpmdd-devel, linux-kernel, Peter Huewe,
	Marcel Selhorst

On Tue, Sep 15, 2015 at 11:22:27AM -0600, Jason Gunthorpe wrote:
> On Tue, Sep 15, 2015 at 08:05:40PM +0300, Jarkko Sakkinen wrote:
> > The command buffer address must be read with exactly two 32-bit reads.
> > Otherwise, on some HW platforms, it seems that HW will abort the read
> > operation, which causes CPU to fill the read bytes with 1's. Therefore,
> > we cannot rely on memcpy_fromio() but must call ioread32() two times
> > instead.
> > 
> > Also, this matches the PC Client Platform TPM Profile specification,
> > which defines command buffer address with two 32-bit fields.
> > 
> > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> >  drivers/char/tpm/tpm_crb.c | 7 ++++---
> >  1 file changed, 4 insertions(+), 3 deletions(-)
> > 
> > diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
> > index b4564b6..c09b370 100644
> > +++ b/drivers/char/tpm/tpm_crb.c
> > @@ -68,7 +68,8 @@ struct crb_control_area {
> >  	u32 int_enable;
> >  	u32 int_sts;
> >  	u32 cmd_size;
> > -	u64 cmd_pa;
> > +	u32 cmd_pa_low;
> > +	u32 cmd_pa_high;
> >  	u32 rsp_size;
> >  	u64 rsp_pa;
> 
> What about rsp_pa?

It's naturally aligned and defined as 64-bit field in:

http://www.trustedcomputinggroup.org/developers/pc_client/specifications

Also in a platform (not available in public yet) it gets read correctly.

> >  } __packed;
> 
> As I mentioned, drop the __packed.

I didn't do that because it is not mandatory for the bug fix.

I would rather submit it as a separate commit later on.

> Otherwise:
> 
> Reviewed-By: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
> 
> Jason

/Jarkko

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v3] tpm, tpm_crb: fix unaligned read of the command buffer address
  2015-09-16  7:19   ` Jarkko Sakkinen
@ 2015-09-16 13:34     ` Jarkko Sakkinen
  0 siblings, 0 replies; 5+ messages in thread
From: Jarkko Sakkinen @ 2015-09-16 13:34 UTC (permalink / raw)
  To: Jason Gunthorpe
  Cc: Jarkko Sakkinen, tpmdd-devel, linux-kernel, Peter Huewe,
	Marcel Selhorst

On Wed, Sep 16, 2015 at 10:19:17AM +0300, Jarkko Sakkinen wrote:
> On Tue, Sep 15, 2015 at 11:22:27AM -0600, Jason Gunthorpe wrote:
> > On Tue, Sep 15, 2015 at 08:05:40PM +0300, Jarkko Sakkinen wrote:
> > > The command buffer address must be read with exactly two 32-bit reads.
> > > Otherwise, on some HW platforms, it seems that HW will abort the read
> > > operation, which causes CPU to fill the read bytes with 1's. Therefore,
> > > we cannot rely on memcpy_fromio() but must call ioread32() two times
> > > instead.
> > > 
> > > Also, this matches the PC Client Platform TPM Profile specification,
> > > which defines command buffer address with two 32-bit fields.
> > > 
> > > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > >  drivers/char/tpm/tpm_crb.c | 7 ++++---
> > >  1 file changed, 4 insertions(+), 3 deletions(-)
> > > 
> > > diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
> > > index b4564b6..c09b370 100644
> > > +++ b/drivers/char/tpm/tpm_crb.c
> > > @@ -68,7 +68,8 @@ struct crb_control_area {
> > >  	u32 int_enable;
> > >  	u32 int_sts;
> > >  	u32 cmd_size;
> > > -	u64 cmd_pa;
> > > +	u32 cmd_pa_low;
> > > +	u32 cmd_pa_high;
> > >  	u32 rsp_size;
> > >  	u64 rsp_pa;
> > 
> > What about rsp_pa?
> 
> It's naturally aligned and defined as 64-bit field in:
> 
> http://www.trustedcomputinggroup.org/developers/pc_client/specifications
> 
> Also in a platform (not available in public yet) it gets read correctly.

memcpy_64.S uses rep movsq and rep movsb for the remainder. That's why
the read failed in the case of cmd address but it does not fail with rsp
address.

See http://lxr.free-electrons.com/source/arch/x86/lib/memcpy_64.S

> > >  } __packed;
> > 
> > As I mentioned, drop the __packed.
> 
> I didn't do that because it is not mandatory for the bug fix.
> 
> I would rather submit it as a separate commit later on.
> 
> > Otherwise:
> > 
> > Reviewed-By: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
> > 
> > Jason
> 
> /Jarkko

/Jarkko

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v3] tpm, tpm_crb: fix unaligned read of the command buffer address
  2015-09-15 17:05 [PATCH v3] tpm, tpm_crb: fix unaligned read of the command buffer address Jarkko Sakkinen
  2015-09-15 17:22 ` Jason Gunthorpe
@ 2015-10-09 10:58 ` Jarkko Sakkinen
  1 sibling, 0 replies; 5+ messages in thread
From: Jarkko Sakkinen @ 2015-10-09 10:58 UTC (permalink / raw)
  To: tpmdd-devel, linux-kernel; +Cc: Peter Huewe, Marcel Selhorst, Jason Gunthorpe

Hi

This would desperately neeed Tested-by's (with Haswell PTT).

/Jarkko

On Tue, Sep 15, 2015 at 08:05:40PM +0300, Jarkko Sakkinen wrote:
> The command buffer address must be read with exactly two 32-bit reads.
> Otherwise, on some HW platforms, it seems that HW will abort the read
> operation, which causes CPU to fill the read bytes with 1's. Therefore,
> we cannot rely on memcpy_fromio() but must call ioread32() two times
> instead.
> 
> Also, this matches the PC Client Platform TPM Profile specification,
> which defines command buffer address with two 32-bit fields.
> 
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> ---
>  drivers/char/tpm/tpm_crb.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
> index b4564b6..c09b370 100644
> --- a/drivers/char/tpm/tpm_crb.c
> +++ b/drivers/char/tpm/tpm_crb.c
> @@ -68,7 +68,8 @@ struct crb_control_area {
>  	u32 int_enable;
>  	u32 int_sts;
>  	u32 cmd_size;
> -	u64 cmd_pa;
> +	u32 cmd_pa_low;
> +	u32 cmd_pa_high;
>  	u32 rsp_size;
>  	u64 rsp_pa;
>  } __packed;
> @@ -263,8 +264,8 @@ static int crb_acpi_add(struct acpi_device *device)
>  		return -ENOMEM;
>  	}
>  
> -	memcpy_fromio(&pa, &priv->cca->cmd_pa, 8);
> -	pa = le64_to_cpu(pa);
> +	pa = ((u64) le32_to_cpu(ioread32(&priv->cca->cmd_pa_high)) << 32) +
> +		(u64) le32_to_cpu(ioread32(&priv->cca->cmd_pa_low));
>  	priv->cmd = devm_ioremap_nocache(dev, pa,
>  					 ioread32(&priv->cca->cmd_size));
>  	if (!priv->cmd) {
> -- 
> 2.5.0
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2015-10-09 10:58 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-15 17:05 [PATCH v3] tpm, tpm_crb: fix unaligned read of the command buffer address Jarkko Sakkinen
2015-09-15 17:22 ` Jason Gunthorpe
2015-09-16  7:19   ` Jarkko Sakkinen
2015-09-16 13:34     ` Jarkko Sakkinen
2015-10-09 10:58 ` Jarkko Sakkinen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox