From: "Zhang, Baoli" <baoli.zhang@linux.intel.com>
To: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Peter Huewe <peterhuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca>,
Serge Hallyn <serge@hallyn.com>, Lili Li <lili.li@intel.com>,
linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] tpm: restore timeout for key creation commands
Date: Thu, 7 May 2026 13:36:36 +0800 [thread overview]
Message-ID: <46109c55-c85d-4c32-9f09-f3205495afe0@linux.intel.com> (raw)
In-Reply-To: <afi3hrjLm36qPc_T@kernel.org>
On 5/4/2026 11:13 PM, Jarkko Sakkinen wrote:
> On Tue, Apr 21, 2026 at 08:50:20AM +0800, Baoli Zhang wrote:
>> From: "Baoli Zhang" <baoli.zhang@linux.intel.com>
>>
>> Commit 207696b17f38 ("tpm: use a map for tpm2_calc_ordinal_duration()")
>> inadvertently reduced the timeout for TPM2 key creation commands
>> (`CREATE_PRIMARY`, `CREATE`, `CREATE_LOADED`) from 300 seconds to 30
>> seconds.
>>
>> This causes intermittent timeout failures, with several failures observed
>> across hundreds of test runs on some Intel platforms using Infineon
>> SLB9670 and SLB9672 TPM modules. Restore the timeout to 300 seconds to
>> avoid spurious failures.
> Is this a production case?
>
> I'm not sure if there is anything to fix tbh. I mean it is
> pretty much the same as "maintaining compatibility to OTT driver"
> to addresses issues on undisclosed hardware.
>
> Please correct me if I'm wrong. Otherwise, I'd carry out internal patch
> to tweak this for pre-production hardware (presumably).
Hi Jarkko, this is indeed a production case. We discovered this issue
during validation testing for the sustaining release.
>> Fixes: 207696b17f38 ("tpm: use a map for tpm2_calc_ordinal_duration()")
>> Co-developed-by: Lili Li <lili.li@intel.com>
>> Signed-off-by: Lili Li <lili.li@intel.com>
>> Signed-off-by: Baoli Zhang <baoli.zhang@linux.intel.com>
>> ---
>> Changes in v2:
>> - Add description of intermittent nature of the timeout issue.
>> - Fix Co-developed-by and Signed-off-by tag ordering.
>>
>> v1: https://patchwork.kernel.org/project/linux-integrity/patch/20260410014940.3557934-1-baoli.zhang@linux.intel.com/
>>
>> drivers/char/tpm/tpm2-cmd.c | 6 +++---
>> 1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
>> index 3a77be7ebf4aa..430022f695f24 100644
>> --- a/drivers/char/tpm/tpm2-cmd.c
>> +++ b/drivers/char/tpm/tpm2-cmd.c
>> @@ -71,9 +71,9 @@ static const struct {
>> {TPM2_CC_HIERARCHY_CHANGE_AUTH, 2000},
>> {TPM2_CC_GET_CAPABILITY, 750},
>> {TPM2_CC_NV_READ, 2000},
>> - {TPM2_CC_CREATE_PRIMARY, 30000},
>> - {TPM2_CC_CREATE, 30000},
>> - {TPM2_CC_CREATE_LOADED, 30000},
>> + {TPM2_CC_CREATE_PRIMARY, 300000},
>> + {TPM2_CC_CREATE, 300000},
>> + {TPM2_CC_CREATE_LOADED, 300000},
>> };
>>
>> /**
>> --
>> 2.43.0
>>
> BR, Jarkko
next prev parent reply other threads:[~2026-05-07 5:36 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20260421005021.13765-1-baoli.zhang@linux.intel.com>
2026-05-04 15:13 ` [PATCH v2] tpm: restore timeout for key creation commands Jarkko Sakkinen
2026-05-07 5:36 ` Zhang, Baoli [this message]
2026-05-09 19:07 ` Jarkko Sakkinen
2026-05-12 4:04 ` Zhang, Baoli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46109c55-c85d-4c32-9f09-f3205495afe0@linux.intel.com \
--to=baoli.zhang@linux.intel.com \
--cc=jarkko@kernel.org \
--cc=jgg@ziepe.ca \
--cc=lili.li@intel.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox