From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3DE7139B97A for ; Wed, 13 May 2026 11:07:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778670442; cv=none; b=RAJezxE02tmGcE0Y6CGQkmN+foylrRflvmh0cTkgfE3S7TUKqLkhwm4kEmJYxkIMgVg2NWepjzrxOjkjOf6f8ZEQIs4ffyycDqdLHOAWdPfvlLK13mU7XMj8d7OZQyklE16Hoc69eJlGGN/m8UPEcDD7EGuzhDFAA21FjnhgwBo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778670442; c=relaxed/simple; bh=SNX3X/rwlNgPtnbXUFS9NS0V8ZMTahBJBMBxp+TbMVI=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=Mo8up/Sffjaf31OUXdMjhx163FtZH7cqqh9TxE3UucD6OEA7CrbvEe7Sydy2deuGdY0uUvyOExqeGprh/RILiqDOjwvQ82XMnNyeTzBc5Pg1H+IlBhqaoZaM1+RrMDQHvhLPJ4lHttkRYpenjpgtE1VDbnoI1Fy/WXRZtL9cy54= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=gOULYzhr; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=OMOMl+2k; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="gOULYzhr"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="OMOMl+2k" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778670439; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=QPx3RKj7QwNBIRIqjPw+ZA1MUziPVJfLloPYGyVdYA4=; b=gOULYzhrT0+9sV3XCiJWkwcvDsZ8nVHxJRqXfpA0nIavUQyEDTj+qkpZ4Ki0+MdvQiMabc P258T4Q0UcaSFFvDMk3z8V3lqQT13soicU+U3DCH1wfwz0bBQu7Xqs4/4RosRnujGomthA DqA7uk9+r+ke3Kufu6cOboiWffVgehU= Received: from mail-pj1-f71.google.com (mail-pj1-f71.google.com [209.85.216.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-587-4GiAUl8lP_a5FqrwcOoG8g-1; Wed, 13 May 2026 07:07:18 -0400 X-MC-Unique: 4GiAUl8lP_a5FqrwcOoG8g-1 X-Mimecast-MFC-AGG-ID: 4GiAUl8lP_a5FqrwcOoG8g_1778670437 Received: by mail-pj1-f71.google.com with SMTP id 98e67ed59e1d1-365fc4636bbso13422378a91.2 for ; Wed, 13 May 2026 04:07:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778670437; x=1779275237; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=QPx3RKj7QwNBIRIqjPw+ZA1MUziPVJfLloPYGyVdYA4=; b=OMOMl+2kQNgzNEiR84cFHq1Ah56pn0rtreTT46e724r0QmM77ta2qt/YaTqOB3/2LI lcH7mRzmCC+VtboaUtOft/pTB/tNw+JiMf1WeSDFWmOG3FqpPI28+1VZFk2/68MDLMzX 1kFouQGmxP+iOl8NyTGdHuGdYaHgJuQA5plFKicejLqQq4FmDjftNLJMCE4rmycYFP6N YoK/Lt7Iju5uOqnbM9DD2qZVriootgl/RIY8PvbYXhPUG2sXym607wC1cv0FyNTqPFGg C6e3ZkC/Nda1xgVVetmtwbVI+ykdiiRosIoUqYld0DkZPuiLkT5sSVNtnim7/YBeVVBF iA/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778670437; x=1779275237; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QPx3RKj7QwNBIRIqjPw+ZA1MUziPVJfLloPYGyVdYA4=; b=M7oiIGrzQLtc9O3w0jBynIw4jVdLscq2w2p6HupLl1nksc/sM20ZMoDO1AQ2aO8pQ8 Omc649r1dRJQSA9XjTu9xI/YD7LgNrZe3KS9LXSg8fR9GU12cpM6959+SJhJBGkAJ4Fn 7v+aGdHAsQ4z54B61RPU28mXu92HV8Q4tckqU6LVOWXjYB4dszZmF7WMECCZBTUsQu3v G2o0K0c7EQ1FpkOl+YHxVeH1loEKIaVOYUH034Wgvv0b2CbxBrT72Cz6oYSDx4g24s+J dLVi5XfYNV+c5NDL+Ra+S+mttOKZPmdNKQ/wbQ6TK4FJVl85Wejf1HoKk5VxawMl5pBO b7Ew== X-Gm-Message-State: AOJu0YzTSBNZRsrZqS3s7gC93/VQ8EvoZ8d1fnnCosQNdhd7Q/UV5qnV GUZBxEWJhvTn/0+IySr3zsbaUfo6XCmu1zxrb4F5zhxsS5Ovax089yiVPAL7xWVObVms9+qdxCs WxWdH+S+1flMZ+5kaU8gzbGgsanttwVqD4GeBsos044zOJwPkXUT2D+T7kZVOwOo//USlBCBYXQ == X-Gm-Gg: Acq92OEV6bVcyGhCYTYrV2O10qAI146i/g6GHTDmw88w3DWoOSTELT1u49x+z9O6apC IQDrNzC8FDzCvirY/JZkuXpkiukxj+B+OzwOqjFEU0l/cvGjCiUs0lvn317SMjoIfmaWl0ivsPm hVUCcP37LKDizd9ePj32IBU708N/wAmUlcqj4bzUnabCDXzHFAWvX3pfxbGNe+YETvZ2dpc9AOk iHZtcdeKvuNoYVppA04nDiWq2UyeVbgyDzJajKxofcX3+DFr05YR5svFihttV83RrWchimNiZ9G aed3my1kPXDg7KiAc/xFptBQ34xjeJC08rISmDqSgsbfAX6EEiQnjw/lQFRyPdgLpWzAnO4kVTE jE8NKahxpHw1L X-Received: by 2002:a17:90b:3c8f:b0:35c:30a8:330 with SMTP id 98e67ed59e1d1-368f2dcf4d8mr3093748a91.0.1778670436674; Wed, 13 May 2026 04:07:16 -0700 (PDT) X-Received: by 2002:a17:90b:3c8f:b0:35c:30a8:330 with SMTP id 98e67ed59e1d1-368f2dcf4d8mr3093717a91.0.1778670436096; Wed, 13 May 2026 04:07:16 -0700 (PDT) Received: from fedora ([49.36.106.210]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-368b016554csm2775258a91.3.2026.05.13.04.07.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2026 04:07:15 -0700 (PDT) Date: Wed, 13 May 2026 16:37:09 +0530 From: Arun Menon To: Jarkko Sakkinen Cc: linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, Peter Huewe , Jason Gunthorpe Subject: Re: [RFC v2 3/5] tpm_crb: Implement command and response chunking logic Message-ID: References: <20260324181244.17741-1-armenon@redhat.com> <20260324181244.17741-4-armenon@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Sat, May 09, 2026 at 05:53:51PM +0300, Jarkko Sakkinen wrote: > On Tue, Mar 24, 2026 at 11:42:42PM +0530, Arun Menon wrote: > > With the introduction of support for Post Quantum Cryptography > > algorithms in TPM, the commands and responses will grow in size. > > Some TPMs have a physical hardware memory window (MMIO) that is > > smaller than the commands we need to send. Therefore this commit > > implements the core logic of sending/receiving data in chunks. > > > > Instead of sending the whole command at once, the driver now sends it in > > small chunks. After each chunk, it signals the TPM using a nextChunk > > signal, and waits for the TPM to consume the data. Once the final piece > > is delivered, the driver signals the TPM to begin execution by toggling > > the start invoke bit. We use the same logic in reverse to read large > > responses from the TPM. > > > > This allows the driver to handle large payloads even when the hardware > > interface has limited memory. This kernel-side support corresponds to > > the backend implementation in QEMU [1]. QEMU reassembles the chunks > > before passing them to the TPM emulator. > > > > [1] https://lore.kernel.org/qemu-devel/20260319135316.37412-1-armenon@redhat.com/ > > > > Signed-off-by: Arun Menon > > --- > > This is really bad at rationalizing the code change, which are heavy. > > Couldn't you instead: > > 1. Rename crb_recv as tpm_crb_recv_no_chunks(). > 2. Add tpm_crb_recv_chunks(). > 3. Add new tpm_crb_recv(), which delegates either. > > I would not mind too much if they have some duplicate logic. It's less > of a harm than convolution caused by interleaving. Sure. I will amend this in v3. Thank you. > > > drivers/char/tpm/tpm_crb.c | 155 +++++++++++++++++++++++++++---------- > > 1 file changed, 114 insertions(+), 41 deletions(-) > > > > diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c > > index 922bcf7a69ad5..a97fc5e9927e3 100644 > > --- a/drivers/char/tpm/tpm_crb.c > > +++ b/drivers/char/tpm/tpm_crb.c > > @@ -104,11 +104,13 @@ struct crb_priv { > > u8 __iomem *cmd; > > u8 __iomem *rsp; > > u32 cmd_size; > > + u32 rsp_size; > > u32 smc_func_id; > > u32 __iomem *pluton_start_addr; > > u32 __iomem *pluton_reply_addr; > > u8 ffa_flags; > > u8 ffa_attributes; > > + bool chunking_supported; > > Why not "u32 intf_id" i.e. cache the value of the register? > > > }; > > > > struct tpm2_crb_smc { > > @@ -368,38 +370,6 @@ static u8 crb_status(struct tpm_chip *chip) > > return sts; > > } > > > > -static int crb_recv(struct tpm_chip *chip, u8 *buf, size_t count) > > -{ > > - struct crb_priv *priv = dev_get_drvdata(&chip->dev); > > - unsigned int expected; > > - > > - /* A sanity check that the upper layer wants to get at least the header > > - * as that is the minimum size for any TPM response. > > - */ > > - if (count < TPM_HEADER_SIZE) > > - return -EIO; > > - > > - /* If this bit is set, according to the spec, the TPM is in > > - * unrecoverable condition. > > - */ > > - if (ioread32(&priv->regs_t->ctrl_sts) & CRB_CTRL_STS_ERROR) > > - return -EIO; > > - > > - /* Read the first 8 bytes in order to get the length of the response. > > - * We read exactly a quad word in order to make sure that the remaining > > - * reads will be aligned. > > - */ > > - memcpy_fromio(buf, priv->rsp, 8); > > - > > - expected = be32_to_cpup((__be32 *)&buf[2]); > > - if (expected > count || expected < TPM_HEADER_SIZE) > > - return -EIO; > > - > > - memcpy_fromio(&buf[8], &priv->rsp[8], expected - 8); > > - > > - return expected; > > -} > > - > > static int crb_do_acpi_start(struct tpm_chip *chip) > > { > > union acpi_object *obj; > > @@ -474,6 +444,8 @@ static int crb_trigger_tpm(struct tpm_chip *chip, u32 start_cmd) > > static int crb_send(struct tpm_chip *chip, u8 *buf, size_t bufsiz, size_t len) > > { > > struct crb_priv *priv = dev_get_drvdata(&chip->dev); > > + size_t offset = 0; > > + size_t chunk_size; > > int rc = 0; > > > > /* Zero the cancel register so that the next command will not get > > @@ -481,7 +453,7 @@ static int crb_send(struct tpm_chip *chip, u8 *buf, size_t bufsiz, size_t len) > > */ > > iowrite32(0, &priv->regs_t->ctrl_cancel); > > > > - if (len > priv->cmd_size) { > > + if (len > priv->cmd_size && !priv->chunking_supported) { > > dev_err(&chip->dev, "invalid command count value %zd %d\n", > > len, priv->cmd_size); > > return -E2BIG; > > @@ -491,18 +463,108 @@ static int crb_send(struct tpm_chip *chip, u8 *buf, size_t bufsiz, size_t len) > > if (priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_PLUTON) > > __crb_cmd_ready(&chip->dev, priv, chip->locality); > > > > - memcpy_toio(priv->cmd, buf, len); > > + while (offset < len) { > > + chunk_size = min_t(size_t, len - offset, priv->cmd_size); > > > > - /* Make sure that cmd is populated before issuing start. */ > > - wmb(); > > - > > - rc = crb_trigger_tpm(chip, CRB_START_INVOKE); > > - if (rc) > > - return rc; > > + if (chunk_size == 0) > > + break; > > > > + memcpy_toio(priv->cmd, buf + offset, chunk_size); > > + offset += chunk_size; > > + > > + /* Make sure that cmd is populated before issuing start. */ > > + wmb(); > > + if (offset < len) { > > + rc = crb_trigger_tpm(chip, CRB_START_NEXT_CHUNK); > > + if (rc) > > + return rc; > > + if (!crb_wait_for_reg_32(&priv->regs_t->ctrl_start, > > + CRB_START_NEXT_CHUNK, 0, TPM2_TIMEOUT_C)) { > > + dev_err(&chip->dev, > > + "Timeout waiting for backend to consume chunk\n"); > > + return -ETIME; > > + } > > + } else { > > + rc = crb_trigger_tpm(chip, CRB_START_INVOKE); > > + if (rc) > > + return rc; > > + } > > + } > > return crb_try_pluton_doorbell(priv, false); > > } > > > > +static int crb_recv(struct tpm_chip *chip, u8 *buf, size_t count) > > +{ > > + struct crb_priv *priv = dev_get_drvdata(&chip->dev); > > + unsigned int expected; > > + size_t offset = 0; > > + size_t chunk_size; > > + size_t first_read; > > + int rc; > > + > > + /* A sanity check that the upper layer wants to get at least the header > > + * as that is the minimum size for any TPM response. > > + */ > > + if (count < TPM_HEADER_SIZE) > > + return -EIO; > > + > > + /* If this bit is set, according to the spec, the TPM is in > > + * unrecoverable condition. > > + */ > > + if (ioread32(&priv->regs_t->ctrl_sts) & CRB_CTRL_STS_ERROR) > > + return -EIO; > > + > > + /* Read the first 8 bytes in order to get the length of the response. > > + * We read exactly a quad word in order to make sure that the remaining > > + * reads will be aligned. > > + */ > > + memcpy_fromio(buf, priv->rsp, 8); > > + > > + expected = be32_to_cpup((__be32 *)&buf[2]); > > + if (expected > count || expected < TPM_HEADER_SIZE) > > + return -EIO; > > + > > + /* > > + * Set chunk_size by comparing the size of the buffer that the upper layer has > > + * allocated (count) to the hardware tpm limit (priv->rsp_size). > > + * This is to prevent buffer overflow while writing to buf. > > + */ > > + chunk_size = min_t(size_t, count, priv->rsp_size); > > + if (chunk_size < 8) > > + return -EIO; > > + > > + /* > > + * Compare the actual size of the response we found in the header to the chunk_size. > > + */ > > + first_read = min_t(size_t, expected, chunk_size); > > + > > + memcpy_fromio(&buf[8], &priv->rsp[8], first_read - 8); > > + offset = first_read; > > + > > + while (offset < expected) { > > + if (!priv->chunking_supported) { > > + dev_err(&chip->dev, "Response larger than MMIO and chunking not supported\n"); > > + return -EIO; > > + } > > + > > + rc = crb_trigger_tpm(chip, CRB_START_NEXT_CHUNK); > > + if (rc) > > + return rc; > > + > > + if (!crb_wait_for_reg_32(&priv->regs_t->ctrl_start, > > + CRB_START_NEXT_CHUNK, 0, TPM2_TIMEOUT_C)) { > > + dev_err(&chip->dev, "Timeout waiting for backend response\n"); > > + return -ETIME; > > + } > > + > > + chunk_size = min_t(size_t, expected - offset, priv->rsp_size); > > + memcpy_fromio(buf + offset, priv->rsp, chunk_size); > > + offset += chunk_size; > > + } > > + > > + return expected; > > +} > > + > > static void crb_cancel(struct tpm_chip *chip) > > { > > struct crb_priv *priv = dev_get_drvdata(&chip->dev); > > @@ -727,6 +789,15 @@ static int crb_map_io(struct acpi_device *device, struct crb_priv *priv, > > goto out; > > } > > > > + if (priv->regs_h) { > > + u32 intf_id = ioread32((u32 __iomem *)&priv->regs_h->intf_id); > > + > > + if (intf_id & CRB_INTF_CAP_CRB_CHUNK) { > > + priv->chunking_supported = true; > > + dev_info(dev, "CRB Chunking is supported by backend\n"); > > + } > > + } > > + > > memcpy_fromio(&__rsp_pa, &priv->regs_t->ctrl_rsp_pa, 8); > > rsp_pa = le64_to_cpu(__rsp_pa); > > rsp_size = ioread32(&priv->regs_t->ctrl_rsp_size); > > @@ -764,8 +835,10 @@ static int crb_map_io(struct acpi_device *device, struct crb_priv *priv, > > priv->rsp = priv->cmd; > > > > out: > > - if (!ret) > > + if (!ret) { > > priv->cmd_size = cmd_size; > > + priv->rsp_size = rsp_size; > > + } > > > > __crb_go_idle(dev, priv, 0); > > > > -- > > 2.53.0 > > > > BR, Jarkko > Regards, Arun Menon