* [PATCH 01/12] mini-os/tpm{back, front}: Change shared page ABI
2013-03-21 20:11 [PATCH v5 00/12] vTPM updates for 4.3 Daniel De Graaf
@ 2013-03-21 20:11 ` Daniel De Graaf
2013-03-26 16:29 ` Matthew Fioravante
2013-03-21 20:11 ` [PATCH 02/12] mini-os/tpm{back, front}: Allow device repoens Daniel De Graaf
` (12 subsequent siblings)
13 siblings, 1 reply; 25+ messages in thread
From: Daniel De Graaf @ 2013-03-21 20:11 UTC (permalink / raw)
To: Matthew.Fioravante; +Cc: dgdegra, Ian.Campbell, xen-devel
This changes the vTPM shared page ABI from a copy of the Xen network
interface to a single-page interface that better reflects the expected
behavior of a TPM: only a single request packet can be sent at any given
time, and every packet sent generates a single response packet. This
protocol change should also increase efficiency as it avoids mapping and
unmapping grants when possible. The vtpm xenbus device now requires a
feature-protocol-v2 node in xenstore to avoid conflicts with existing
(xen-patched) kernels supporting the old interface.
While the contents of the shared page have been defined to allow packets
larger than a single page (actually 4088 bytes) by allowing the client
to add extra grant references, the mapping of these extra references has
not been implemented; a feature node in xenstore may be used in the
future to indicate full support for the multi-page protocol. Most uses
of the TPM should not require this feature.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
Changes from v4: use feature-protocol-v2 nodes instead of changing the
device name; add command cancellation support to the protocol.
---
| 1 +
| 7 +-
| 161 +++++++++++++++++++-------------------
| 143 +++++++++++++++++----------------
xen/include/public/io/tpmif.h | 49 ++++--------
5 files changed, 177 insertions(+), 184 deletions(-)
--git a/extras/mini-os/include/tpmback.h b/extras/mini-os/include/tpmback.h
index ff86732..ec9eda4 100644
--- a/extras/mini-os/include/tpmback.h
+++ b/extras/mini-os/include/tpmback.h
@@ -43,6 +43,7 @@
struct tpmcmd {
domid_t domid; /* Domid of the frontend */
+ uint8_t locality; /* Locality requested by the frontend */
unsigned int handle; /* Handle of the frontend */
unsigned char uuid[16]; /* uuid of the tpm interface */
--git a/extras/mini-os/include/tpmfront.h b/extras/mini-os/include/tpmfront.h
index fd2cb17..a0c7c4d 100644
--- a/extras/mini-os/include/tpmfront.h
+++ b/extras/mini-os/include/tpmfront.h
@@ -37,9 +37,7 @@ struct tpmfront_dev {
grant_ref_t ring_ref;
evtchn_port_t evtchn;
- tpmif_tx_interface_t* tx;
-
- void** pages;
+ vtpm_shared_page_t *page;
domid_t bedomid;
char* nodename;
@@ -77,6 +75,9 @@ void shutdown_tpmfront(struct tpmfront_dev* dev);
* */
int tpmfront_cmd(struct tpmfront_dev* dev, uint8_t* req, size_t reqlen, uint8_t** resp, size_t* resplen);
+/* Set the locality used for communicating with a vTPM */
+int tpmfront_set_locality(struct tpmfront_dev* dev, int locality);
+
#ifdef HAVE_LIBC
#include <sys/stat.h>
/* POSIX IO functions:
--git a/extras/mini-os/tpmback.c b/extras/mini-os/tpmback.c
index 658fed1..1398b37 100644
--- a/extras/mini-os/tpmback.c
+++ b/extras/mini-os/tpmback.c
@@ -86,10 +86,7 @@ struct tpmif {
evtchn_port_t evtchn;
/* Shared page */
- tpmif_tx_interface_t* tx;
-
- /* pointer to TPMIF_RX_RING_SIZE pages */
- void** pages;
+ vtpm_shared_page_t *page;
enum xenbus_state state;
enum { DISCONNECTED, DISCONNECTING, CONNECTED } status;
@@ -266,6 +263,7 @@ int insert_tpmif(tpmif_t* tpmif)
unsigned int i, j;
tpmif_t* tmp;
char* err;
+ char path[512];
local_irq_save(flags);
@@ -303,6 +301,16 @@ int insert_tpmif(tpmif_t* tpmif)
local_irq_restore(flags);
+ snprintf(path, 512, "backend/vtpm/%u/%u/feature-protocol-v2", (unsigned int) tpmif->domid, tpmif->handle);
+ if ((err = xenbus_write(XBT_NIL, path, "1")))
+ {
+ /* if we got an error here we should carefully remove the interface and then return */
+ TPMBACK_ERR("Unable to write feature-protocol-v2 node: %s\n", err);
+ free(err);
+ remove_tpmif(tpmif);
+ goto error_post_irq;
+ }
+
/*Listen for state changes on the new interface */
if((err = xenbus_watch_path_token(XBT_NIL, tpmif->fe_state_path, tpmif->fe_state_path, >pmdev.events)))
{
@@ -312,7 +320,6 @@ int insert_tpmif(tpmif_t* tpmif)
remove_tpmif(tpmif);
goto error_post_irq;
}
-
return 0;
error:
local_irq_restore(flags);
@@ -386,8 +393,7 @@ inline tpmif_t* __init_tpmif(domid_t domid, unsigned int handle)
tpmif->fe_state_path = NULL;
tpmif->state = XenbusStateInitialising;
tpmif->status = DISCONNECTED;
- tpmif->tx = NULL;
- tpmif->pages = NULL;
+ tpmif->page = NULL;
tpmif->flags = 0;
memset(tpmif->uuid, 0, sizeof(tpmif->uuid));
return tpmif;
@@ -395,9 +401,6 @@ inline tpmif_t* __init_tpmif(domid_t domid, unsigned int handle)
void __free_tpmif(tpmif_t* tpmif)
{
- if(tpmif->pages) {
- free(tpmif->pages);
- }
if(tpmif->fe_path) {
free(tpmif->fe_path);
}
@@ -430,12 +433,6 @@ tpmif_t* new_tpmif(domid_t domid, unsigned int handle)
goto error;
}
- /* allocate pages to be used for shared mapping */
- if((tpmif->pages = malloc(sizeof(void*) * TPMIF_TX_RING_SIZE)) == NULL) {
- goto error;
- }
- memset(tpmif->pages, 0, sizeof(void*) * TPMIF_TX_RING_SIZE);
-
if(tpmif_change_state(tpmif, XenbusStateInitWait)) {
goto error;
}
@@ -486,7 +483,7 @@ void free_tpmif(tpmif_t* tpmif)
tpmif->status = DISCONNECTING;
mask_evtchn(tpmif->evtchn);
- if(gntmap_munmap(>pmdev.map, (unsigned long)tpmif->tx, 1)) {
+ if(gntmap_munmap(>pmdev.map, (unsigned long)tpmif->page, 1)) {
TPMBACK_ERR("%u/%u Error occured while trying to unmap shared page\n", (unsigned int) tpmif->domid, tpmif->handle);
}
@@ -529,15 +526,27 @@ void free_tpmif(tpmif_t* tpmif)
void tpmback_handler(evtchn_port_t port, struct pt_regs *regs, void *data)
{
tpmif_t* tpmif = (tpmif_t*) data;
- tpmif_tx_request_t* tx = &tpmif->tx->ring[0].req;
- /* Throw away 0 size events, these can trigger from event channel unmasking */
- if(tx->size == 0)
- return;
-
- TPMBACK_DEBUG("EVENT CHANNEL FIRE %u/%u\n", (unsigned int) tpmif->domid, tpmif->handle);
- tpmif_req_ready(tpmif);
- wake_up(&waitq);
+ vtpm_shared_page_t* pg = tpmif->page;
+ switch (pg->state)
+ {
+ case VTPM_STATE_SUBMIT:
+ TPMBACK_DEBUG("EVENT CHANNEL FIRE %u/%u\n", (unsigned int) tpmif->domid, tpmif->handle);
+ tpmif_req_ready(tpmif);
+ wake_up(&waitq);
+ break;
+ case VTPM_STATE_CANCEL:
+ /* If we are busy with a request, do nothing */
+ if (tpmif->flags & TPMIF_REQ_READY)
+ return;
+ /* Acknowledge the cancellation if we are idle */
+ pg->state = VTPM_STATE_IDLE;
+ notify_remote_via_evtchn(tpmif->evtchn);
+ return;
+ default:
+ /* Spurious wakeup; do nothing */
+ return;
+ }
}
/* Connect to frontend */
@@ -584,12 +593,25 @@ int connect_fe(tpmif_t* tpmif)
}
free(value);
+ /* Check that protocol v2 is being used */
+ snprintf(path, 512, "%s/feature-protocol-v2", tpmif->fe_path);
+ if((err = xenbus_read(XBT_NIL, path, &value))) {
+ TPMBACK_ERR("Unable to read %s during tpmback initialization! error = %s\n", path, err);
+ free(err);
+ return -1;
+ }
+ if(strcmp(value, "1")) {
+ TPMBACK_ERR("%s has an invalid value (%s)\n", path, value);
+ free(value);
+ return -1;
+ }
+ free(value);
+
domid = tpmif->domid;
- if((tpmif->tx = gntmap_map_grant_refs(>pmdev.map, 1, &domid, 0, &ringref, PROT_READ | PROT_WRITE)) == NULL) {
+ if((tpmif->page = gntmap_map_grant_refs(>pmdev.map, 1, &domid, 0, &ringref, PROT_READ | PROT_WRITE)) == NULL) {
TPMBACK_ERR("Failed to map grant reference %u/%u\n", (unsigned int) tpmif->domid, tpmif->handle);
return -1;
}
- memset(tpmif->tx, 0, PAGE_SIZE);
/*Bind the event channel */
if((evtchn_bind_interdomain(tpmif->domid, evtchn, tpmback_handler, tpmif, &tpmif->evtchn)))
@@ -618,7 +640,7 @@ error_post_evtchn:
mask_evtchn(tpmif->evtchn);
unbind_evtchn(tpmif->evtchn);
error_post_map:
- gntmap_munmap(>pmdev.map, (unsigned long)tpmif->tx, 1);
+ gntmap_munmap(>pmdev.map, (unsigned long)tpmif->page, 1);
return -1;
}
@@ -874,6 +896,7 @@ void shutdown_tpmback(void)
inline void init_tpmcmd(tpmcmd_t* tpmcmd, domid_t domid, unsigned int handle, unsigned char uuid[16])
{
tpmcmd->domid = domid;
+ tpmcmd->locality = -1;
tpmcmd->handle = handle;
memcpy(tpmcmd->uuid, uuid, sizeof(tpmcmd->uuid));
tpmcmd->req = NULL;
@@ -884,12 +907,12 @@ inline void init_tpmcmd(tpmcmd_t* tpmcmd, domid_t domid, unsigned int handle, un
tpmcmd_t* get_request(tpmif_t* tpmif) {
tpmcmd_t* cmd;
- tpmif_tx_request_t* tx;
- int offset;
- int tocopy;
- int i;
- uint32_t domid;
+ vtpm_shared_page_t* shr;
+ unsigned int offset;
int flags;
+#ifdef TPMBACK_PRINT_DEBUG
+ int i;
+#endif
local_irq_save(flags);
@@ -899,35 +922,22 @@ tpmcmd_t* get_request(tpmif_t* tpmif) {
}
init_tpmcmd(cmd, tpmif->domid, tpmif->handle, tpmif->uuid);
- tx = &tpmif->tx->ring[0].req;
- cmd->req_len = tx->size;
+ shr = tpmif->page;
+ cmd->req_len = shr->length;
+ cmd->locality = shr->locality;
+ offset = sizeof(*shr) + 4*shr->nr_extra_pages;
+ if (offset > PAGE_SIZE || offset + cmd->req_len > PAGE_SIZE) {
+ TPMBACK_ERR("%u/%u Command size too long for shared page!\n", (unsigned int) tpmif->domid, tpmif->handle);
+ goto error;
+ }
/* Allocate the buffer */
if(cmd->req_len) {
if((cmd->req = malloc(cmd->req_len)) == NULL) {
goto error;
}
}
- /* Copy the bits from the shared pages */
- offset = 0;
- for(i = 0; i < TPMIF_TX_RING_SIZE && offset < cmd->req_len; ++i) {
- tx = &tpmif->tx->ring[i].req;
-
- /* Map the page with the data */
- domid = (uint32_t)tpmif->domid;
- if((tpmif->pages[i] = gntmap_map_grant_refs(>pmdev.map, 1, &domid, 0, &tx->ref, PROT_READ)) == NULL) {
- TPMBACK_ERR("%u/%u Unable to map shared page during read!\n", (unsigned int) tpmif->domid, tpmif->handle);
- goto error;
- }
-
- /* do the copy now */
- tocopy = min(cmd->req_len - offset, PAGE_SIZE);
- memcpy(&cmd->req[offset], tpmif->pages[i], tocopy);
- offset += tocopy;
-
- /* release the page */
- gntmap_munmap(>pmdev.map, (unsigned long)tpmif->pages[i], 1);
-
- }
+ /* Copy the bits from the shared page(s) */
+ memcpy(cmd->req, offset + (uint8_t*)shr, cmd->req_len);
#ifdef TPMBACK_PRINT_DEBUG
TPMBACK_DEBUG("Received Tpm Command from %u/%u of size %u", (unsigned int) tpmif->domid, tpmif->handle, cmd->req_len);
@@ -958,38 +968,24 @@ error:
void send_response(tpmcmd_t* cmd, tpmif_t* tpmif)
{
- tpmif_tx_request_t* tx;
- int offset;
- int i;
- uint32_t domid;
- int tocopy;
+ vtpm_shared_page_t* shr;
+ unsigned int offset;
int flags;
+#ifdef TPMBACK_PRINT_DEBUG
+int i;
+#endif
local_irq_save(flags);
- tx = &tpmif->tx->ring[0].req;
- tx->size = cmd->resp_len;
-
- offset = 0;
- for(i = 0; i < TPMIF_TX_RING_SIZE && offset < cmd->resp_len; ++i) {
- tx = &tpmif->tx->ring[i].req;
-
- /* Map the page with the data */
- domid = (uint32_t)tpmif->domid;
- if((tpmif->pages[i] = gntmap_map_grant_refs(>pmdev.map, 1, &domid, 0, &tx->ref, PROT_WRITE)) == NULL) {
- TPMBACK_ERR("%u/%u Unable to map shared page during write!\n", (unsigned int) tpmif->domid, tpmif->handle);
- goto error;
- }
-
- /* do the copy now */
- tocopy = min(cmd->resp_len - offset, PAGE_SIZE);
- memcpy(tpmif->pages[i], &cmd->resp[offset], tocopy);
- offset += tocopy;
-
- /* release the page */
- gntmap_munmap(>pmdev.map, (unsigned long)tpmif->pages[i], 1);
+ shr = tpmif->page;
+ shr->length = cmd->resp_len;
+ offset = sizeof(*shr) + 4*shr->nr_extra_pages;
+ if (offset > PAGE_SIZE || offset + cmd->resp_len > PAGE_SIZE) {
+ TPMBACK_ERR("%u/%u Command size too long for shared page!\n", (unsigned int) tpmif->domid, tpmif->handle);
+ goto error;
}
+ memcpy(offset + (uint8_t*)shr, cmd->resp, cmd->resp_len);
#ifdef TPMBACK_PRINT_DEBUG
TPMBACK_DEBUG("Sent response to %u/%u of size %u", (unsigned int) tpmif->domid, tpmif->handle, cmd->resp_len);
@@ -1003,6 +999,7 @@ void send_response(tpmcmd_t* cmd, tpmif_t* tpmif)
#endif
/* clear the ready flag and send the event channel notice to the frontend */
tpmif_req_finished(tpmif);
+ shr->state = VTPM_STATE_FINISH;
notify_remote_via_evtchn(tpmif->evtchn);
error:
local_irq_restore(flags);
--git a/extras/mini-os/tpmfront.c b/extras/mini-os/tpmfront.c
index 0218d7f..a15b5cf 100644
--- a/extras/mini-os/tpmfront.c
+++ b/extras/mini-os/tpmfront.c
@@ -47,11 +47,21 @@
void tpmfront_handler(evtchn_port_t port, struct pt_regs *regs, void *data) {
struct tpmfront_dev* dev = (struct tpmfront_dev*) data;
+ vtpm_shared_page_t* shr = dev->page;
/*If we get a response when we didnt make a request, just ignore it */
if(!dev->waiting) {
return;
}
+ switch (shr->state) {
+ case VTPM_STATE_FINISH: /* request was completed */
+ case VTPM_STATE_IDLE: /* request was cancelled */
+ break;
+ default:
+ /* Spurious wakeup; do nothing, request is still pending */
+ return;
+ }
+
dev->waiting = 0;
#ifdef HAVE_LIBC
if(dev->fd >= 0) {
@@ -176,7 +186,7 @@ static int wait_for_backend_state_changed(struct tpmfront_dev* dev, XenbusState
ret = wait_for_backend_closed(&events, path);
break;
default:
- break;
+ TPMFRONT_ERR("Bad wait state %d, ignoring\n", state);
}
if((err = xenbus_unwatch_path_token(XBT_NIL, path, path))) {
@@ -190,13 +200,13 @@ static int tpmfront_connect(struct tpmfront_dev* dev)
{
char* err;
/* Create shared page */
- dev->tx = (tpmif_tx_interface_t*) alloc_page();
- if(dev->tx == NULL) {
+ dev->page = (vtpm_shared_page_t*) alloc_page();
+ if(dev->page == NULL) {
TPMFRONT_ERR("Unable to allocate page for shared memory\n");
goto error;
}
- memset(dev->tx, 0, PAGE_SIZE);
- dev->ring_ref = gnttab_grant_access(dev->bedomid, virt_to_mfn(dev->tx), 0);
+ memset(dev->page, 0, PAGE_SIZE);
+ dev->ring_ref = gnttab_grant_access(dev->bedomid, virt_to_mfn(dev->page), 0);
TPMFRONT_DEBUG("grant ref is %lu\n", (unsigned long) dev->ring_ref);
/*Create event channel */
@@ -228,7 +238,7 @@ error_postevtchn:
unbind_evtchn(dev->evtchn);
error_postmap:
gnttab_end_access(dev->ring_ref);
- free_page(dev->tx);
+ free_page(dev->page);
error:
return -1;
}
@@ -240,7 +250,6 @@ struct tpmfront_dev* init_tpmfront(const char* _nodename)
char path[512];
char* value, *err;
unsigned long long ival;
- int i;
printk("============= Init TPM Front ================\n");
@@ -279,6 +288,15 @@ struct tpmfront_dev* init_tpmfront(const char* _nodename)
goto error;
}
+ /* Publish protocol v2 feature */
+ snprintf(path, 512, "%s/feature-protocol-v2", dev->nodename);
+ if ((err = xenbus_write(XBT_NIL, path, "1")))
+ {
+ TPMFRONT_ERR("Unable to write feature-protocol-v2 node: %s\n", err);
+ free(err);
+ goto error;
+ }
+
/* Create and publish grant reference and event channel */
if (tpmfront_connect(dev)) {
goto error;
@@ -289,18 +307,19 @@ struct tpmfront_dev* init_tpmfront(const char* _nodename)
goto error;
}
- /* Allocate pages that will contain the messages */
- dev->pages = malloc(sizeof(void*) * TPMIF_TX_RING_SIZE);
- if(dev->pages == NULL) {
+ /* Ensure backend is also using protocol v2 */
+ snprintf(path, 512, "%s/feature-protocol-v2", dev->bepath);
+ if((err = xenbus_read(XBT_NIL, path, &value))) {
+ TPMFRONT_ERR("Unable to read %s during tpmfront initialization! error = %s\n", path, err);
+ free(err);
goto error;
}
- memset(dev->pages, 0, sizeof(void*) * TPMIF_TX_RING_SIZE);
- for(i = 0; i < TPMIF_TX_RING_SIZE; ++i) {
- dev->pages[i] = (void*)alloc_page();
- if(dev->pages[i] == NULL) {
- goto error;
- }
+ if(strcmp(value, "1")) {
+ TPMFRONT_ERR("%s has an invalid value (%s)\n", path, value);
+ free(value);
+ goto error;
}
+ free(value);
TPMFRONT_LOG("Initialization Completed successfully\n");
@@ -314,8 +333,6 @@ void shutdown_tpmfront(struct tpmfront_dev* dev)
{
char* err;
char path[512];
- int i;
- tpmif_tx_request_t* tx;
if(dev == NULL) {
return;
}
@@ -349,27 +366,12 @@ void shutdown_tpmfront(struct tpmfront_dev* dev)
/* Wait for the backend to close and unmap shared pages, ignore any errors */
wait_for_backend_state_changed(dev, XenbusStateClosed);
- /* Cleanup any shared pages */
- if(dev->pages) {
- for(i = 0; i < TPMIF_TX_RING_SIZE; ++i) {
- if(dev->pages[i]) {
- tx = &dev->tx->ring[i].req;
- if(tx->ref != 0) {
- gnttab_end_access(tx->ref);
- }
- free_page(dev->pages[i]);
- }
- }
- free(dev->pages);
- }
-
/* Close event channel and unmap shared page */
mask_evtchn(dev->evtchn);
unbind_evtchn(dev->evtchn);
gnttab_end_access(dev->ring_ref);
- free_page(dev->tx);
-
+ free_page(dev->page);
}
/* Cleanup memory usage */
@@ -387,13 +389,17 @@ void shutdown_tpmfront(struct tpmfront_dev* dev)
int tpmfront_send(struct tpmfront_dev* dev, const uint8_t* msg, size_t length)
{
+ unsigned int offset;
+ vtpm_shared_page_t* shr = NULL;
+#ifdef TPMFRONT_PRINT_DEBUG
int i;
- tpmif_tx_request_t* tx = NULL;
+#endif
/* Error Checking */
if(dev == NULL || dev->state != XenbusStateConnected) {
TPMFRONT_ERR("Tried to send message through disconnected frontend\n");
return -1;
}
+ shr = dev->page;
#ifdef TPMFRONT_PRINT_DEBUG
TPMFRONT_DEBUG("Sending Msg to backend size=%u", (unsigned int) length);
@@ -407,19 +413,16 @@ int tpmfront_send(struct tpmfront_dev* dev, const uint8_t* msg, size_t length)
#endif
/* Copy to shared pages now */
- for(i = 0; length > 0 && i < TPMIF_TX_RING_SIZE; ++i) {
- /* Share the page */
- tx = &dev->tx->ring[i].req;
- tx->unused = 0;
- tx->addr = virt_to_mach(dev->pages[i]);
- tx->ref = gnttab_grant_access(dev->bedomid, virt_to_mfn(dev->pages[i]), 0);
- /* Copy the bits to the page */
- tx->size = length > PAGE_SIZE ? PAGE_SIZE : length;
- memcpy(dev->pages[i], &msg[i * PAGE_SIZE], tx->size);
-
- /* Update counters */
- length -= tx->size;
+ offset = sizeof(*shr);
+ if (length + offset > PAGE_SIZE) {
+ TPMFRONT_ERR("Message too long for shared page\n");
+ return -1;
}
+ memcpy(offset + (uint8_t*)shr, msg, length);
+ shr->length = length;
+ barrier();
+ shr->state = VTPM_STATE_SUBMIT;
+
dev->waiting = 1;
dev->resplen = 0;
#ifdef HAVE_LIBC
@@ -434,44 +437,44 @@ int tpmfront_send(struct tpmfront_dev* dev, const uint8_t* msg, size_t length)
}
int tpmfront_recv(struct tpmfront_dev* dev, uint8_t** msg, size_t *length)
{
- tpmif_tx_request_t* tx;
- int i;
+ unsigned int offset;
+ vtpm_shared_page_t* shr = NULL;
+#ifdef TPMFRONT_PRINT_DEBUG
+int i;
+#endif
if(dev == NULL || dev->state != XenbusStateConnected) {
TPMFRONT_ERR("Tried to receive message from disconnected frontend\n");
return -1;
}
/*Wait for the response */
wait_event(dev->waitq, (!dev->waiting));
+ shr = dev->page;
/* Initialize */
*msg = NULL;
*length = 0;
+ offset = sizeof(*shr);
- /* special case, just quit */
- tx = &dev->tx->ring[0].req;
- if(tx->size == 0 ) {
- goto quit;
- }
- /* Get the total size */
- tx = &dev->tx->ring[0].req;
- for(i = 0; i < TPMIF_TX_RING_SIZE && tx->size > 0; ++i) {
- tx = &dev->tx->ring[i].req;
- *length += tx->size;
+ if (shr->state != VTPM_STATE_FINISH)
+ goto quit;
+
+ *length = shr->length;
+
+ if (*length + offset > PAGE_SIZE) {
+ TPMFRONT_ERR("Reply too long for shared page\n");
+ return -1;
}
+
/* Alloc the buffer */
if(dev->respbuf) {
free(dev->respbuf);
}
*msg = dev->respbuf = malloc(*length);
dev->resplen = *length;
+
/* Copy the bits */
- tx = &dev->tx->ring[0].req;
- for(i = 0; i < TPMIF_TX_RING_SIZE && tx->size > 0; ++i) {
- tx = &dev->tx->ring[i].req;
- memcpy(&(*msg)[i * PAGE_SIZE], dev->pages[i], tx->size);
- gnttab_end_access(tx->ref);
- tx->ref = 0;
- }
+ memcpy(*msg, offset + (uint8_t*)shr, *length);
+
#ifdef TPMFRONT_PRINT_DEBUG
TPMFRONT_DEBUG("Received response from backend size=%u", (unsigned int) *length);
for(i = 0; i < *length; ++i) {
@@ -504,6 +507,14 @@ int tpmfront_cmd(struct tpmfront_dev* dev, uint8_t* req, size_t reqlen, uint8_t*
return 0;
}
+int tpmfront_set_locality(struct tpmfront_dev* dev, int locality)
+{
+ if (!dev || !dev->page)
+ return -1;
+ dev->page->locality = locality;
+ return 0;
+}
+
#ifdef HAVE_LIBC
#include <errno.h>
int tpmfront_open(struct tpmfront_dev* dev)
diff --git a/xen/include/public/io/tpmif.h b/xen/include/public/io/tpmif.h
index fca2c4e..ab0c652 100644
--- a/xen/include/public/io/tpmif.h
+++ b/xen/include/public/io/tpmif.h
@@ -1,7 +1,7 @@
/******************************************************************************
* tpmif.h
*
- * TPM I/O interface for Xen guest OSes.
+ * TPM I/O interface for Xen guest OSes, v2
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to
@@ -21,48 +21,31 @@
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*
- * Copyright (c) 2005, IBM Corporation
- *
- * Author: Stefan Berger, stefanb@us.ibm.com
- * Grant table support: Mahadevan Gomathisankaran
- *
- * This code has been derived from tools/libxc/xen/io/netif.h
- *
- * Copyright (c) 2003-2004, Keir Fraser
*/
#ifndef __XEN_PUBLIC_IO_TPMIF_H__
#define __XEN_PUBLIC_IO_TPMIF_H__
-#include "../grant_table.h"
-
-struct tpmif_tx_request {
- unsigned long addr; /* Machine address of packet. */
- grant_ref_t ref; /* grant table access reference */
- uint16_t unused;
- uint16_t size; /* Packet size in bytes. */
+enum vtpm_state {
+ VTPM_STATE_IDLE, /* no contents / vTPM idle / cancel complete */
+ VTPM_STATE_SUBMIT, /* request ready / vTPM working */
+ VTPM_STATE_FINISH, /* response ready / vTPM idle */
+ VTPM_STATE_CANCEL, /* cancel requested / vTPM working */
};
-typedef struct tpmif_tx_request tpmif_tx_request_t;
+/* The backend should only change state to IDLE or FINISH, while the
+ * frontend should only change to SUBMIT or CANCEL. */
-/*
- * The TPMIF_TX_RING_SIZE defines the number of pages the
- * front-end and backend can exchange (= size of array).
- */
-typedef uint32_t TPMIF_RING_IDX;
-
-#define TPMIF_TX_RING_SIZE 1
+struct vtpm_shared_page {
+ uint32_t length; /* request/response length in bytes */
-/* This structure must fit in a memory page. */
-
-struct tpmif_ring {
- struct tpmif_tx_request req;
-};
-typedef struct tpmif_ring tpmif_ring_t;
+ uint8_t state; /* enum vtpm_state */
+ uint8_t locality; /* for the current request */
+ uint8_t pad; /* should be zero */
-struct tpmif_tx_interface {
- struct tpmif_ring ring[TPMIF_TX_RING_SIZE];
+ uint8_t nr_extra_pages; /* extra pages for long packets; may be zero */
+ uint32_t extra_pages[0]; /* grant IDs; length is actually nr_extra_pages */
};
-typedef struct tpmif_tx_interface tpmif_tx_interface_t;
+typedef struct vtpm_shared_page vtpm_shared_page_t;
#endif
--
1.8.1.4
^ permalink raw reply related [flat|nested] 25+ messages in thread* Re: [PATCH 01/12] mini-os/tpm{back, front}: Change shared page ABI
2013-03-21 20:11 ` [PATCH 01/12] mini-os/tpm{back, front}: Change shared page ABI Daniel De Graaf
@ 2013-03-26 16:29 ` Matthew Fioravante
2013-03-26 16:52 ` [PATCH] drivers/tpm: add xen tpmfront interface (Re: [PATCH 01/12]...) Daniel De Graaf
0 siblings, 1 reply; 25+ messages in thread
From: Matthew Fioravante @ 2013-03-26 16:29 UTC (permalink / raw)
To: Daniel De Graaf
Cc: Konrad Rzeszutek Wilk, Ian.Campbell@citrix.com,
xen-devel@lists.xen.org
[-- Attachment #1.1: Type: text/plain, Size: 26551 bytes --]
I'm going to merge your linux changes into my working linux patch with
the fixes that are in response to konrad's comments. Will test with this
on the mini-os end and get back to you.
After that, we can look at the remaining patches.
On 03/21/2013 04:11 PM, Daniel De Graaf wrote:
> This changes the vTPM shared page ABI from a copy of the Xen network
> interface to a single-page interface that better reflects the expected
> behavior of a TPM: only a single request packet can be sent at any given
> time, and every packet sent generates a single response packet. This
> protocol change should also increase efficiency as it avoids mapping and
> unmapping grants when possible. The vtpm xenbus device now requires a
> feature-protocol-v2 node in xenstore to avoid conflicts with existing
> (xen-patched) kernels supporting the old interface.
>
> While the contents of the shared page have been defined to allow packets
> larger than a single page (actually 4088 bytes) by allowing the client
> to add extra grant references, the mapping of these extra references has
> not been implemented; a feature node in xenstore may be used in the
> future to indicate full support for the multi-page protocol. Most uses
> of the TPM should not require this feature.
>
> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
>
> ---
>
> Changes from v4: use feature-protocol-v2 nodes instead of changing the
> device name; add command cancellation support to the protocol.
> ---
> extras/mini-os/include/tpmback.h | 1 +
> extras/mini-os/include/tpmfront.h | 7 +-
> extras/mini-os/tpmback.c | 161 +++++++++++++++++++-------------------
> extras/mini-os/tpmfront.c | 143 +++++++++++++++++----------------
> xen/include/public/io/tpmif.h | 49 ++++--------
> 5 files changed, 177 insertions(+), 184 deletions(-)
>
> diff --git a/extras/mini-os/include/tpmback.h b/extras/mini-os/include/tpmback.h
> index ff86732..ec9eda4 100644
> --- a/extras/mini-os/include/tpmback.h
> +++ b/extras/mini-os/include/tpmback.h
> @@ -43,6 +43,7 @@
>
> struct tpmcmd {
> domid_t domid; /* Domid of the frontend */
> + uint8_t locality; /* Locality requested by the frontend */
> unsigned int handle; /* Handle of the frontend */
> unsigned char uuid[16]; /* uuid of the tpm interface */
>
> diff --git a/extras/mini-os/include/tpmfront.h b/extras/mini-os/include/tpmfront.h
> index fd2cb17..a0c7c4d 100644
> --- a/extras/mini-os/include/tpmfront.h
> +++ b/extras/mini-os/include/tpmfront.h
> @@ -37,9 +37,7 @@ struct tpmfront_dev {
> grant_ref_t ring_ref;
> evtchn_port_t evtchn;
>
> - tpmif_tx_interface_t* tx;
> -
> - void** pages;
> + vtpm_shared_page_t *page;
>
> domid_t bedomid;
> char* nodename;
> @@ -77,6 +75,9 @@ void shutdown_tpmfront(struct tpmfront_dev* dev);
> * */
> int tpmfront_cmd(struct tpmfront_dev* dev, uint8_t* req, size_t reqlen, uint8_t** resp, size_t* resplen);
>
> +/* Set the locality used for communicating with a vTPM */
> +int tpmfront_set_locality(struct tpmfront_dev* dev, int locality);
> +
> #ifdef HAVE_LIBC
> #include <sys/stat.h>
> /* POSIX IO functions:
> diff --git a/extras/mini-os/tpmback.c b/extras/mini-os/tpmback.c
> index 658fed1..1398b37 100644
> --- a/extras/mini-os/tpmback.c
> +++ b/extras/mini-os/tpmback.c
> @@ -86,10 +86,7 @@ struct tpmif {
> evtchn_port_t evtchn;
>
> /* Shared page */
> - tpmif_tx_interface_t* tx;
> -
> - /* pointer to TPMIF_RX_RING_SIZE pages */
> - void** pages;
> + vtpm_shared_page_t *page;
>
> enum xenbus_state state;
> enum { DISCONNECTED, DISCONNECTING, CONNECTED } status;
> @@ -266,6 +263,7 @@ int insert_tpmif(tpmif_t* tpmif)
> unsigned int i, j;
> tpmif_t* tmp;
> char* err;
> + char path[512];
>
> local_irq_save(flags);
>
> @@ -303,6 +301,16 @@ int insert_tpmif(tpmif_t* tpmif)
>
> local_irq_restore(flags);
>
> + snprintf(path, 512, "backend/vtpm/%u/%u/feature-protocol-v2", (unsigned int) tpmif->domid, tpmif->handle);
> + if ((err = xenbus_write(XBT_NIL, path, "1")))
> + {
> + /* if we got an error here we should carefully remove the interface and then return */
> + TPMBACK_ERR("Unable to write feature-protocol-v2 node: %s\n", err);
> + free(err);
> + remove_tpmif(tpmif);
> + goto error_post_irq;
> + }
> +
> /*Listen for state changes on the new interface */
> if((err = xenbus_watch_path_token(XBT_NIL, tpmif->fe_state_path, tpmif->fe_state_path, >pmdev.events)))
> {
> @@ -312,7 +320,6 @@ int insert_tpmif(tpmif_t* tpmif)
> remove_tpmif(tpmif);
> goto error_post_irq;
> }
> -
> return 0;
> error:
> local_irq_restore(flags);
> @@ -386,8 +393,7 @@ inline tpmif_t* __init_tpmif(domid_t domid, unsigned int handle)
> tpmif->fe_state_path = NULL;
> tpmif->state = XenbusStateInitialising;
> tpmif->status = DISCONNECTED;
> - tpmif->tx = NULL;
> - tpmif->pages = NULL;
> + tpmif->page = NULL;
> tpmif->flags = 0;
> memset(tpmif->uuid, 0, sizeof(tpmif->uuid));
> return tpmif;
> @@ -395,9 +401,6 @@ inline tpmif_t* __init_tpmif(domid_t domid, unsigned int handle)
>
> void __free_tpmif(tpmif_t* tpmif)
> {
> - if(tpmif->pages) {
> - free(tpmif->pages);
> - }
> if(tpmif->fe_path) {
> free(tpmif->fe_path);
> }
> @@ -430,12 +433,6 @@ tpmif_t* new_tpmif(domid_t domid, unsigned int handle)
> goto error;
> }
>
> - /* allocate pages to be used for shared mapping */
> - if((tpmif->pages = malloc(sizeof(void*) * TPMIF_TX_RING_SIZE)) == NULL) {
> - goto error;
> - }
> - memset(tpmif->pages, 0, sizeof(void*) * TPMIF_TX_RING_SIZE);
> -
> if(tpmif_change_state(tpmif, XenbusStateInitWait)) {
> goto error;
> }
> @@ -486,7 +483,7 @@ void free_tpmif(tpmif_t* tpmif)
> tpmif->status = DISCONNECTING;
> mask_evtchn(tpmif->evtchn);
>
> - if(gntmap_munmap(>pmdev.map, (unsigned long)tpmif->tx, 1)) {
> + if(gntmap_munmap(>pmdev.map, (unsigned long)tpmif->page, 1)) {
> TPMBACK_ERR("%u/%u Error occured while trying to unmap shared page\n", (unsigned int) tpmif->domid, tpmif->handle);
> }
>
> @@ -529,15 +526,27 @@ void free_tpmif(tpmif_t* tpmif)
> void tpmback_handler(evtchn_port_t port, struct pt_regs *regs, void *data)
> {
> tpmif_t* tpmif = (tpmif_t*) data;
> - tpmif_tx_request_t* tx = &tpmif->tx->ring[0].req;
> - /* Throw away 0 size events, these can trigger from event channel unmasking */
> - if(tx->size == 0)
> - return;
> -
> - TPMBACK_DEBUG("EVENT CHANNEL FIRE %u/%u\n", (unsigned int) tpmif->domid, tpmif->handle);
> - tpmif_req_ready(tpmif);
> - wake_up(&waitq);
> + vtpm_shared_page_t* pg = tpmif->page;
>
> + switch (pg->state)
> + {
> + case VTPM_STATE_SUBMIT:
> + TPMBACK_DEBUG("EVENT CHANNEL FIRE %u/%u\n", (unsigned int) tpmif->domid, tpmif->handle);
> + tpmif_req_ready(tpmif);
> + wake_up(&waitq);
> + break;
> + case VTPM_STATE_CANCEL:
> + /* If we are busy with a request, do nothing */
> + if (tpmif->flags & TPMIF_REQ_READY)
> + return;
> + /* Acknowledge the cancellation if we are idle */
> + pg->state = VTPM_STATE_IDLE;
> + notify_remote_via_evtchn(tpmif->evtchn);
> + return;
> + default:
> + /* Spurious wakeup; do nothing */
> + return;
> + }
> }
>
> /* Connect to frontend */
> @@ -584,12 +593,25 @@ int connect_fe(tpmif_t* tpmif)
> }
> free(value);
>
> + /* Check that protocol v2 is being used */
> + snprintf(path, 512, "%s/feature-protocol-v2", tpmif->fe_path);
> + if((err = xenbus_read(XBT_NIL, path, &value))) {
> + TPMBACK_ERR("Unable to read %s during tpmback initialization! error = %s\n", path, err);
> + free(err);
> + return -1;
> + }
> + if(strcmp(value, "1")) {
> + TPMBACK_ERR("%s has an invalid value (%s)\n", path, value);
> + free(value);
> + return -1;
> + }
> + free(value);
> +
> domid = tpmif->domid;
> - if((tpmif->tx = gntmap_map_grant_refs(>pmdev.map, 1, &domid, 0, &ringref, PROT_READ | PROT_WRITE)) == NULL) {
> + if((tpmif->page = gntmap_map_grant_refs(>pmdev.map, 1, &domid, 0, &ringref, PROT_READ | PROT_WRITE)) == NULL) {
> TPMBACK_ERR("Failed to map grant reference %u/%u\n", (unsigned int) tpmif->domid, tpmif->handle);
> return -1;
> }
> - memset(tpmif->tx, 0, PAGE_SIZE);
>
> /*Bind the event channel */
> if((evtchn_bind_interdomain(tpmif->domid, evtchn, tpmback_handler, tpmif, &tpmif->evtchn)))
> @@ -618,7 +640,7 @@ error_post_evtchn:
> mask_evtchn(tpmif->evtchn);
> unbind_evtchn(tpmif->evtchn);
> error_post_map:
> - gntmap_munmap(>pmdev.map, (unsigned long)tpmif->tx, 1);
> + gntmap_munmap(>pmdev.map, (unsigned long)tpmif->page, 1);
> return -1;
> }
>
> @@ -874,6 +896,7 @@ void shutdown_tpmback(void)
> inline void init_tpmcmd(tpmcmd_t* tpmcmd, domid_t domid, unsigned int handle, unsigned char uuid[16])
> {
> tpmcmd->domid = domid;
> + tpmcmd->locality = -1;
> tpmcmd->handle = handle;
> memcpy(tpmcmd->uuid, uuid, sizeof(tpmcmd->uuid));
> tpmcmd->req = NULL;
> @@ -884,12 +907,12 @@ inline void init_tpmcmd(tpmcmd_t* tpmcmd, domid_t domid, unsigned int handle, un
>
> tpmcmd_t* get_request(tpmif_t* tpmif) {
> tpmcmd_t* cmd;
> - tpmif_tx_request_t* tx;
> - int offset;
> - int tocopy;
> - int i;
> - uint32_t domid;
> + vtpm_shared_page_t* shr;
> + unsigned int offset;
> int flags;
> +#ifdef TPMBACK_PRINT_DEBUG
> + int i;
> +#endif
>
> local_irq_save(flags);
>
> @@ -899,35 +922,22 @@ tpmcmd_t* get_request(tpmif_t* tpmif) {
> }
> init_tpmcmd(cmd, tpmif->domid, tpmif->handle, tpmif->uuid);
>
> - tx = &tpmif->tx->ring[0].req;
> - cmd->req_len = tx->size;
> + shr = tpmif->page;
> + cmd->req_len = shr->length;
> + cmd->locality = shr->locality;
> + offset = sizeof(*shr) + 4*shr->nr_extra_pages;
> + if (offset > PAGE_SIZE || offset + cmd->req_len > PAGE_SIZE) {
> + TPMBACK_ERR("%u/%u Command size too long for shared page!\n", (unsigned int) tpmif->domid, tpmif->handle);
> + goto error;
> + }
> /* Allocate the buffer */
> if(cmd->req_len) {
> if((cmd->req = malloc(cmd->req_len)) == NULL) {
> goto error;
> }
> }
> - /* Copy the bits from the shared pages */
> - offset = 0;
> - for(i = 0; i < TPMIF_TX_RING_SIZE && offset < cmd->req_len; ++i) {
> - tx = &tpmif->tx->ring[i].req;
> -
> - /* Map the page with the data */
> - domid = (uint32_t)tpmif->domid;
> - if((tpmif->pages[i] = gntmap_map_grant_refs(>pmdev.map, 1, &domid, 0, &tx->ref, PROT_READ)) == NULL) {
> - TPMBACK_ERR("%u/%u Unable to map shared page during read!\n", (unsigned int) tpmif->domid, tpmif->handle);
> - goto error;
> - }
> -
> - /* do the copy now */
> - tocopy = min(cmd->req_len - offset, PAGE_SIZE);
> - memcpy(&cmd->req[offset], tpmif->pages[i], tocopy);
> - offset += tocopy;
> -
> - /* release the page */
> - gntmap_munmap(>pmdev.map, (unsigned long)tpmif->pages[i], 1);
> -
> - }
> + /* Copy the bits from the shared page(s) */
> + memcpy(cmd->req, offset + (uint8_t*)shr, cmd->req_len);
>
> #ifdef TPMBACK_PRINT_DEBUG
> TPMBACK_DEBUG("Received Tpm Command from %u/%u of size %u", (unsigned int) tpmif->domid, tpmif->handle, cmd->req_len);
> @@ -958,38 +968,24 @@ error:
>
> void send_response(tpmcmd_t* cmd, tpmif_t* tpmif)
> {
> - tpmif_tx_request_t* tx;
> - int offset;
> - int i;
> - uint32_t domid;
> - int tocopy;
> + vtpm_shared_page_t* shr;
> + unsigned int offset;
> int flags;
> +#ifdef TPMBACK_PRINT_DEBUG
> +int i;
> +#endif
>
> local_irq_save(flags);
>
> - tx = &tpmif->tx->ring[0].req;
> - tx->size = cmd->resp_len;
> -
> - offset = 0;
> - for(i = 0; i < TPMIF_TX_RING_SIZE && offset < cmd->resp_len; ++i) {
> - tx = &tpmif->tx->ring[i].req;
> -
> - /* Map the page with the data */
> - domid = (uint32_t)tpmif->domid;
> - if((tpmif->pages[i] = gntmap_map_grant_refs(>pmdev.map, 1, &domid, 0, &tx->ref, PROT_WRITE)) == NULL) {
> - TPMBACK_ERR("%u/%u Unable to map shared page during write!\n", (unsigned int) tpmif->domid, tpmif->handle);
> - goto error;
> - }
> -
> - /* do the copy now */
> - tocopy = min(cmd->resp_len - offset, PAGE_SIZE);
> - memcpy(tpmif->pages[i], &cmd->resp[offset], tocopy);
> - offset += tocopy;
> -
> - /* release the page */
> - gntmap_munmap(>pmdev.map, (unsigned long)tpmif->pages[i], 1);
> + shr = tpmif->page;
> + shr->length = cmd->resp_len;
>
> + offset = sizeof(*shr) + 4*shr->nr_extra_pages;
> + if (offset > PAGE_SIZE || offset + cmd->resp_len > PAGE_SIZE) {
> + TPMBACK_ERR("%u/%u Command size too long for shared page!\n", (unsigned int) tpmif->domid, tpmif->handle);
> + goto error;
> }
> + memcpy(offset + (uint8_t*)shr, cmd->resp, cmd->resp_len);
>
> #ifdef TPMBACK_PRINT_DEBUG
> TPMBACK_DEBUG("Sent response to %u/%u of size %u", (unsigned int) tpmif->domid, tpmif->handle, cmd->resp_len);
> @@ -1003,6 +999,7 @@ void send_response(tpmcmd_t* cmd, tpmif_t* tpmif)
> #endif
> /* clear the ready flag and send the event channel notice to the frontend */
> tpmif_req_finished(tpmif);
> + shr->state = VTPM_STATE_FINISH;
> notify_remote_via_evtchn(tpmif->evtchn);
> error:
> local_irq_restore(flags);
> diff --git a/extras/mini-os/tpmfront.c b/extras/mini-os/tpmfront.c
> index 0218d7f..a15b5cf 100644
> --- a/extras/mini-os/tpmfront.c
> +++ b/extras/mini-os/tpmfront.c
> @@ -47,11 +47,21 @@
>
> void tpmfront_handler(evtchn_port_t port, struct pt_regs *regs, void *data) {
> struct tpmfront_dev* dev = (struct tpmfront_dev*) data;
> + vtpm_shared_page_t* shr = dev->page;
> /*If we get a response when we didnt make a request, just ignore it */
> if(!dev->waiting) {
> return;
> }
>
> + switch (shr->state) {
> + case VTPM_STATE_FINISH: /* request was completed */
> + case VTPM_STATE_IDLE: /* request was cancelled */
> + break;
> + default:
> + /* Spurious wakeup; do nothing, request is still pending */
> + return;
> + }
> +
> dev->waiting = 0;
> #ifdef HAVE_LIBC
> if(dev->fd >= 0) {
> @@ -176,7 +186,7 @@ static int wait_for_backend_state_changed(struct tpmfront_dev* dev, XenbusState
> ret = wait_for_backend_closed(&events, path);
> break;
> default:
> - break;
> + TPMFRONT_ERR("Bad wait state %d, ignoring\n", state);
> }
>
> if((err = xenbus_unwatch_path_token(XBT_NIL, path, path))) {
> @@ -190,13 +200,13 @@ static int tpmfront_connect(struct tpmfront_dev* dev)
> {
> char* err;
> /* Create shared page */
> - dev->tx = (tpmif_tx_interface_t*) alloc_page();
> - if(dev->tx == NULL) {
> + dev->page = (vtpm_shared_page_t*) alloc_page();
> + if(dev->page == NULL) {
> TPMFRONT_ERR("Unable to allocate page for shared memory\n");
> goto error;
> }
> - memset(dev->tx, 0, PAGE_SIZE);
> - dev->ring_ref = gnttab_grant_access(dev->bedomid, virt_to_mfn(dev->tx), 0);
> + memset(dev->page, 0, PAGE_SIZE);
> + dev->ring_ref = gnttab_grant_access(dev->bedomid, virt_to_mfn(dev->page), 0);
> TPMFRONT_DEBUG("grant ref is %lu\n", (unsigned long) dev->ring_ref);
>
> /*Create event channel */
> @@ -228,7 +238,7 @@ error_postevtchn:
> unbind_evtchn(dev->evtchn);
> error_postmap:
> gnttab_end_access(dev->ring_ref);
> - free_page(dev->tx);
> + free_page(dev->page);
> error:
> return -1;
> }
> @@ -240,7 +250,6 @@ struct tpmfront_dev* init_tpmfront(const char* _nodename)
> char path[512];
> char* value, *err;
> unsigned long long ival;
> - int i;
>
> printk("============= Init TPM Front ================\n");
>
> @@ -279,6 +288,15 @@ struct tpmfront_dev* init_tpmfront(const char* _nodename)
> goto error;
> }
>
> + /* Publish protocol v2 feature */
> + snprintf(path, 512, "%s/feature-protocol-v2", dev->nodename);
> + if ((err = xenbus_write(XBT_NIL, path, "1")))
> + {
> + TPMFRONT_ERR("Unable to write feature-protocol-v2 node: %s\n", err);
> + free(err);
> + goto error;
> + }
> +
> /* Create and publish grant reference and event channel */
> if (tpmfront_connect(dev)) {
> goto error;
> @@ -289,18 +307,19 @@ struct tpmfront_dev* init_tpmfront(const char* _nodename)
> goto error;
> }
>
> - /* Allocate pages that will contain the messages */
> - dev->pages = malloc(sizeof(void*) * TPMIF_TX_RING_SIZE);
> - if(dev->pages == NULL) {
> + /* Ensure backend is also using protocol v2 */
> + snprintf(path, 512, "%s/feature-protocol-v2", dev->bepath);
> + if((err = xenbus_read(XBT_NIL, path, &value))) {
> + TPMFRONT_ERR("Unable to read %s during tpmfront initialization! error = %s\n", path, err);
> + free(err);
> goto error;
> }
> - memset(dev->pages, 0, sizeof(void*) * TPMIF_TX_RING_SIZE);
> - for(i = 0; i < TPMIF_TX_RING_SIZE; ++i) {
> - dev->pages[i] = (void*)alloc_page();
> - if(dev->pages[i] == NULL) {
> - goto error;
> - }
> + if(strcmp(value, "1")) {
> + TPMFRONT_ERR("%s has an invalid value (%s)\n", path, value);
> + free(value);
> + goto error;
> }
> + free(value);
>
> TPMFRONT_LOG("Initialization Completed successfully\n");
>
> @@ -314,8 +333,6 @@ void shutdown_tpmfront(struct tpmfront_dev* dev)
> {
> char* err;
> char path[512];
> - int i;
> - tpmif_tx_request_t* tx;
> if(dev == NULL) {
> return;
> }
> @@ -349,27 +366,12 @@ void shutdown_tpmfront(struct tpmfront_dev* dev)
> /* Wait for the backend to close and unmap shared pages, ignore any errors */
> wait_for_backend_state_changed(dev, XenbusStateClosed);
>
> - /* Cleanup any shared pages */
> - if(dev->pages) {
> - for(i = 0; i < TPMIF_TX_RING_SIZE; ++i) {
> - if(dev->pages[i]) {
> - tx = &dev->tx->ring[i].req;
> - if(tx->ref != 0) {
> - gnttab_end_access(tx->ref);
> - }
> - free_page(dev->pages[i]);
> - }
> - }
> - free(dev->pages);
> - }
> -
> /* Close event channel and unmap shared page */
> mask_evtchn(dev->evtchn);
> unbind_evtchn(dev->evtchn);
> gnttab_end_access(dev->ring_ref);
>
> - free_page(dev->tx);
> -
> + free_page(dev->page);
> }
>
> /* Cleanup memory usage */
> @@ -387,13 +389,17 @@ void shutdown_tpmfront(struct tpmfront_dev* dev)
>
> int tpmfront_send(struct tpmfront_dev* dev, const uint8_t* msg, size_t length)
> {
> + unsigned int offset;
> + vtpm_shared_page_t* shr = NULL;
> +#ifdef TPMFRONT_PRINT_DEBUG
> int i;
> - tpmif_tx_request_t* tx = NULL;
> +#endif
> /* Error Checking */
> if(dev == NULL || dev->state != XenbusStateConnected) {
> TPMFRONT_ERR("Tried to send message through disconnected frontend\n");
> return -1;
> }
> + shr = dev->page;
>
> #ifdef TPMFRONT_PRINT_DEBUG
> TPMFRONT_DEBUG("Sending Msg to backend size=%u", (unsigned int) length);
> @@ -407,19 +413,16 @@ int tpmfront_send(struct tpmfront_dev* dev, const uint8_t* msg, size_t length)
> #endif
>
> /* Copy to shared pages now */
> - for(i = 0; length > 0 && i < TPMIF_TX_RING_SIZE; ++i) {
> - /* Share the page */
> - tx = &dev->tx->ring[i].req;
> - tx->unused = 0;
> - tx->addr = virt_to_mach(dev->pages[i]);
> - tx->ref = gnttab_grant_access(dev->bedomid, virt_to_mfn(dev->pages[i]), 0);
> - /* Copy the bits to the page */
> - tx->size = length > PAGE_SIZE ? PAGE_SIZE : length;
> - memcpy(dev->pages[i], &msg[i * PAGE_SIZE], tx->size);
> -
> - /* Update counters */
> - length -= tx->size;
> + offset = sizeof(*shr);
> + if (length + offset > PAGE_SIZE) {
> + TPMFRONT_ERR("Message too long for shared page\n");
> + return -1;
> }
> + memcpy(offset + (uint8_t*)shr, msg, length);
> + shr->length = length;
> + barrier();
> + shr->state = VTPM_STATE_SUBMIT;
> +
> dev->waiting = 1;
> dev->resplen = 0;
> #ifdef HAVE_LIBC
> @@ -434,44 +437,44 @@ int tpmfront_send(struct tpmfront_dev* dev, const uint8_t* msg, size_t length)
> }
> int tpmfront_recv(struct tpmfront_dev* dev, uint8_t** msg, size_t *length)
> {
> - tpmif_tx_request_t* tx;
> - int i;
> + unsigned int offset;
> + vtpm_shared_page_t* shr = NULL;
> +#ifdef TPMFRONT_PRINT_DEBUG
> +int i;
> +#endif
> if(dev == NULL || dev->state != XenbusStateConnected) {
> TPMFRONT_ERR("Tried to receive message from disconnected frontend\n");
> return -1;
> }
> /*Wait for the response */
> wait_event(dev->waitq, (!dev->waiting));
> + shr = dev->page;
>
> /* Initialize */
> *msg = NULL;
> *length = 0;
> + offset = sizeof(*shr);
>
> - /* special case, just quit */
> - tx = &dev->tx->ring[0].req;
> - if(tx->size == 0 ) {
> - goto quit;
> - }
> - /* Get the total size */
> - tx = &dev->tx->ring[0].req;
> - for(i = 0; i < TPMIF_TX_RING_SIZE && tx->size > 0; ++i) {
> - tx = &dev->tx->ring[i].req;
> - *length += tx->size;
> + if (shr->state != VTPM_STATE_FINISH)
> + goto quit;
> +
> + *length = shr->length;
> +
> + if (*length + offset > PAGE_SIZE) {
> + TPMFRONT_ERR("Reply too long for shared page\n");
> + return -1;
> }
> +
> /* Alloc the buffer */
> if(dev->respbuf) {
> free(dev->respbuf);
> }
> *msg = dev->respbuf = malloc(*length);
> dev->resplen = *length;
> +
> /* Copy the bits */
> - tx = &dev->tx->ring[0].req;
> - for(i = 0; i < TPMIF_TX_RING_SIZE && tx->size > 0; ++i) {
> - tx = &dev->tx->ring[i].req;
> - memcpy(&(*msg)[i * PAGE_SIZE], dev->pages[i], tx->size);
> - gnttab_end_access(tx->ref);
> - tx->ref = 0;
> - }
> + memcpy(*msg, offset + (uint8_t*)shr, *length);
> +
> #ifdef TPMFRONT_PRINT_DEBUG
> TPMFRONT_DEBUG("Received response from backend size=%u", (unsigned int) *length);
> for(i = 0; i < *length; ++i) {
> @@ -504,6 +507,14 @@ int tpmfront_cmd(struct tpmfront_dev* dev, uint8_t* req, size_t reqlen, uint8_t*
> return 0;
> }
>
> +int tpmfront_set_locality(struct tpmfront_dev* dev, int locality)
> +{
> + if (!dev || !dev->page)
> + return -1;
> + dev->page->locality = locality;
> + return 0;
> +}
> +
> #ifdef HAVE_LIBC
> #include <errno.h>
> int tpmfront_open(struct tpmfront_dev* dev)
> diff --git a/xen/include/public/io/tpmif.h b/xen/include/public/io/tpmif.h
> index fca2c4e..ab0c652 100644
> --- a/xen/include/public/io/tpmif.h
> +++ b/xen/include/public/io/tpmif.h
> @@ -1,7 +1,7 @@
> /******************************************************************************
> * tpmif.h
> *
> - * TPM I/O interface for Xen guest OSes.
> + * TPM I/O interface for Xen guest OSes, v2
> *
> * Permission is hereby granted, free of charge, to any person obtaining a copy
> * of this software and associated documentation files (the "Software"), to
> @@ -21,48 +21,31 @@
> * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
> * DEALINGS IN THE SOFTWARE.
> *
> - * Copyright (c) 2005, IBM Corporation
> - *
> - * Author: Stefan Berger, stefanb@us.ibm.com
> - * Grant table support: Mahadevan Gomathisankaran
> - *
> - * This code has been derived from tools/libxc/xen/io/netif.h
> - *
> - * Copyright (c) 2003-2004, Keir Fraser
> */
>
> #ifndef __XEN_PUBLIC_IO_TPMIF_H__
> #define __XEN_PUBLIC_IO_TPMIF_H__
>
> -#include "../grant_table.h"
> -
> -struct tpmif_tx_request {
> - unsigned long addr; /* Machine address of packet. */
> - grant_ref_t ref; /* grant table access reference */
> - uint16_t unused;
> - uint16_t size; /* Packet size in bytes. */
> +enum vtpm_state {
> + VTPM_STATE_IDLE, /* no contents / vTPM idle / cancel complete */
> + VTPM_STATE_SUBMIT, /* request ready / vTPM working */
> + VTPM_STATE_FINISH, /* response ready / vTPM idle */
> + VTPM_STATE_CANCEL, /* cancel requested / vTPM working */
> };
> -typedef struct tpmif_tx_request tpmif_tx_request_t;
> +/* The backend should only change state to IDLE or FINISH, while the
> + * frontend should only change to SUBMIT or CANCEL. */
>
> -/*
> - * The TPMIF_TX_RING_SIZE defines the number of pages the
> - * front-end and backend can exchange (= size of array).
> - */
> -typedef uint32_t TPMIF_RING_IDX;
> -
> -#define TPMIF_TX_RING_SIZE 1
> +struct vtpm_shared_page {
> + uint32_t length; /* request/response length in bytes */
>
> -/* This structure must fit in a memory page. */
> -
> -struct tpmif_ring {
> - struct tpmif_tx_request req;
> -};
> -typedef struct tpmif_ring tpmif_ring_t;
> + uint8_t state; /* enum vtpm_state */
> + uint8_t locality; /* for the current request */
> + uint8_t pad; /* should be zero */
>
> -struct tpmif_tx_interface {
> - struct tpmif_ring ring[TPMIF_TX_RING_SIZE];
> + uint8_t nr_extra_pages; /* extra pages for long packets; may be zero */
> + uint32_t extra_pages[0]; /* grant IDs; length is actually nr_extra_pages */
> };
> -typedef struct tpmif_tx_interface tpmif_tx_interface_t;
> +typedef struct vtpm_shared_page vtpm_shared_page_t;
>
> #endif
>
> --
> 1.8.1.4
>
[-- Attachment #1.2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 1459 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 25+ messages in thread* [PATCH] drivers/tpm: add xen tpmfront interface (Re: [PATCH 01/12]...)
2013-03-26 16:29 ` Matthew Fioravante
@ 2013-03-26 16:52 ` Daniel De Graaf
2013-03-26 17:16 ` Matthew Fioravante
0 siblings, 1 reply; 25+ messages in thread
From: Daniel De Graaf @ 2013-03-26 16:52 UTC (permalink / raw)
To: Matthew Fioravante
Cc: Konrad Rzeszutek Wilk, Ian.Campbell@citrix.com,
xen-devel@lists.xen.org
Original subject: Re: [PATCH 01/12] mini-os/tpm{back,front}: Change shared page ABI
On 03/26/2013 12:29 PM, Matthew Fioravante wrote:
> I'm going to merge your linux changes into my working linux patch with the fixes that are in response to konrad's comments. Will test with this on the mini-os end and get back to you.
>
> After that, we can look at the remaining patches.
The changes that I posted to this vTPM patch still leave a lot of the
unneeded relics from using a packet interface for vTPM commands. The patch
below properly uses Linux's TPM interface, and is far simpler than the
other driver (while also supporting features such as command cancellation).
I would prefer that this driver be considered instead of my previously
posted patch to your forward port of the 2.6.18-xen.hg driver.
I have tested this patch with HVM and PV guests, interfacing with a mini-os
vTPM using my patches. The PV guest was tested both with and without pv-grub
loading the kernel and using the vTPM to report measurements.
---------------------8<--------------------------------------
[PATCH] drivers/tpm: add xen tpmfront interface
This is a complete rewrite of the Xen TPM frontend driver, taking
advantage of a simplified frontend/backend interface and adding support
for cancellation and timeouts.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
This patch is based off Linux 3.9-rc4
drivers/char/tpm/Kconfig | 11 +
drivers/char/tpm/Makefile | 1 +
drivers/char/tpm/xen-tpmfront.c | 423 +++++++++++++++++++++++++++++++++++++++
include/xen/interface/io/tpmif.h | 50 +++++
4 files changed, 485 insertions(+)
create mode 100644 drivers/char/tpm/xen-tpmfront.c
create mode 100644 include/xen/interface/io/tpmif.h
diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
index dbfd564..205ed35 100644
--- a/drivers/char/tpm/Kconfig
+++ b/drivers/char/tpm/Kconfig
@@ -91,4 +91,15 @@ config TCG_ST33_I2C
To compile this driver as a module, choose M here; the module will be
called tpm_stm_st33_i2c.
+config TCG_XEN
+ tristate "XEN TPM Interface"
+ depends on TCG_TPM && XEN
+ ---help---
+ If you want to make TPM support available to a Xen user domain,
+ say Yes and it will be accessible from within Linux. See
+ the manpages for xl, xl.conf, and docs/misc/vtpm.txt in
+ the Xen source repository for more details.
+ To compile this driver as a module, choose M here; the module
+ will be called xen-tpmfront.
+
endif # TCG_TPM
diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
index a3736c9..eb41ff9 100644
--- a/drivers/char/tpm/Makefile
+++ b/drivers/char/tpm/Makefile
@@ -18,3 +18,4 @@ obj-$(CONFIG_TCG_ATMEL) += tpm_atmel.o
obj-$(CONFIG_TCG_INFINEON) += tpm_infineon.o
obj-$(CONFIG_TCG_IBMVTPM) += tpm_ibmvtpm.o
obj-$(CONFIG_TCG_ST33_I2C) += tpm_i2c_stm_st33.o
+obj-$(CONFIG_TCG_XEN) += xen-tpmfront.o
diff --git a/drivers/char/tpm/xen-tpmfront.c b/drivers/char/tpm/xen-tpmfront.c
new file mode 100644
index 0000000..1eb8de1
--- /dev/null
+++ b/drivers/char/tpm/xen-tpmfront.c
@@ -0,0 +1,423 @@
+#include <linux/errno.h>
+#include <linux/err.h>
+#include <linux/interrupt.h>
+#include <linux/mutex.h>
+#include <linux/uaccess.h>
+#include <xen/events.h>
+#include <xen/interface/grant_table.h>
+#include <xen/interface/io/tpmif.h>
+#include <xen/grant_table.h>
+#include <xen/xenbus.h>
+#include <xen/page.h>
+#include "tpm.h"
+
+struct tpm_private {
+ struct tpm_chip *chip;
+ struct xenbus_device *dev;
+
+ struct vtpm_shared_page *shr;
+
+ unsigned int evtchn;
+ int ring_ref;
+ domid_t backend_id;
+};
+
+enum status_bits {
+ VTPM_STATUS_RUNNING = 0x1,
+ VTPM_STATUS_IDLE = 0x2,
+ VTPM_STATUS_RESULT = 0x4,
+ VTPM_STATUS_CANCELED = 0x8,
+};
+
+static u8 vtpm_status(struct tpm_chip *chip)
+{
+ struct tpm_private *priv = TPM_VPRIV(chip);
+ switch (priv->shr->state) {
+ case VTPM_STATE_IDLE:
+ return VTPM_STATUS_IDLE | VTPM_STATUS_CANCELED;
+ case VTPM_STATE_FINISH:
+ return VTPM_STATUS_IDLE | VTPM_STATUS_RESULT;
+ case VTPM_STATE_SUBMIT:
+ case VTPM_STATE_CANCEL: /* cancel requested, not yet canceled */
+ return VTPM_STATUS_RUNNING;
+ default:
+ return 0;
+ }
+}
+
+static bool vtpm_req_canceled(struct tpm_chip *chip, u8 status)
+{
+ return status & VTPM_STATUS_CANCELED;
+}
+
+static void vtpm_cancel(struct tpm_chip *chip)
+{
+ struct tpm_private *priv = TPM_VPRIV(chip);
+ priv->shr->state = VTPM_STATE_CANCEL;
+ notify_remote_via_evtchn(priv->evtchn);
+}
+
+static int vtpm_send(struct tpm_chip *chip, u8 *buf, size_t count)
+{
+ struct tpm_private *priv = TPM_VPRIV(chip);
+ struct vtpm_shared_page *shr = priv->shr;
+ unsigned int offset = sizeof(*shr) + 4*shr->nr_extra_pages;
+
+ u32 ordinal;
+ unsigned long duration;
+
+ if (count < TPM_HEADER_SIZE)
+ return -EIO;
+
+ if (offset > PAGE_SIZE)
+ return -EIO;
+
+ if (offset + count > PAGE_SIZE)
+ return -EIO;
+
+ /* Wait for completion of any existing command or cancellation */
+ if (wait_for_tpm_stat(chip, VTPM_STATUS_IDLE, chip->vendor.timeout_c,
+ &chip->vendor.read_queue, true) < 0) {
+ vtpm_cancel(chip);
+ return -ETIME;
+ }
+
+ memcpy(offset + (u8 *)shr, buf, count);
+ shr->length = count;
+ barrier();
+ shr->state = VTPM_STATE_SUBMIT;
+ notify_remote_via_evtchn(priv->evtchn);
+
+ ordinal = be32_to_cpu(*((__be32 *) (buf + 6)));
+ duration = tpm_calc_ordinal_duration(chip, ordinal);
+
+ if (wait_for_tpm_stat(chip, VTPM_STATUS_IDLE, duration,
+ &chip->vendor.read_queue, true) < 0) {
+ /* got a signal or timeout, try to cancel */
+ vtpm_cancel(chip);
+ return -ETIME;
+ }
+
+ return count;
+}
+
+static int vtpm_recv(struct tpm_chip *chip, u8 *buf, size_t count)
+{
+ struct tpm_private *priv = TPM_VPRIV(chip);
+ struct vtpm_shared_page *shr = priv->shr;
+ unsigned int offset = sizeof(*shr) + 4*shr->nr_extra_pages;
+ size_t length = shr->length;
+
+ if (shr->state == VTPM_STATE_IDLE)
+ return -ECANCELED;
+
+ /* In theory the wait at the end of _send makes this one unnecessary */
+ if (wait_for_tpm_stat(chip, VTPM_STATUS_RESULT, chip->vendor.timeout_c,
+ &chip->vendor.read_queue, true) < 0) {
+ vtpm_cancel(chip);
+ return -ETIME;
+ }
+
+ if (offset > PAGE_SIZE)
+ return -EIO;
+
+ if (offset + length > PAGE_SIZE)
+ length = PAGE_SIZE - offset;
+
+ if (length > count)
+ length = count;
+
+ memcpy(buf, offset + (u8 *)shr, count);
+
+ return length;
+}
+
+static const struct file_operations vtpm_ops = {
+ .owner = THIS_MODULE,
+ .llseek = no_llseek,
+ .open = tpm_open,
+ .read = tpm_read,
+ .write = tpm_write,
+ .release = tpm_release,
+};
+
+static DEVICE_ATTR(pubek, S_IRUGO, tpm_show_pubek, NULL);
+static DEVICE_ATTR(pcrs, S_IRUGO, tpm_show_pcrs, NULL);
+static DEVICE_ATTR(enabled, S_IRUGO, tpm_show_enabled, NULL);
+static DEVICE_ATTR(active, S_IRUGO, tpm_show_active, NULL);
+static DEVICE_ATTR(owned, S_IRUGO, tpm_show_owned, NULL);
+static DEVICE_ATTR(temp_deactivated, S_IRUGO, tpm_show_temp_deactivated,
+ NULL);
+static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps, NULL);
+static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel);
+static DEVICE_ATTR(durations, S_IRUGO, tpm_show_durations, NULL);
+static DEVICE_ATTR(timeouts, S_IRUGO, tpm_show_timeouts, NULL);
+
+static struct attribute *vtpm_attrs[] = {
+ &dev_attr_pubek.attr,
+ &dev_attr_pcrs.attr,
+ &dev_attr_enabled.attr,
+ &dev_attr_active.attr,
+ &dev_attr_owned.attr,
+ &dev_attr_temp_deactivated.attr,
+ &dev_attr_caps.attr,
+ &dev_attr_cancel.attr,
+ &dev_attr_durations.attr,
+ &dev_attr_timeouts.attr,
+ NULL,
+};
+
+static struct attribute_group vtpm_attr_grp = {
+ .attrs = vtpm_attrs
+};
+
+#define TPM_LONG_TIMEOUT (10 * 60 * HZ)
+
+static const struct tpm_vendor_specific tpm_vtpm = {
+ .status = vtpm_status,
+ .recv = vtpm_recv,
+ .send = vtpm_send,
+ .cancel = vtpm_cancel,
+ .req_complete_mask = VTPM_STATUS_IDLE | VTPM_STATUS_RESULT,
+ .req_complete_val = VTPM_STATUS_IDLE | VTPM_STATUS_RESULT,
+ .req_canceled = vtpm_req_canceled,
+ .attr_group = &vtpm_attr_grp,
+ .miscdev = {
+ .fops = &vtpm_ops,
+ },
+ .duration = {
+ TPM_LONG_TIMEOUT,
+ TPM_LONG_TIMEOUT,
+ TPM_LONG_TIMEOUT,
+ },
+};
+
+static irqreturn_t tpmif_interrupt(int dummy, void *dev_id)
+{
+ struct tpm_private *priv = dev_id;
+
+ switch (priv->shr->state) {
+ case VTPM_STATE_IDLE:
+ case VTPM_STATE_FINISH:
+ wake_up_interruptible(&priv->chip->vendor.read_queue);
+ break;
+ case VTPM_STATE_SUBMIT:
+ case VTPM_STATE_CANCEL:
+ default:
+ break;
+ }
+ return IRQ_HANDLED;
+}
+
+static int setup_chip(struct device *dev, struct tpm_private *priv)
+{
+ struct tpm_chip *chip;
+
+ chip = tpm_register_hardware(dev, &tpm_vtpm);
+ if (!chip)
+ return -ENODEV;
+
+ init_waitqueue_head(&chip->vendor.read_queue);
+
+ priv->chip = chip;
+ TPM_VPRIV(chip) = priv;
+
+ return 0;
+}
+
+static int setup_ring(struct xenbus_device *dev, struct tpm_private *priv)
+{
+ struct xenbus_transaction xbt;
+ const char *message = NULL;
+ int rv;
+
+ priv->shr = (void *)__get_free_page(GFP_KERNEL|__GFP_ZERO);
+ if (!priv->shr) {
+ xenbus_dev_fatal(dev, -ENOMEM, "allocating shared ring");
+ return -ENOMEM;
+ }
+
+ rv = xenbus_grant_ring(dev, virt_to_mfn(priv->shr));
+ if (rv < 0)
+ return rv;
+
+ priv->ring_ref = rv;
+
+ rv = xenbus_alloc_evtchn(dev, &priv->evtchn);
+ if (rv)
+ return rv;
+
+ rv = bind_evtchn_to_irqhandler(priv->evtchn, tpmif_interrupt, 0,
+ "tpmif", priv);
+ if (rv <= 0) {
+ xenbus_dev_fatal(dev, rv, "allocating TPM irq");
+ return rv;
+ }
+ priv->chip->vendor.irq = rv;
+
+ again:
+ rv = xenbus_transaction_start(&xbt);
+ if (rv) {
+ xenbus_dev_fatal(dev, rv, "starting transaction");
+ return rv;
+ }
+
+ rv = xenbus_printf(xbt, dev->nodename,
+ "ring-ref", "%u", priv->ring_ref);
+ if (rv) {
+ message = "writing ring-ref";
+ goto abort_transaction;
+ }
+
+ rv = xenbus_printf(xbt, dev->nodename, "event-channel", "%u",
+ priv->evtchn);
+ if (rv) {
+ message = "writing event-channel";
+ goto abort_transaction;
+ }
+
+ rv = xenbus_printf(xbt, dev->nodename, "feature-protocol-v2", "1");
+ if (rv) {
+ message = "writing feature-protocol-v2";
+ goto abort_transaction;
+ }
+
+ rv = xenbus_transaction_end(xbt, 0);
+ if (rv == -EAGAIN)
+ goto again;
+ if (rv) {
+ xenbus_dev_fatal(dev, rv, "completing transaction");
+ return rv;
+ }
+
+ xenbus_switch_state(dev, XenbusStateInitialised);
+
+ return 0;
+
+ abort_transaction:
+ xenbus_transaction_end(xbt, 1);
+ if (message)
+ xenbus_dev_error(dev, rv, "%s", message);
+
+ return rv;
+}
+
+static void ring_free(struct tpm_private *priv)
+{
+ if (priv->ring_ref)
+ gnttab_end_foreign_access(priv->ring_ref, 0,
+ (unsigned long)priv->shr);
+
+ if (priv->chip && priv->chip->vendor.irq)
+ unbind_from_irqhandler(priv->chip->vendor.irq, priv);
+
+ free_page((unsigned long)priv->shr);
+ kfree(priv);
+}
+
+static int tpmfront_probe(struct xenbus_device *dev,
+ const struct xenbus_device_id *id)
+{
+ struct tpm_private *priv;
+ int rv;
+
+ priv = kzalloc(sizeof(*priv), GFP_KERNEL);
+ if (!priv) {
+ xenbus_dev_fatal(dev, -ENOMEM, "allocating priv structure");
+ return -ENOMEM;
+ }
+
+ rv = setup_chip(&dev->dev, priv);
+ if (rv) {
+ kfree(priv);
+ return rv;
+ }
+
+ rv = setup_ring(dev, priv);
+ if (rv) {
+ tpm_remove_hardware(&dev->dev);
+ ring_free(priv);
+ return rv;
+ }
+
+ tpm_get_timeouts(priv->chip);
+
+ dev_set_drvdata(&dev->dev, priv->chip);
+
+ return rv;
+}
+
+static int tpmfront_remove(struct xenbus_device *dev)
+{
+ struct tpm_chip *chip = dev_get_drvdata(&dev->dev);
+ struct tpm_private *priv = TPM_VPRIV(chip);
+ tpm_remove_hardware(&dev->dev);
+ ring_free(priv);
+ return 0;
+}
+
+static int tpmfront_resume(struct xenbus_device *dev)
+{
+ /* A suspend/resume/migrate will interrupt a vTPM anyway */
+ tpmfront_remove(dev);
+ return tpmfront_probe(dev, NULL);
+}
+
+static void backend_changed(struct xenbus_device *dev,
+ enum xenbus_state backend_state)
+{
+ int val;
+
+ switch (backend_state) {
+ case XenbusStateInitialised:
+ case XenbusStateConnected:
+ if (xenbus_scanf(XBT_NIL, dev->otherend,
+ "feature-protocol-v2", "%d", &val) < 0)
+ val = 0;
+ if (!val) {
+ xenbus_dev_fatal(dev, -EINVAL,
+ "vTPM protocol 2 required");
+ return;
+ }
+ xenbus_switch_state(dev, XenbusStateConnected);
+ break;
+
+ case XenbusStateClosing:
+ case XenbusStateClosed:
+ device_unregister(&dev->dev);
+ xenbus_frontend_closed(dev);
+ break;
+ default:
+ break;
+ }
+}
+
+static const struct xenbus_device_id tpmfront_ids[] = {
+ { "vtpm" },
+ { "" }
+};
+MODULE_ALIAS("xen:vtpm");
+
+static DEFINE_XENBUS_DRIVER(tpmfront, ,
+ .probe = tpmfront_probe,
+ .remove = tpmfront_remove,
+ .resume = tpmfront_resume,
+ .otherend_changed = backend_changed,
+ );
+
+static int __init xen_tpmfront_init(void)
+{
+ if (!xen_domain())
+ return -ENODEV;
+
+ return xenbus_register_frontend(&tpmfront_driver);
+}
+module_init(xen_tpmfront_init);
+
+static void __exit xen_tpmfront_exit(void)
+{
+ xenbus_unregister_driver(&tpmfront_driver);
+}
+module_exit(xen_tpmfront_exit);
+
+MODULE_LICENSE("Dual BSD/GPL");
diff --git a/include/xen/interface/io/tpmif.h b/include/xen/interface/io/tpmif.h
new file mode 100644
index 0000000..92522a4
--- /dev/null
+++ b/include/xen/interface/io/tpmif.h
@@ -0,0 +1,50 @@
+/******************************************************************************
+ * tpmif.h
+ *
+ * TPM I/O interface for Xen guest OSes, v2
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+
+#ifndef __XEN_PUBLIC_IO_TPMIF_H__
+#define __XEN_PUBLIC_IO_TPMIF_H__
+
+enum vtpm_shared_page_state {
+ VTPM_STATE_IDLE, /* no contents / vTPM idle / cancel complete */
+ VTPM_STATE_SUBMIT, /* request ready / vTPM working */
+ VTPM_STATE_FINISH, /* response ready / vTPM idle */
+ VTPM_STATE_CANCEL, /* cancel requested / vTPM working */
+};
+/* The backend should only change state to IDLE or FINISH, while the
+ * frontend should only change to SUBMIT or CANCEL. */
+
+
+struct vtpm_shared_page {
+ uint32_t length; /* request/response length in bytes */
+
+ uint8_t state; /* enum vtpm_shared_page_state */
+ uint8_t locality; /* for the current request */
+ uint8_t pad;
+
+ uint8_t nr_extra_pages; /* extra pages for long packets; may be zero */
+ uint32_t extra_pages[0]; /* grant IDs; length in nr_extra_pages */
+};
+
+#endif
--
1.8.1.4
^ permalink raw reply related [flat|nested] 25+ messages in thread* Re: [PATCH] drivers/tpm: add xen tpmfront interface (Re: [PATCH 01/12]...)
2013-03-26 16:52 ` [PATCH] drivers/tpm: add xen tpmfront interface (Re: [PATCH 01/12]...) Daniel De Graaf
@ 2013-03-26 17:16 ` Matthew Fioravante
0 siblings, 0 replies; 25+ messages in thread
From: Matthew Fioravante @ 2013-03-26 17:16 UTC (permalink / raw)
To: Daniel De Graaf
Cc: Konrad Rzeszutek Wilk, Ian.Campbell@citrix.com,
xen-devel@lists.xen.org
[-- Attachment #1.1: Type: text/plain, Size: 19966 bytes --]
Daniel, this looks great. Thank you for taking the effort to rewrite
that awful tpm driver.
The only comment I have for you which is a carry-over from my previous
feedback from konrad is to include a copy of /docs/misc/vtpm.txt as
Documentation/xen-tpmfront.txt, with a note of where to get the latest
version in xen.
I believe he also asked for a copy of the entire document in the commit
message.
Acked-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
On 03/26/2013 12:52 PM, Daniel De Graaf wrote:
> Original subject: Re: [PATCH 01/12] mini-os/tpm{back,front}: Change shared page ABI
>
> On 03/26/2013 12:29 PM, Matthew Fioravante wrote:
>> I'm going to merge your linux changes into my working linux patch with the fixes that are in response to konrad's comments. Will test with this on the mini-os end and get back to you.
>>
>> After that, we can look at the remaining patches.
> The changes that I posted to this vTPM patch still leave a lot of the
> unneeded relics from using a packet interface for vTPM commands. The patch
> below properly uses Linux's TPM interface, and is far simpler than the
> other driver (while also supporting features such as command cancellation).
> I would prefer that this driver be considered instead of my previously
> posted patch to your forward port of the 2.6.18-xen.hg driver.
>
> I have tested this patch with HVM and PV guests, interfacing with a mini-os
> vTPM using my patches. The PV guest was tested both with and without pv-grub
> loading the kernel and using the vTPM to report measurements.
>
> ---------------------8<--------------------------------------
> [PATCH] drivers/tpm: add xen tpmfront interface
>
> This is a complete rewrite of the Xen TPM frontend driver, taking
> advantage of a simplified frontend/backend interface and adding support
> for cancellation and timeouts.
>
> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> ---
> This patch is based off Linux 3.9-rc4
>
> drivers/char/tpm/Kconfig | 11 +
> drivers/char/tpm/Makefile | 1 +
> drivers/char/tpm/xen-tpmfront.c | 423 +++++++++++++++++++++++++++++++++++++++
> include/xen/interface/io/tpmif.h | 50 +++++
> 4 files changed, 485 insertions(+)
> create mode 100644 drivers/char/tpm/xen-tpmfront.c
> create mode 100644 include/xen/interface/io/tpmif.h
>
> diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
> index dbfd564..205ed35 100644
> --- a/drivers/char/tpm/Kconfig
> +++ b/drivers/char/tpm/Kconfig
> @@ -91,4 +91,15 @@ config TCG_ST33_I2C
> To compile this driver as a module, choose M here; the module will be
> called tpm_stm_st33_i2c.
>
> +config TCG_XEN
> + tristate "XEN TPM Interface"
> + depends on TCG_TPM && XEN
> + ---help---
> + If you want to make TPM support available to a Xen user domain,
> + say Yes and it will be accessible from within Linux. See
> + the manpages for xl, xl.conf, and docs/misc/vtpm.txt in
> + the Xen source repository for more details.
> + To compile this driver as a module, choose M here; the module
> + will be called xen-tpmfront.
> +
> endif # TCG_TPM
> diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
> index a3736c9..eb41ff9 100644
> --- a/drivers/char/tpm/Makefile
> +++ b/drivers/char/tpm/Makefile
> @@ -18,3 +18,4 @@ obj-$(CONFIG_TCG_ATMEL) += tpm_atmel.o
> obj-$(CONFIG_TCG_INFINEON) += tpm_infineon.o
> obj-$(CONFIG_TCG_IBMVTPM) += tpm_ibmvtpm.o
> obj-$(CONFIG_TCG_ST33_I2C) += tpm_i2c_stm_st33.o
> +obj-$(CONFIG_TCG_XEN) += xen-tpmfront.o
> diff --git a/drivers/char/tpm/xen-tpmfront.c b/drivers/char/tpm/xen-tpmfront.c
> new file mode 100644
> index 0000000..1eb8de1
> --- /dev/null
> +++ b/drivers/char/tpm/xen-tpmfront.c
> @@ -0,0 +1,423 @@
> +#include <linux/errno.h>
> +#include <linux/err.h>
> +#include <linux/interrupt.h>
> +#include <linux/mutex.h>
> +#include <linux/uaccess.h>
> +#include <xen/events.h>
> +#include <xen/interface/grant_table.h>
> +#include <xen/interface/io/tpmif.h>
> +#include <xen/grant_table.h>
> +#include <xen/xenbus.h>
> +#include <xen/page.h>
> +#include "tpm.h"
> +
> +struct tpm_private {
> + struct tpm_chip *chip;
> + struct xenbus_device *dev;
> +
> + struct vtpm_shared_page *shr;
> +
> + unsigned int evtchn;
> + int ring_ref;
> + domid_t backend_id;
> +};
> +
> +enum status_bits {
> + VTPM_STATUS_RUNNING = 0x1,
> + VTPM_STATUS_IDLE = 0x2,
> + VTPM_STATUS_RESULT = 0x4,
> + VTPM_STATUS_CANCELED = 0x8,
> +};
> +
> +static u8 vtpm_status(struct tpm_chip *chip)
> +{
> + struct tpm_private *priv = TPM_VPRIV(chip);
> + switch (priv->shr->state) {
> + case VTPM_STATE_IDLE:
> + return VTPM_STATUS_IDLE | VTPM_STATUS_CANCELED;
> + case VTPM_STATE_FINISH:
> + return VTPM_STATUS_IDLE | VTPM_STATUS_RESULT;
> + case VTPM_STATE_SUBMIT:
> + case VTPM_STATE_CANCEL: /* cancel requested, not yet canceled */
> + return VTPM_STATUS_RUNNING;
> + default:
> + return 0;
> + }
> +}
> +
> +static bool vtpm_req_canceled(struct tpm_chip *chip, u8 status)
> +{
> + return status & VTPM_STATUS_CANCELED;
> +}
> +
> +static void vtpm_cancel(struct tpm_chip *chip)
> +{
> + struct tpm_private *priv = TPM_VPRIV(chip);
> + priv->shr->state = VTPM_STATE_CANCEL;
> + notify_remote_via_evtchn(priv->evtchn);
> +}
> +
> +static int vtpm_send(struct tpm_chip *chip, u8 *buf, size_t count)
> +{
> + struct tpm_private *priv = TPM_VPRIV(chip);
> + struct vtpm_shared_page *shr = priv->shr;
> + unsigned int offset = sizeof(*shr) + 4*shr->nr_extra_pages;
> +
> + u32 ordinal;
> + unsigned long duration;
> +
> + if (count < TPM_HEADER_SIZE)
> + return -EIO;
> +
> + if (offset > PAGE_SIZE)
> + return -EIO;
> +
> + if (offset + count > PAGE_SIZE)
> + return -EIO;
> +
> + /* Wait for completion of any existing command or cancellation */
> + if (wait_for_tpm_stat(chip, VTPM_STATUS_IDLE, chip->vendor.timeout_c,
> + &chip->vendor.read_queue, true) < 0) {
> + vtpm_cancel(chip);
> + return -ETIME;
> + }
> +
> + memcpy(offset + (u8 *)shr, buf, count);
> + shr->length = count;
> + barrier();
> + shr->state = VTPM_STATE_SUBMIT;
> + notify_remote_via_evtchn(priv->evtchn);
> +
> + ordinal = be32_to_cpu(*((__be32 *) (buf + 6)));
> + duration = tpm_calc_ordinal_duration(chip, ordinal);
> +
> + if (wait_for_tpm_stat(chip, VTPM_STATUS_IDLE, duration,
> + &chip->vendor.read_queue, true) < 0) {
> + /* got a signal or timeout, try to cancel */
> + vtpm_cancel(chip);
> + return -ETIME;
> + }
> +
> + return count;
> +}
> +
> +static int vtpm_recv(struct tpm_chip *chip, u8 *buf, size_t count)
> +{
> + struct tpm_private *priv = TPM_VPRIV(chip);
> + struct vtpm_shared_page *shr = priv->shr;
> + unsigned int offset = sizeof(*shr) + 4*shr->nr_extra_pages;
> + size_t length = shr->length;
> +
> + if (shr->state == VTPM_STATE_IDLE)
> + return -ECANCELED;
> +
> + /* In theory the wait at the end of _send makes this one unnecessary */
> + if (wait_for_tpm_stat(chip, VTPM_STATUS_RESULT, chip->vendor.timeout_c,
> + &chip->vendor.read_queue, true) < 0) {
> + vtpm_cancel(chip);
> + return -ETIME;
> + }
> +
> + if (offset > PAGE_SIZE)
> + return -EIO;
> +
> + if (offset + length > PAGE_SIZE)
> + length = PAGE_SIZE - offset;
> +
> + if (length > count)
> + length = count;
> +
> + memcpy(buf, offset + (u8 *)shr, count);
> +
> + return length;
> +}
> +
> +static const struct file_operations vtpm_ops = {
> + .owner = THIS_MODULE,
> + .llseek = no_llseek,
> + .open = tpm_open,
> + .read = tpm_read,
> + .write = tpm_write,
> + .release = tpm_release,
> +};
> +
> +static DEVICE_ATTR(pubek, S_IRUGO, tpm_show_pubek, NULL);
> +static DEVICE_ATTR(pcrs, S_IRUGO, tpm_show_pcrs, NULL);
> +static DEVICE_ATTR(enabled, S_IRUGO, tpm_show_enabled, NULL);
> +static DEVICE_ATTR(active, S_IRUGO, tpm_show_active, NULL);
> +static DEVICE_ATTR(owned, S_IRUGO, tpm_show_owned, NULL);
> +static DEVICE_ATTR(temp_deactivated, S_IRUGO, tpm_show_temp_deactivated,
> + NULL);
> +static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps, NULL);
> +static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel);
> +static DEVICE_ATTR(durations, S_IRUGO, tpm_show_durations, NULL);
> +static DEVICE_ATTR(timeouts, S_IRUGO, tpm_show_timeouts, NULL);
> +
> +static struct attribute *vtpm_attrs[] = {
> + &dev_attr_pubek.attr,
> + &dev_attr_pcrs.attr,
> + &dev_attr_enabled.attr,
> + &dev_attr_active.attr,
> + &dev_attr_owned.attr,
> + &dev_attr_temp_deactivated.attr,
> + &dev_attr_caps.attr,
> + &dev_attr_cancel.attr,
> + &dev_attr_durations.attr,
> + &dev_attr_timeouts.attr,
> + NULL,
> +};
> +
> +static struct attribute_group vtpm_attr_grp = {
> + .attrs = vtpm_attrs
> +};
> +
> +#define TPM_LONG_TIMEOUT (10 * 60 * HZ)
> +
> +static const struct tpm_vendor_specific tpm_vtpm = {
> + .status = vtpm_status,
> + .recv = vtpm_recv,
> + .send = vtpm_send,
> + .cancel = vtpm_cancel,
> + .req_complete_mask = VTPM_STATUS_IDLE | VTPM_STATUS_RESULT,
> + .req_complete_val = VTPM_STATUS_IDLE | VTPM_STATUS_RESULT,
> + .req_canceled = vtpm_req_canceled,
> + .attr_group = &vtpm_attr_grp,
> + .miscdev = {
> + .fops = &vtpm_ops,
> + },
> + .duration = {
> + TPM_LONG_TIMEOUT,
> + TPM_LONG_TIMEOUT,
> + TPM_LONG_TIMEOUT,
> + },
> +};
> +
> +static irqreturn_t tpmif_interrupt(int dummy, void *dev_id)
> +{
> + struct tpm_private *priv = dev_id;
> +
> + switch (priv->shr->state) {
> + case VTPM_STATE_IDLE:
> + case VTPM_STATE_FINISH:
> + wake_up_interruptible(&priv->chip->vendor.read_queue);
> + break;
> + case VTPM_STATE_SUBMIT:
> + case VTPM_STATE_CANCEL:
> + default:
> + break;
> + }
> + return IRQ_HANDLED;
> +}
> +
> +static int setup_chip(struct device *dev, struct tpm_private *priv)
> +{
> + struct tpm_chip *chip;
> +
> + chip = tpm_register_hardware(dev, &tpm_vtpm);
> + if (!chip)
> + return -ENODEV;
> +
> + init_waitqueue_head(&chip->vendor.read_queue);
> +
> + priv->chip = chip;
> + TPM_VPRIV(chip) = priv;
> +
> + return 0;
> +}
> +
> +static int setup_ring(struct xenbus_device *dev, struct tpm_private *priv)
> +{
> + struct xenbus_transaction xbt;
> + const char *message = NULL;
> + int rv;
> +
> + priv->shr = (void *)__get_free_page(GFP_KERNEL|__GFP_ZERO);
> + if (!priv->shr) {
> + xenbus_dev_fatal(dev, -ENOMEM, "allocating shared ring");
> + return -ENOMEM;
> + }
> +
> + rv = xenbus_grant_ring(dev, virt_to_mfn(priv->shr));
> + if (rv < 0)
> + return rv;
> +
> + priv->ring_ref = rv;
> +
> + rv = xenbus_alloc_evtchn(dev, &priv->evtchn);
> + if (rv)
> + return rv;
> +
> + rv = bind_evtchn_to_irqhandler(priv->evtchn, tpmif_interrupt, 0,
> + "tpmif", priv);
> + if (rv <= 0) {
> + xenbus_dev_fatal(dev, rv, "allocating TPM irq");
> + return rv;
> + }
> + priv->chip->vendor.irq = rv;
> +
> + again:
> + rv = xenbus_transaction_start(&xbt);
> + if (rv) {
> + xenbus_dev_fatal(dev, rv, "starting transaction");
> + return rv;
> + }
> +
> + rv = xenbus_printf(xbt, dev->nodename,
> + "ring-ref", "%u", priv->ring_ref);
> + if (rv) {
> + message = "writing ring-ref";
> + goto abort_transaction;
> + }
> +
> + rv = xenbus_printf(xbt, dev->nodename, "event-channel", "%u",
> + priv->evtchn);
> + if (rv) {
> + message = "writing event-channel";
> + goto abort_transaction;
> + }
> +
> + rv = xenbus_printf(xbt, dev->nodename, "feature-protocol-v2", "1");
> + if (rv) {
> + message = "writing feature-protocol-v2";
> + goto abort_transaction;
> + }
> +
> + rv = xenbus_transaction_end(xbt, 0);
> + if (rv == -EAGAIN)
> + goto again;
> + if (rv) {
> + xenbus_dev_fatal(dev, rv, "completing transaction");
> + return rv;
> + }
> +
> + xenbus_switch_state(dev, XenbusStateInitialised);
> +
> + return 0;
> +
> + abort_transaction:
> + xenbus_transaction_end(xbt, 1);
> + if (message)
> + xenbus_dev_error(dev, rv, "%s", message);
> +
> + return rv;
> +}
> +
> +static void ring_free(struct tpm_private *priv)
> +{
> + if (priv->ring_ref)
> + gnttab_end_foreign_access(priv->ring_ref, 0,
> + (unsigned long)priv->shr);
> +
> + if (priv->chip && priv->chip->vendor.irq)
> + unbind_from_irqhandler(priv->chip->vendor.irq, priv);
> +
> + free_page((unsigned long)priv->shr);
> + kfree(priv);
> +}
> +
> +static int tpmfront_probe(struct xenbus_device *dev,
> + const struct xenbus_device_id *id)
> +{
> + struct tpm_private *priv;
> + int rv;
> +
> + priv = kzalloc(sizeof(*priv), GFP_KERNEL);
> + if (!priv) {
> + xenbus_dev_fatal(dev, -ENOMEM, "allocating priv structure");
> + return -ENOMEM;
> + }
> +
> + rv = setup_chip(&dev->dev, priv);
> + if (rv) {
> + kfree(priv);
> + return rv;
> + }
> +
> + rv = setup_ring(dev, priv);
> + if (rv) {
> + tpm_remove_hardware(&dev->dev);
> + ring_free(priv);
> + return rv;
> + }
> +
> + tpm_get_timeouts(priv->chip);
> +
> + dev_set_drvdata(&dev->dev, priv->chip);
> +
> + return rv;
> +}
> +
> +static int tpmfront_remove(struct xenbus_device *dev)
> +{
> + struct tpm_chip *chip = dev_get_drvdata(&dev->dev);
> + struct tpm_private *priv = TPM_VPRIV(chip);
> + tpm_remove_hardware(&dev->dev);
> + ring_free(priv);
> + return 0;
> +}
> +
> +static int tpmfront_resume(struct xenbus_device *dev)
> +{
> + /* A suspend/resume/migrate will interrupt a vTPM anyway */
> + tpmfront_remove(dev);
> + return tpmfront_probe(dev, NULL);
> +}
> +
> +static void backend_changed(struct xenbus_device *dev,
> + enum xenbus_state backend_state)
> +{
> + int val;
> +
> + switch (backend_state) {
> + case XenbusStateInitialised:
> + case XenbusStateConnected:
> + if (xenbus_scanf(XBT_NIL, dev->otherend,
> + "feature-protocol-v2", "%d", &val) < 0)
> + val = 0;
> + if (!val) {
> + xenbus_dev_fatal(dev, -EINVAL,
> + "vTPM protocol 2 required");
> + return;
> + }
> + xenbus_switch_state(dev, XenbusStateConnected);
> + break;
> +
> + case XenbusStateClosing:
> + case XenbusStateClosed:
> + device_unregister(&dev->dev);
> + xenbus_frontend_closed(dev);
> + break;
> + default:
> + break;
> + }
> +}
> +
> +static const struct xenbus_device_id tpmfront_ids[] = {
> + { "vtpm" },
> + { "" }
> +};
> +MODULE_ALIAS("xen:vtpm");
> +
> +static DEFINE_XENBUS_DRIVER(tpmfront, ,
> + .probe = tpmfront_probe,
> + .remove = tpmfront_remove,
> + .resume = tpmfront_resume,
> + .otherend_changed = backend_changed,
> + );
> +
> +static int __init xen_tpmfront_init(void)
> +{
> + if (!xen_domain())
> + return -ENODEV;
> +
> + return xenbus_register_frontend(&tpmfront_driver);
> +}
> +module_init(xen_tpmfront_init);
> +
> +static void __exit xen_tpmfront_exit(void)
> +{
> + xenbus_unregister_driver(&tpmfront_driver);
> +}
> +module_exit(xen_tpmfront_exit);
> +
> +MODULE_LICENSE("Dual BSD/GPL");
> diff --git a/include/xen/interface/io/tpmif.h b/include/xen/interface/io/tpmif.h
> new file mode 100644
> index 0000000..92522a4
> --- /dev/null
> +++ b/include/xen/interface/io/tpmif.h
> @@ -0,0 +1,50 @@
> +/******************************************************************************
> + * tpmif.h
> + *
> + * TPM I/O interface for Xen guest OSes, v2
> + *
> + * Permission is hereby granted, free of charge, to any person obtaining a copy
> + * of this software and associated documentation files (the "Software"), to
> + * deal in the Software without restriction, including without limitation the
> + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
> + * sell copies of the Software, and to permit persons to whom the Software is
> + * furnished to do so, subject to the following conditions:
> + *
> + * The above copyright notice and this permission notice shall be included in
> + * all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
> + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
> + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
> + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
> + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
> + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
> + * DEALINGS IN THE SOFTWARE.
> + *
> + */
> +
> +#ifndef __XEN_PUBLIC_IO_TPMIF_H__
> +#define __XEN_PUBLIC_IO_TPMIF_H__
> +
> +enum vtpm_shared_page_state {
> + VTPM_STATE_IDLE, /* no contents / vTPM idle / cancel complete */
> + VTPM_STATE_SUBMIT, /* request ready / vTPM working */
> + VTPM_STATE_FINISH, /* response ready / vTPM idle */
> + VTPM_STATE_CANCEL, /* cancel requested / vTPM working */
> +};
> +/* The backend should only change state to IDLE or FINISH, while the
> + * frontend should only change to SUBMIT or CANCEL. */
> +
> +
> +struct vtpm_shared_page {
> + uint32_t length; /* request/response length in bytes */
> +
> + uint8_t state; /* enum vtpm_shared_page_state */
> + uint8_t locality; /* for the current request */
> + uint8_t pad;
> +
> + uint8_t nr_extra_pages; /* extra pages for long packets; may be zero */
> + uint32_t extra_pages[0]; /* grant IDs; length in nr_extra_pages */
> +};
> +
> +#endif
> --
> 1.8.1.4
>
[-- Attachment #1.2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 1459 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 25+ messages in thread
* [PATCH 02/12] mini-os/tpm{back, front}: Allow device repoens
2013-03-21 20:11 [PATCH v5 00/12] vTPM updates for 4.3 Daniel De Graaf
2013-03-21 20:11 ` [PATCH 01/12] mini-os/tpm{back, front}: Change shared page ABI Daniel De Graaf
@ 2013-03-21 20:11 ` Daniel De Graaf
2013-03-21 20:11 ` [PATCH 03/12] mini-os/tpmback: set up callbacks before enumeration Daniel De Graaf
` (11 subsequent siblings)
13 siblings, 0 replies; 25+ messages in thread
From: Daniel De Graaf @ 2013-03-21 20:11 UTC (permalink / raw)
To: Matthew.Fioravante; +Cc: dgdegra, Ian.Campbell, xen-devel
Allow the vtpm device to be disconnected and reconnected so that a
bootloader (like pv-grub) can submit measurements and return the vtpm
device to its initial state before booting the target kernel.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
| 23 ++++++++++++++++++++++-
| 14 ++++++++++++--
2 files changed, 34 insertions(+), 3 deletions(-)
--git a/extras/mini-os/tpmback.c b/extras/mini-os/tpmback.c
index 1398b37..8d8656d 100644
--- a/extras/mini-os/tpmback.c
+++ b/extras/mini-os/tpmback.c
@@ -644,6 +644,24 @@ error_post_map:
return -1;
}
+static void disconnect_fe(tpmif_t* tpmif)
+{
+ if (tpmif->status == CONNECTED) {
+ tpmif->status = DISCONNECTING;
+ mask_evtchn(tpmif->evtchn);
+
+ if(gntmap_munmap(>pmdev.map, (unsigned long)tpmif->page, 1)) {
+ TPMBACK_ERR("%u/%u Error occured while trying to unmap shared page\n", (unsigned int) tpmif->domid, tpmif->handle);
+ }
+
+ unbind_evtchn(tpmif->evtchn);
+ }
+ tpmif->status = DISCONNECTED;
+ tpmif_change_state(tpmif, XenbusStateInitWait);
+
+ TPMBACK_LOG("Frontend %u/%u disconnected\n", (unsigned int) tpmif->domid, tpmif->handle);
+}
+
static int frontend_changed(tpmif_t* tpmif)
{
int state = xenbus_read_integer(tpmif->fe_state_path);
@@ -670,8 +688,11 @@ static int frontend_changed(tpmif_t* tpmif)
tpmif_change_state(tpmif, XenbusStateClosing);
break;
- case XenbusStateUnknown: /* keep it here */
case XenbusStateClosed:
+ disconnect_fe(tpmif);
+ break;
+
+ case XenbusStateUnknown: /* keep it here */
free_tpmif(tpmif);
break;
--git a/extras/mini-os/tpmfront.c b/extras/mini-os/tpmfront.c
index a15b5cf..29f6228 100644
--- a/extras/mini-os/tpmfront.c
+++ b/extras/mini-os/tpmfront.c
@@ -156,6 +156,9 @@ static int wait_for_backend_closed(xenbus_event_queue* events, char* path)
case XenbusStateClosed:
TPMFRONT_LOG("Backend Closed\n");
return 0;
+ case XenbusStateInitWait:
+ TPMFRONT_LOG("Backend Closed (waiting for reconnect)\n");
+ return 0;
default:
xenbus_wait_for_watch(events);
}
@@ -339,10 +342,10 @@ void shutdown_tpmfront(struct tpmfront_dev* dev)
TPMFRONT_LOG("Shutting down tpmfront\n");
/* disconnect */
if(dev->state == XenbusStateConnected) {
- dev->state = XenbusStateClosing;
- //FIXME: Transaction for this?
/* Tell backend we are closing */
+ dev->state = XenbusStateClosing;
if((err = xenbus_printf(XBT_NIL, dev->nodename, "state", "%u", (unsigned int) dev->state))) {
+ TPMFRONT_ERR("Unable to write to %s, error was %s", dev->nodename, err);
free(err);
}
@@ -366,6 +369,13 @@ void shutdown_tpmfront(struct tpmfront_dev* dev)
/* Wait for the backend to close and unmap shared pages, ignore any errors */
wait_for_backend_state_changed(dev, XenbusStateClosed);
+ /* Prepare for a later reopen (possibly by a kexec'd kernel) */
+ dev->state = XenbusStateInitialising;
+ if((err = xenbus_printf(XBT_NIL, dev->nodename, "state", "%u", (unsigned int) dev->state))) {
+ TPMFRONT_ERR("Unable to write to %s, error was %s", dev->nodename, err);
+ free(err);
+ }
+
/* Close event channel and unmap shared page */
mask_evtchn(dev->evtchn);
unbind_evtchn(dev->evtchn);
--
1.8.1.4
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 03/12] mini-os/tpmback: set up callbacks before enumeration
2013-03-21 20:11 [PATCH v5 00/12] vTPM updates for 4.3 Daniel De Graaf
2013-03-21 20:11 ` [PATCH 01/12] mini-os/tpm{back, front}: Change shared page ABI Daniel De Graaf
2013-03-21 20:11 ` [PATCH 02/12] mini-os/tpm{back, front}: Allow device repoens Daniel De Graaf
@ 2013-03-21 20:11 ` Daniel De Graaf
2013-03-21 20:11 ` [PATCH 04/12] mini-os/tpmback: Replace UUID field with opaque pointer Daniel De Graaf
` (10 subsequent siblings)
13 siblings, 0 replies; 25+ messages in thread
From: Daniel De Graaf @ 2013-03-21 20:11 UTC (permalink / raw)
To: Matthew.Fioravante; +Cc: dgdegra, Ian.Campbell, xen-devel
The open/close callbacks in tpmback cannot be properly initalized in
order to catch the initial enumeration events because init_tpmback
clears the callbacks and then asynchronously starts the enumeration of
existing tpmback devices. Fix this by passing the callbacks to
init_tpmback so they can be installed before enumeration.
This also removes the unused callbacks for suspend and resume.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
| 12 +-----------
| 31 +++----------------------------
stubdom/vtpm/vtpm.c | 2 +-
stubdom/vtpmmgr/init.c | 2 +-
4 files changed, 6 insertions(+), 41 deletions(-)
--git a/extras/mini-os/include/tpmback.h b/extras/mini-os/include/tpmback.h
index ec9eda4..3c11c34 100644
--- a/extras/mini-os/include/tpmback.h
+++ b/extras/mini-os/include/tpmback.h
@@ -56,7 +56,7 @@ struct tpmcmd {
typedef struct tpmcmd tpmcmd_t;
/* Initialize the tpm backend driver */
-void init_tpmback(void);
+void init_tpmback(void (*open_cb)(domid_t, unsigned int), void (*close_cb)(domid_t, unsigned int));
/* Shutdown tpm backend driver */
void shutdown_tpmback(void);
@@ -94,14 +94,4 @@ int tpmback_num_frontends(void);
* The return value is internally allocated, so don't free it */
unsigned char* tpmback_get_uuid(domid_t domid, unsigned int handle);
-/* Specify a function to call when a new tpm device connects */
-void tpmback_set_open_callback(void (*cb)(domid_t, unsigned int));
-
-/* Specify a function to call when a tpm device disconnects */
-void tpmback_set_close_callback(void (*cb)(domid_t, unsigned int));
-
-//Not Implemented
-void tpmback_set_suspend_callback(void (*cb)(domid_t, unsigned int));
-void tpmback_set_resume_callback(void (*cb)(domid_t, unsigned int));
-
#endif
--git a/extras/mini-os/tpmback.c b/extras/mini-os/tpmback.c
index 8d8656d..ee2af7a 100644
--- a/extras/mini-os/tpmback.c
+++ b/extras/mini-os/tpmback.c
@@ -114,8 +114,6 @@ struct tpmback_dev {
/* Callbacks */
void (*open_callback)(domid_t, unsigned int);
void (*close_callback)(domid_t, unsigned int);
- void (*suspend_callback)(domid_t, unsigned int);
- void (*resume_callback)(domid_t, unsigned int);
};
typedef struct tpmback_dev tpmback_dev_t;
@@ -131,8 +129,6 @@ static tpmback_dev_t gtpmdev = {
.events = NULL,
.open_callback = NULL,
.close_callback = NULL,
- .suspend_callback = NULL,
- .resume_callback = NULL,
};
struct wait_queue_head waitq;
int globalinit = 0;
@@ -808,23 +804,6 @@ unsigned char* tpmback_get_uuid(domid_t domid, unsigned int handle)
return tpmif->uuid;
}
-void tpmback_set_open_callback(void (*cb)(domid_t, unsigned int))
-{
- gtpmdev.open_callback = cb;
-}
-void tpmback_set_close_callback(void (*cb)(domid_t, unsigned int))
-{
- gtpmdev.close_callback = cb;
-}
-void tpmback_set_suspend_callback(void (*cb)(domid_t, unsigned int))
-{
- gtpmdev.suspend_callback = cb;
-}
-void tpmback_set_resume_callback(void (*cb)(domid_t, unsigned int))
-{
- gtpmdev.resume_callback = cb;
-}
-
static void event_listener(void)
{
const char* bepath = "backend/vtpm";
@@ -871,7 +850,7 @@ void event_thread(void* p) {
event_listener();
}
-void init_tpmback(void)
+void init_tpmback(void (*open_cb)(domid_t, unsigned int), void (*close_cb)(domid_t, unsigned int))
{
if(!globalinit) {
init_waitqueue_head(&waitq);
@@ -883,8 +862,8 @@ void init_tpmback(void)
gtpmdev.num_tpms = 0;
gtpmdev.flags = 0;
- gtpmdev.open_callback = gtpmdev.close_callback = NULL;
- gtpmdev.suspend_callback = gtpmdev.resume_callback = NULL;
+ gtpmdev.open_callback = open_cb;
+ gtpmdev.close_callback = close_cb;
eventthread = create_thread("tpmback-listener", event_thread, NULL);
@@ -892,10 +871,6 @@ void init_tpmback(void)
void shutdown_tpmback(void)
{
- /* Disable callbacks */
- gtpmdev.open_callback = gtpmdev.close_callback = NULL;
- gtpmdev.suspend_callback = gtpmdev.resume_callback = NULL;
-
TPMBACK_LOG("Shutting down tpm backend\n");
/* Set the quit flag */
gtpmdev.flags = TPMIF_CLOSED;
diff --git a/stubdom/vtpm/vtpm.c b/stubdom/vtpm/vtpm.c
index 71aef78..3362ea8 100644
--- a/stubdom/vtpm/vtpm.c
+++ b/stubdom/vtpm/vtpm.c
@@ -367,7 +367,7 @@ int main(int argc, char **argv)
}
/* Initialize devices */
- init_tpmback();
+ init_tpmback(NULL, NULL);
if((tpmfront_dev = init_tpmfront(NULL)) == NULL) {
error("Unable to initialize tpmfront device");
goto abort_posttpmfront;
diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c
index a158020..00dd9f3 100644
--- a/stubdom/vtpmmgr/init.c
+++ b/stubdom/vtpmmgr/init.c
@@ -462,7 +462,7 @@ TPM_RESULT vtpmmgr_init(int argc, char** argv) {
}
//Setup tpmback device
- init_tpmback();
+ init_tpmback(NULL, NULL);
//Setup tpm access
switch(opts.tpmdriver) {
--
1.8.1.4
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 04/12] mini-os/tpmback: Replace UUID field with opaque pointer
2013-03-21 20:11 [PATCH v5 00/12] vTPM updates for 4.3 Daniel De Graaf
` (2 preceding siblings ...)
2013-03-21 20:11 ` [PATCH 03/12] mini-os/tpmback: set up callbacks before enumeration Daniel De Graaf
@ 2013-03-21 20:11 ` Daniel De Graaf
2013-03-21 20:11 ` [PATCH 05/12] mini-os/tpmback: add tpmback_get_peercontext Daniel De Graaf
` (9 subsequent siblings)
13 siblings, 0 replies; 25+ messages in thread
From: Daniel De Graaf @ 2013-03-21 20:11 UTC (permalink / raw)
To: Matthew.Fioravante; +Cc: dgdegra, Ian.Campbell, xen-devel
Instead of only recording the UUID field, which may not be of interest
to all tpmback implementations, provide a user-settable opaque pointer
associated with the tpmback instance.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
| 9 +++++++--
| 31 ++++++++++++++++++++++++++++---
stubdom/vtpmmgr/init.c | 8 +++++++-
stubdom/vtpmmgr/vtpmmgr.c | 2 +-
4 files changed, 43 insertions(+), 7 deletions(-)
--git a/extras/mini-os/include/tpmback.h b/extras/mini-os/include/tpmback.h
index 3c11c34..a6cbbf1 100644
--- a/extras/mini-os/include/tpmback.h
+++ b/extras/mini-os/include/tpmback.h
@@ -45,10 +45,10 @@ struct tpmcmd {
domid_t domid; /* Domid of the frontend */
uint8_t locality; /* Locality requested by the frontend */
unsigned int handle; /* Handle of the frontend */
- unsigned char uuid[16]; /* uuid of the tpm interface */
+ void *opaque; /* Opaque pointer taken from the tpmback instance */
- unsigned int req_len; /* Size of the command in buf - set by tpmback driver */
uint8_t* req; /* tpm command bits, allocated by driver, DON'T FREE IT */
+ unsigned int req_len; /* Size of the command in buf - set by tpmback driver */
unsigned int resp_len; /* Size of the outgoing command,
you set this before passing the cmd object to tpmback_resp */
uint8_t* resp; /* Buffer for response - YOU MUST ALLOCATE IT, YOU MUST ALSO FREE IT */
@@ -94,4 +94,9 @@ int tpmback_num_frontends(void);
* The return value is internally allocated, so don't free it */
unsigned char* tpmback_get_uuid(domid_t domid, unsigned int handle);
+/* Get and set the opaque pointer for a tpmback instance */
+void* tpmback_get_opaque(domid_t domid, unsigned int handle);
+/* Returns zero if successful, nonzero on failure (no such frontend) */
+int tpmback_set_opaque(domid_t domid, unsigned int handle, void* opaque);
+
#endif
--git a/extras/mini-os/tpmback.c b/extras/mini-os/tpmback.c
index ee2af7a..a3ee1d0 100644
--- a/extras/mini-os/tpmback.c
+++ b/extras/mini-os/tpmback.c
@@ -92,6 +92,7 @@ struct tpmif {
enum { DISCONNECTED, DISCONNECTING, CONNECTED } status;
unsigned char uuid[16];
+ void* opaque;
/* state flags */
int flags;
@@ -391,6 +392,7 @@ inline tpmif_t* __init_tpmif(domid_t domid, unsigned int handle)
tpmif->status = DISCONNECTED;
tpmif->page = NULL;
tpmif->flags = 0;
+ tpmif->opaque = NULL;
memset(tpmif->uuid, 0, sizeof(tpmif->uuid));
return tpmif;
}
@@ -793,6 +795,29 @@ static void generate_backend_events(const char* path)
return;
}
+void* tpmback_get_opaque(domid_t domid, unsigned int handle)
+{
+ tpmif_t* tpmif;
+ if((tpmif = get_tpmif(domid, handle)) == NULL) {
+ TPMBACK_DEBUG("get_opaque() failed, %u/%u is an invalid frontend\n", (unsigned int) domid, handle);
+ return NULL;
+ }
+
+ return tpmif->opaque;
+}
+
+int tpmback_set_opaque(domid_t domid, unsigned int handle, void *opaque)
+{
+ tpmif_t* tpmif;
+ if((tpmif = get_tpmif(domid, handle)) == NULL) {
+ TPMBACK_DEBUG("set_opaque() failed, %u/%u is an invalid frontend\n", (unsigned int) domid, handle);
+ return -1;
+ }
+
+ tpmif->opaque = opaque;
+ return 0;
+}
+
unsigned char* tpmback_get_uuid(domid_t domid, unsigned int handle)
{
tpmif_t* tpmif;
@@ -889,12 +914,12 @@ void shutdown_tpmback(void)
schedule();
}
-inline void init_tpmcmd(tpmcmd_t* tpmcmd, domid_t domid, unsigned int handle, unsigned char uuid[16])
+static void init_tpmcmd(tpmcmd_t* tpmcmd, domid_t domid, unsigned int handle, void *opaque)
{
tpmcmd->domid = domid;
tpmcmd->locality = -1;
tpmcmd->handle = handle;
- memcpy(tpmcmd->uuid, uuid, sizeof(tpmcmd->uuid));
+ tpmcmd->opaque = opaque;
tpmcmd->req = NULL;
tpmcmd->req_len = 0;
tpmcmd->resp = NULL;
@@ -916,7 +941,7 @@ tpmcmd_t* get_request(tpmif_t* tpmif) {
if((cmd = malloc(sizeof(*cmd))) == NULL) {
goto error;
}
- init_tpmcmd(cmd, tpmif->domid, tpmif->handle, tpmif->uuid);
+ init_tpmcmd(cmd, tpmif->domid, tpmif->handle, tpmif->opaque);
shr = tpmif->page;
cmd->req_len = shr->length;
diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c
index 00dd9f3..33ac152 100644
--- a/stubdom/vtpmmgr/init.c
+++ b/stubdom/vtpmmgr/init.c
@@ -436,6 +436,12 @@ egress:
return status;
}
+/* Set up the opaque field to contain a pointer to the UUID */
+static void set_opaque_to_uuid(domid_t domid, unsigned int handle)
+{
+ tpmback_set_opaque(domid, handle, tpmback_get_uuid(domid, handle));
+}
+
TPM_RESULT vtpmmgr_init(int argc, char** argv) {
TPM_RESULT status = TPM_SUCCESS;
@@ -462,7 +468,7 @@ TPM_RESULT vtpmmgr_init(int argc, char** argv) {
}
//Setup tpmback device
- init_tpmback(NULL, NULL);
+ init_tpmback(set_opaque_to_uuid, NULL);
//Setup tpm access
switch(opts.tpmdriver) {
diff --git a/stubdom/vtpmmgr/vtpmmgr.c b/stubdom/vtpmmgr/vtpmmgr.c
index 563f4e8..270ca8a 100644
--- a/stubdom/vtpmmgr/vtpmmgr.c
+++ b/stubdom/vtpmmgr/vtpmmgr.c
@@ -61,7 +61,7 @@ void main_loop(void) {
tpmcmd->resp = respbuf;
/* Process the command */
- vtpmmgr_handle_cmd(tpmcmd->uuid, tpmcmd);
+ vtpmmgr_handle_cmd(tpmcmd->opaque, tpmcmd);
/* Send response */
tpmback_resp(tpmcmd);
--
1.8.1.4
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 05/12] mini-os/tpmback: add tpmback_get_peercontext
2013-03-21 20:11 [PATCH v5 00/12] vTPM updates for 4.3 Daniel De Graaf
` (3 preceding siblings ...)
2013-03-21 20:11 ` [PATCH 04/12] mini-os/tpmback: Replace UUID field with opaque pointer Daniel De Graaf
@ 2013-03-21 20:11 ` Daniel De Graaf
2013-03-21 20:11 ` [PATCH 06/12] stubdom/vtpm: correct the buffer size returned by TPM_CAP_PROP_INPUT_BUFFER Daniel De Graaf
` (8 subsequent siblings)
13 siblings, 0 replies; 25+ messages in thread
From: Daniel De Graaf @ 2013-03-21 20:11 UTC (permalink / raw)
To: Matthew.Fioravante; +Cc: dgdegra, Ian.Campbell, xen-devel
This allows the XSM label of the TPM's client domain to be retrieved.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
---
| 22 ++++++++++++++++++++++
| 1 +
| 2 ++
| 11 +++++++++++
4 files changed, 36 insertions(+)
--git a/extras/mini-os/events.c b/extras/mini-os/events.c
index 896c365..036b84b 100644
--- a/extras/mini-os/events.c
+++ b/extras/mini-os/events.c
@@ -21,6 +21,7 @@
#include <mini-os/hypervisor.h>
#include <mini-os/events.h>
#include <mini-os/lib.h>
+#include <xen/xsm/flask_op.h>
#define NR_EVS 1024
@@ -258,6 +259,27 @@ int evtchn_bind_interdomain(domid_t pal, evtchn_port_t remote_port,
return rc;
}
+int evtchn_get_peercontext(evtchn_port_t local_port, char *ctx, int size)
+{
+ int rc;
+ uint32_t sid;
+ struct xen_flask_op op;
+ op.cmd = FLASK_GET_PEER_SID;
+ op.interface_version = XEN_FLASK_INTERFACE_VERSION;
+ op.u.peersid.evtchn = local_port;
+ rc = _hypercall1(int, xsm_op, &op);
+ if (rc)
+ return rc;
+ sid = op.u.peersid.sid;
+ op.cmd = FLASK_SID_TO_CONTEXT;
+ op.u.sid_context.sid = sid;
+ op.u.sid_context.size = size;
+ set_xen_guest_handle(op.u.sid_context.context, ctx);
+ rc = _hypercall1(int, xsm_op, &op);
+ return rc;
+}
+
+
/*
* Local variables:
* mode: C
--git a/extras/mini-os/include/events.h b/extras/mini-os/include/events.h
index 912e4cf..0e9d3a7 100644
--- a/extras/mini-os/include/events.h
+++ b/extras/mini-os/include/events.h
@@ -37,6 +37,7 @@ int evtchn_alloc_unbound(domid_t pal, evtchn_handler_t handler,
int evtchn_bind_interdomain(domid_t pal, evtchn_port_t remote_port,
evtchn_handler_t handler, void *data,
evtchn_port_t *local_port);
+int evtchn_get_peercontext(evtchn_port_t local_port, char *ctx, int size);
void unbind_all_ports(void);
static inline int notify_remote_via_evtchn(evtchn_port_t port)
--git a/extras/mini-os/include/tpmback.h b/extras/mini-os/include/tpmback.h
index a6cbbf1..4408986 100644
--- a/extras/mini-os/include/tpmback.h
+++ b/extras/mini-os/include/tpmback.h
@@ -99,4 +99,6 @@ void* tpmback_get_opaque(domid_t domid, unsigned int handle);
/* Returns zero if successful, nonzero on failure (no such frontend) */
int tpmback_set_opaque(domid_t domid, unsigned int handle, void* opaque);
+/* Get the XSM context of the given domain (using the tpmback event channel) */
+int tpmback_get_peercontext(domid_t domid, unsigned int handle, void* buffer, int buflen);
#endif
--git a/extras/mini-os/tpmback.c b/extras/mini-os/tpmback.c
index a3ee1d0..7577cf8 100644
--- a/extras/mini-os/tpmback.c
+++ b/extras/mini-os/tpmback.c
@@ -829,6 +829,17 @@ unsigned char* tpmback_get_uuid(domid_t domid, unsigned int handle)
return tpmif->uuid;
}
+int tpmback_get_peercontext(domid_t domid, unsigned int handle, void* buffer, int buflen)
+{
+ tpmif_t* tpmif;
+ if((tpmif = get_tpmif(domid, handle)) == NULL) {
+ TPMBACK_DEBUG("get_uuid() failed, %u/%u is an invalid frontend\n", (unsigned int) domid, handle);
+ return -1;
+ }
+
+ return evtchn_get_peercontext(tpmif->evtchn, buffer, buflen);
+}
+
static void event_listener(void)
{
const char* bepath = "backend/vtpm";
--
1.8.1.4
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 06/12] stubdom/vtpm: correct the buffer size returned by TPM_CAP_PROP_INPUT_BUFFER
2013-03-21 20:11 [PATCH v5 00/12] vTPM updates for 4.3 Daniel De Graaf
` (4 preceding siblings ...)
2013-03-21 20:11 ` [PATCH 05/12] mini-os/tpmback: add tpmback_get_peercontext Daniel De Graaf
@ 2013-03-21 20:11 ` Daniel De Graaf
2013-03-21 20:11 ` [PATCH 07/12] stubdom/vtpm: Support locality field Daniel De Graaf
` (7 subsequent siblings)
13 siblings, 0 replies; 25+ messages in thread
From: Daniel De Graaf @ 2013-03-21 20:11 UTC (permalink / raw)
To: Matthew.Fioravante; +Cc: dgdegra, Ian.Campbell, xen-devel
The vtpm2 ABI supports packets of up to 4088 bytes by default; expose
this property though the TPM's interface so clients do not attempt to
send larger packets.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
stubdom/Makefile | 1 +
stubdom/vtpm-bufsize.patch | 13 +++++++++++++
2 files changed, 14 insertions(+)
create mode 100644 stubdom/vtpm-bufsize.patch
diff --git a/stubdom/Makefile b/stubdom/Makefile
index ddb97f4..2e52eea 100644
--- a/stubdom/Makefile
+++ b/stubdom/Makefile
@@ -208,6 +208,7 @@ tpm_emulator-$(XEN_TARGET_ARCH): tpm_emulator-$(TPMEMU_VERSION).tar.gz
tar xzf $<
mv tpm_emulator-$(TPMEMU_VERSION) $@
patch -d $@ -p1 < tpmemu-$(TPMEMU_VERSION).patch;
+ patch -d $@ -p1 < vtpm-bufsize.patch
mkdir $@/build
cd $@/build; CC=${CC} $(CMAKE) .. -DCMAKE_C_FLAGS:STRING="-std=c99 -DTPM_NO_EXTERN $(TARGET_CPPFLAGS) $(TARGET_CFLAGS) -Wno-declaration-after-statement"
touch $@
diff --git a/stubdom/vtpm-bufsize.patch b/stubdom/vtpm-bufsize.patch
new file mode 100644
index 0000000..9c9304c
--- /dev/null
+++ b/stubdom/vtpm-bufsize.patch
@@ -0,0 +1,13 @@
+diff --git a/config.h.in b/config.h.in
+index d16a997..8088a2a 100644
+--- a/config.h.in
++++ b/config.h.in
+@@ -27,7 +27,7 @@
+ #define TPM_STORAGE_NAME "${TPM_STORAGE_NAME}"
+ #define TPM_DEVICE_NAME "${TPM_DEVICE_NAME}"
+ #define TPM_LOG_FILE "${TPM_LOG_FILE}"
+-#define TPM_CMD_BUF_SIZE 4096
++#define TPM_CMD_BUF_SIZE 4088
+
+ #endif /* _CONFIG_H_ */
+
--
1.8.1.4
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 07/12] stubdom/vtpm: Support locality field
2013-03-21 20:11 [PATCH v5 00/12] vTPM updates for 4.3 Daniel De Graaf
` (5 preceding siblings ...)
2013-03-21 20:11 ` [PATCH 06/12] stubdom/vtpm: correct the buffer size returned by TPM_CAP_PROP_INPUT_BUFFER Daniel De Graaf
@ 2013-03-21 20:11 ` Daniel De Graaf
2013-03-21 20:11 ` [PATCH 08/12] stubdom/vtpm: make state save operation atomic Daniel De Graaf
` (6 subsequent siblings)
13 siblings, 0 replies; 25+ messages in thread
From: Daniel De Graaf @ 2013-03-21 20:11 UTC (permalink / raw)
To: Matthew.Fioravante; +Cc: dgdegra, Ian.Campbell, xen-devel
The vTPM protocol now contains a field allowing the locality of a
command to be specified; pass this to the TPM when processing a packet.
While the locality is not currently checked for validity, a binding
between locality and some distinguishing feature of the client domain
(such as the XSM label) will need to be defined in order to properly
support a multi-client vTPM.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
---
stubdom/Makefile | 1 +
stubdom/vtpm-locality.patch | 50 +++++++++++++++++++++++++++++++++++++++++++++
stubdom/vtpm/vtpm.c | 2 +-
3 files changed, 52 insertions(+), 1 deletion(-)
create mode 100644 stubdom/vtpm-locality.patch
diff --git a/stubdom/Makefile b/stubdom/Makefile
index 2e52eea..ebb37b6 100644
--- a/stubdom/Makefile
+++ b/stubdom/Makefile
@@ -209,6 +209,7 @@ tpm_emulator-$(XEN_TARGET_ARCH): tpm_emulator-$(TPMEMU_VERSION).tar.gz
mv tpm_emulator-$(TPMEMU_VERSION) $@
patch -d $@ -p1 < tpmemu-$(TPMEMU_VERSION).patch;
patch -d $@ -p1 < vtpm-bufsize.patch
+ patch -d $@ -p1 < vtpm-locality.patch
mkdir $@/build
cd $@/build; CC=${CC} $(CMAKE) .. -DCMAKE_C_FLAGS:STRING="-std=c99 -DTPM_NO_EXTERN $(TARGET_CPPFLAGS) $(TARGET_CFLAGS) -Wno-declaration-after-statement"
touch $@
diff --git a/stubdom/vtpm-locality.patch b/stubdom/vtpm-locality.patch
new file mode 100644
index 0000000..8ab7dea
--- /dev/null
+++ b/stubdom/vtpm-locality.patch
@@ -0,0 +1,50 @@
+diff --git a/tpm/tpm_capability.c b/tpm/tpm_capability.c
+index 60bbb90..f8f7f0f 100644
+--- a/tpm/tpm_capability.c
++++ b/tpm/tpm_capability.c
+@@ -949,6 +949,8 @@ static TPM_RESULT set_vendor(UINT32 subCap, BYTE *setValue,
+ UINT32 setValueSize, BOOL ownerAuth,
+ BOOL deactivated, BOOL disabled)
+ {
++ if (tpmData.stany.flags.localityModifier != 8)
++ return TPM_BAD_PARAMETER;
+ /* set the capability area with the specified data, on failure
+ deactivate the TPM */
+ switch (subCap) {
+diff --git a/tpm/tpm_cmd_handler.c b/tpm/tpm_cmd_handler.c
+index 288d1ce..9e1cfb4 100644
+--- a/tpm/tpm_cmd_handler.c
++++ b/tpm/tpm_cmd_handler.c
+@@ -4132,7 +4132,7 @@ void tpm_emulator_shutdown()
+ tpm_extern_release();
+ }
+
+-int tpm_handle_command(const uint8_t *in, uint32_t in_size, uint8_t **out, uint32_t *out_size)
++int tpm_handle_command(const uint8_t *in, uint32_t in_size, uint8_t **out, uint32_t *out_size, int locality)
+ {
+ TPM_REQUEST req;
+ TPM_RESPONSE rsp;
+@@ -4140,7 +4140,9 @@ int tpm_handle_command(const uint8_t *in, uint32_t in_size, uint8_t **out, uint3
+ UINT32 len;
+ BOOL free_out;
+
+- debug("tpm_handle_command()");
++ debug("tpm_handle_command(%d)", locality);
++ if (locality != -1)
++ tpmData.stany.flags.localityModifier = locality;
+
+ /* we need the whole packet at once, otherwise unmarshalling will fail */
+ if (tpm_unmarshal_TPM_REQUEST((uint8_t**)&in, &in_size, &req) != 0) {
+diff --git a/tpm/tpm_emulator.h b/tpm/tpm_emulator.h
+index eed749e..4c228bd 100644
+--- a/tpm/tpm_emulator.h
++++ b/tpm/tpm_emulator.h
+@@ -59,7 +59,7 @@ void tpm_emulator_shutdown(void);
+ * its usage. In case of an error, all internally allocated memory
+ * is released and the the state of out and out_size is unspecified.
+ */
+-int tpm_handle_command(const uint8_t *in, uint32_t in_size, uint8_t **out, uint32_t *out_size);
++int tpm_handle_command(const uint8_t *in, uint32_t in_size, uint8_t **out, uint32_t *out_size, int locality);
+
+ #endif /* _TPM_EMULATOR_H_ */
+
diff --git a/stubdom/vtpm/vtpm.c b/stubdom/vtpm/vtpm.c
index 3362ea8..10e7477 100644
--- a/stubdom/vtpm/vtpm.c
+++ b/stubdom/vtpm/vtpm.c
@@ -183,7 +183,7 @@ static void main_loop(void) {
}
/* If not disabled, do the command */
else {
- if((res = tpm_handle_command(tpmcmd->req, tpmcmd->req_len, &tpmcmd->resp, &tpmcmd->resp_len)) != 0) {
+ if((res = tpm_handle_command(tpmcmd->req, tpmcmd->req_len, &tpmcmd->resp, &tpmcmd->resp_len, tpmcmd->locality)) != 0) {
error("tpm_handle_command() failed");
create_error_response(tpmcmd, TPM_FAIL);
}
--
1.8.1.4
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 08/12] stubdom/vtpm: make state save operation atomic
2013-03-21 20:11 [PATCH v5 00/12] vTPM updates for 4.3 Daniel De Graaf
` (6 preceding siblings ...)
2013-03-21 20:11 ` [PATCH 07/12] stubdom/vtpm: Support locality field Daniel De Graaf
@ 2013-03-21 20:11 ` Daniel De Graaf
2013-03-21 20:11 ` [PATCH 09/12] stubdom/vtpm: support multiple backends Daniel De Graaf
` (5 subsequent siblings)
13 siblings, 0 replies; 25+ messages in thread
From: Daniel De Graaf @ 2013-03-21 20:11 UTC (permalink / raw)
To: Matthew.Fioravante; +Cc: dgdegra, Ian.Campbell, xen-devel
This changes the save format of the vtpm stubdom to include two copies
of the saved data: one active, and one inactive. When saving the state,
data is written to the inactive slot before updating the key and hash
saved with the TPM Manager, which determines the active slot when the
vTPM starts up.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
stubdom/vtpm/vtpmblk.c | 74 ++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 60 insertions(+), 14 deletions(-)
diff --git a/stubdom/vtpm/vtpmblk.c b/stubdom/vtpm/vtpmblk.c
index b343bd8..fe529ab 100644
--- a/stubdom/vtpm/vtpmblk.c
+++ b/stubdom/vtpm/vtpmblk.c
@@ -26,6 +26,7 @@
static struct blkfront_dev* blkdev = NULL;
static int blkfront_fd = -1;
+static uint64_t slot_size = 0;
int init_vtpmblk(struct tpmfront_dev* tpmfront_dev)
{
@@ -45,6 +46,8 @@ int init_vtpmblk(struct tpmfront_dev* tpmfront_dev)
goto error;
}
+ slot_size = blkinfo.sectors * blkinfo.sector_size / 2;
+
return 0;
error:
shutdown_blkfront(blkdev);
@@ -59,15 +62,20 @@ void shutdown_vtpmblk(void)
blkdev = NULL;
}
-int write_vtpmblk_raw(uint8_t *data, size_t data_length)
+static int write_vtpmblk_raw(uint8_t *data, size_t data_length, int slot)
{
int rc;
uint32_t lenbuf;
- debug("Begin Write data=%p len=%u", data, data_length);
+ debug("Begin Write data=%p len=%u slot=%u ssize=%u", data, data_length, slot, slot_size);
+
+ if (data_length > slot_size - 4) {
+ error("vtpm data cannot fit in data slot (%d/%d).", data_length, slot_size - 4);
+ return -1;
+ }
lenbuf = cpu_to_be32((uint32_t)data_length);
- lseek(blkfront_fd, 0, SEEK_SET);
+ lseek(blkfront_fd, slot * slot_size, SEEK_SET);
if((rc = write(blkfront_fd, (uint8_t*)&lenbuf, 4)) != 4) {
error("write(length) failed! error was %s", strerror(errno));
return -1;
@@ -82,12 +90,12 @@ int write_vtpmblk_raw(uint8_t *data, size_t data_length)
return 0;
}
-int read_vtpmblk_raw(uint8_t **data, size_t *data_length)
+static int read_vtpmblk_raw(uint8_t **data, size_t *data_length, int slot)
{
int rc;
uint32_t lenbuf;
- lseek(blkfront_fd, 0, SEEK_SET);
+ lseek(blkfront_fd, slot * slot_size, SEEK_SET);
if(( rc = read(blkfront_fd, (uint8_t*)&lenbuf, 4)) != 4) {
error("read(length) failed! error was %s", strerror(errno));
return -1;
@@ -97,6 +105,10 @@ int read_vtpmblk_raw(uint8_t **data, size_t *data_length)
error("read 0 data_length for NVM");
return -1;
}
+ if(*data_length > slot_size - 4) {
+ error("read invalid data_length for NVM");
+ return -1;
+ }
*data = tpm_malloc(*data_length);
if((rc = read(blkfront_fd, *data, *data_length)) != *data_length) {
@@ -104,7 +116,7 @@ int read_vtpmblk_raw(uint8_t **data, size_t *data_length)
return -1;
}
- info("Read %u bytes from NVM persistent storage", *data_length);
+ info("Read %u bytes from NVM persistent storage (slot %d)", *data_length, slot);
return 0;
}
@@ -221,6 +233,9 @@ egress:
return rc;
}
+/* Current active state slot, or -1 if no valid saved state exists */
+static int active_slot = -1;
+
int write_vtpmblk(struct tpmfront_dev* tpmfront_dev, uint8_t* data, size_t data_length) {
int rc;
uint8_t* cipher = NULL;
@@ -228,12 +243,17 @@ int write_vtpmblk(struct tpmfront_dev* tpmfront_dev, uint8_t* data, size_t data_
uint8_t hashkey[HASHKEYSZ];
uint8_t* symkey = hashkey + HASHSZ;
+ /* Switch to the other slot. Note that in a new vTPM, the read will not
+ * succeed, so active_slot will be -1 and we will write to slot 0.
+ */
+ active_slot = !active_slot;
+
/* Encrypt the data */
if((rc = encrypt_vtpmblk(data, data_length, &cipher, &cipher_len, symkey))) {
goto abort_egress;
}
/* Write to disk */
- if((rc = write_vtpmblk_raw(cipher, cipher_len))) {
+ if((rc = write_vtpmblk_raw(cipher, cipher_len, active_slot))) {
goto abort_egress;
}
/* Get sha1 hash of data */
@@ -256,7 +276,8 @@ int read_vtpmblk(struct tpmfront_dev* tpmfront_dev, uint8_t** data, size_t *data
size_t cipher_len = 0;
size_t keysize;
uint8_t* hashkey = NULL;
- uint8_t hash[HASHSZ];
+ uint8_t hash0[HASHSZ];
+ uint8_t hash1[HASHSZ];
uint8_t* symkey;
/* Retreive the hash and the key from the manager */
@@ -270,14 +291,32 @@ int read_vtpmblk(struct tpmfront_dev* tpmfront_dev, uint8_t** data, size_t *data
}
symkey = hashkey + HASHSZ;
- /* Read from disk now */
- if((rc = read_vtpmblk_raw(&cipher, &cipher_len))) {
+ active_slot = 0;
+ debug("Reading slot 0 from disk\n");
+ if((rc = read_vtpmblk_raw(&cipher, &cipher_len, 0))) {
goto abort_egress;
}
/* Compute the hash of the cipher text and compare */
- sha1(cipher, cipher_len, hash);
- if(memcmp(hash, hashkey, HASHSZ)) {
+ sha1(cipher, cipher_len, hash0);
+ if(!memcmp(hash0, hashkey, HASHSZ))
+ goto valid;
+
+ free(cipher);
+ cipher = NULL;
+
+ active_slot = 1;
+ debug("Reading slot 1 from disk (offset=%u)\n", slot_size);
+ if((rc = read_vtpmblk_raw(&cipher, &cipher_len, 1))) {
+ goto abort_egress;
+ }
+
+ /* Compute the hash of the cipher text and compare */
+ sha1(cipher, cipher_len, hash1);
+ if(!memcmp(hash1, hashkey, HASHSZ))
+ goto valid;
+
+ {
int i;
error("NVM Storage Checksum failed!");
printf("Expected: ");
@@ -285,14 +324,20 @@ int read_vtpmblk(struct tpmfront_dev* tpmfront_dev, uint8_t** data, size_t *data
printf("%02hhX ", hashkey[i]);
}
printf("\n");
- printf("Actual: ");
+ printf("Slot 0: ");
+ for(i = 0; i < HASHSZ; ++i) {
+ printf("%02hhX ", hash0[i]);
+ }
+ printf("\n");
+ printf("Slot 1: ");
for(i = 0; i < HASHSZ; ++i) {
- printf("%02hhX ", hash[i]);
+ printf("%02hhX ", hash1[i]);
}
printf("\n");
rc = -1;
goto abort_egress;
}
+valid:
/* Decrypt the blob */
if((rc = decrypt_vtpmblk(cipher, cipher_len, data, data_length, symkey))) {
@@ -300,6 +345,7 @@ int read_vtpmblk(struct tpmfront_dev* tpmfront_dev, uint8_t** data, size_t *data
}
goto egress;
abort_egress:
+ active_slot = -1;
egress:
free(cipher);
free(hashkey);
--
1.8.1.4
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 09/12] stubdom/vtpm: support multiple backends
2013-03-21 20:11 [PATCH v5 00/12] vTPM updates for 4.3 Daniel De Graaf
` (7 preceding siblings ...)
2013-03-21 20:11 ` [PATCH 08/12] stubdom/vtpm: make state save operation atomic Daniel De Graaf
@ 2013-03-21 20:11 ` Daniel De Graaf
2013-03-21 20:11 ` [PATCH 10/12] stubdom/vtpm: constrain locality by XSM label Daniel De Graaf
` (4 subsequent siblings)
13 siblings, 0 replies; 25+ messages in thread
From: Daniel De Graaf @ 2013-03-21 20:11 UTC (permalink / raw)
To: Matthew.Fioravante; +Cc: dgdegra, Ian.Campbell, xen-devel
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
stubdom/vtpm/vtpm.c | 14 ++------------
1 file changed, 2 insertions(+), 12 deletions(-)
diff --git a/stubdom/vtpm/vtpm.c b/stubdom/vtpm/vtpm.c
index 10e7477..8f8095f 100644
--- a/stubdom/vtpm/vtpm.c
+++ b/stubdom/vtpm/vtpm.c
@@ -141,8 +141,6 @@ int check_ordinal(tpmcmd_t* tpmcmd) {
static void main_loop(void) {
tpmcmd_t* tpmcmd = NULL;
- domid_t domid; /* Domid of frontend */
- unsigned int handle; /* handle of frontend */
int res = -1;
info("VTPM Initializing\n");
@@ -162,15 +160,7 @@ static void main_loop(void) {
goto abort_postpcrs;
}
- /* Wait for the frontend domain to connect */
- info("Waiting for frontend domain to connect..");
- if(tpmback_wait_for_frontend_connect(&domid, &handle) == 0) {
- info("VTPM attached to Frontend %u/%u", (unsigned int) domid, handle);
- } else {
- error("Unable to attach to a frontend");
- }
-
- tpmcmd = tpmback_req(domid, handle);
+ tpmcmd = tpmback_req_any();
while(tpmcmd) {
/* Handle the request */
if(tpmcmd->req_len) {
@@ -194,7 +184,7 @@ static void main_loop(void) {
tpmback_resp(tpmcmd);
/* Wait for the next request */
- tpmcmd = tpmback_req(domid, handle);
+ tpmcmd = tpmback_req_any();
}
--
1.8.1.4
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 10/12] stubdom/vtpm: constrain locality by XSM label
2013-03-21 20:11 [PATCH v5 00/12] vTPM updates for 4.3 Daniel De Graaf
` (8 preceding siblings ...)
2013-03-21 20:11 ` [PATCH 09/12] stubdom/vtpm: support multiple backends Daniel De Graaf
@ 2013-03-21 20:11 ` Daniel De Graaf
2013-03-21 20:11 ` [PATCH 11/12] stubdom/grub: send kernel measurements to vTPM Daniel De Graaf
` (3 subsequent siblings)
13 siblings, 0 replies; 25+ messages in thread
From: Daniel De Graaf @ 2013-03-21 20:11 UTC (permalink / raw)
To: Matthew.Fioravante; +Cc: dgdegra, Ian.Campbell, xen-devel
This adds the ability for a vTPM to constrain what localities a given
client domain can use based on its XSM label. For example:
locality=user_1:vm_r:domU_t=0,1,2 locality=user_1:vm_r:watcher_t=5
An arbitrary prefix can be matched by using a '*'.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
stubdom/vtpm/vtpm.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 74 insertions(+), 2 deletions(-)
diff --git a/stubdom/vtpm/vtpm.c b/stubdom/vtpm/vtpm.c
index 8f8095f..f67de18 100644
--- a/stubdom/vtpm/vtpm.c
+++ b/stubdom/vtpm/vtpm.c
@@ -139,6 +139,35 @@ int check_ordinal(tpmcmd_t* tpmcmd) {
return true;
}
+struct locality_item {
+ char* lbl;
+ uint8_t mask[32];
+};
+#define MAX_CLIENT_LOCALITIES 16
+static struct locality_item client_locality[MAX_CLIENT_LOCALITIES];
+static int nr_client_localities = 0;
+
+static void *generate_locality_mask(domid_t domid, unsigned int handle)
+{
+ char label[512];
+ int i;
+ if (tpmback_get_peercontext(domid, handle, label, sizeof(label)))
+ BUG();
+ for(i=0; i < nr_client_localities; i++) {
+ if (!strcmp(client_locality[i].lbl, label))
+ goto found;
+ if (client_locality[i].lbl[0] == '*') {
+ char * f = strstr(label, 1 + client_locality[i].lbl);
+ if (!strcmp(f, 1 + client_locality[i].lbl))
+ goto found;
+ }
+ }
+ return NULL;
+ found:
+ tpmback_set_opaque(domid, handle, client_locality[i].mask);
+ return client_locality[i].mask;
+}
+
static void main_loop(void) {
tpmcmd_t* tpmcmd = NULL;
int res = -1;
@@ -164,11 +193,24 @@ static void main_loop(void) {
while(tpmcmd) {
/* Handle the request */
if(tpmcmd->req_len) {
+ uint8_t* locality_mask = tpmcmd->opaque;
+ uint8_t locality_bit = (1 << (tpmcmd->locality & 7));
+ int locality_byte = tpmcmd->locality >> 3;
tpmcmd->resp = NULL;
tpmcmd->resp_len = 0;
- /* First check for disabled ordinals */
- if(!check_ordinal(tpmcmd)) {
+ if (nr_client_localities && !locality_mask)
+ locality_mask = generate_locality_mask(tpmcmd->domid, tpmcmd->handle);
+ if (nr_client_localities && !locality_mask) {
+ error("Unknown client label in tpm_handle_command");
+ create_error_response(tpmcmd, TPM_FAIL);
+ }
+ else if (nr_client_localities && !(locality_mask[locality_byte] & locality_bit)) {
+ error("Invalid locality (%d) for client in tpm_handle_command", tpmcmd->locality);
+ create_error_response(tpmcmd, TPM_FAIL);
+ }
+ /* Check for disabled ordinals */
+ else if(!check_ordinal(tpmcmd)) {
create_error_response(tpmcmd, TPM_BAD_ORDINAL);
}
/* If not disabled, do the command */
@@ -273,6 +315,36 @@ int parse_cmd_line(int argc, char** argv)
pch = strtok(NULL, ",");
}
}
+ else if(!strncmp(argv[i], "locality=", 9)) {
+ char *lbl = argv[i] + 9;
+ char *pch = strchr(lbl, '=');
+ uint8_t* locality_mask = client_locality[nr_client_localities].mask;
+ if (pch == NULL) {
+ error("Invalid locality specification: %s", lbl);
+ return -1;
+ }
+ if (nr_client_localities == MAX_CLIENT_LOCALITIES) {
+ error("Too many locality specifications");
+ return -1;
+ }
+ client_locality[nr_client_localities].lbl = lbl;
+ memset(locality_mask, 0, 32);
+ nr_client_localities++;
+ *pch = 0;
+ pch = strtok(pch + 1, ",");
+ while (pch != NULL) {
+ unsigned int loc;
+ if (sscanf(pch, "%u", &loc) == 1 && loc < 256) {
+ uint8_t locality_bit = (1 << (loc & 7));
+ int locality_byte = loc >> 3;
+ locality_mask[locality_byte] |= locality_bit;
+ } else {
+ error("Invalid locality item: %s", pch);
+ return -1;
+ }
+ pch = strtok(NULL, ",");
+ }
+ }
else {
error("Invalid command line option `%s'", argv[i]);
}
--
1.8.1.4
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 11/12] stubdom/grub: send kernel measurements to vTPM
2013-03-21 20:11 [PATCH v5 00/12] vTPM updates for 4.3 Daniel De Graaf
` (9 preceding siblings ...)
2013-03-21 20:11 ` [PATCH 10/12] stubdom/vtpm: constrain locality by XSM label Daniel De Graaf
@ 2013-03-21 20:11 ` Daniel De Graaf
2013-03-21 20:11 ` [PATCH 12/12] stubdom/Makefile: Fix gmp extract rule Daniel De Graaf
` (2 subsequent siblings)
13 siblings, 0 replies; 25+ messages in thread
From: Daniel De Graaf @ 2013-03-21 20:11 UTC (permalink / raw)
To: Matthew.Fioravante; +Cc: dgdegra, Ian.Campbell, xen-devel
This allows a domU with an arbitrary kernel and initrd to take advantage
of the static root of trust provided by a vTPM.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Acked-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
---
docs/misc/vtpm.txt | 41 ++++++++++++++++++++++++++++---------
stubdom/Makefile | 2 +-
stubdom/grub/Makefile | 1 +
stubdom/grub/kexec.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++
stubdom/grub/minios.cfg | 1 +
5 files changed, 89 insertions(+), 10 deletions(-)
diff --git a/docs/misc/vtpm.txt b/docs/misc/vtpm.txt
index c0a6054..b8979a3 100644
--- a/docs/misc/vtpm.txt
+++ b/docs/misc/vtpm.txt
@@ -1,7 +1,7 @@
Copyright (c) 2010-2012 United States Government, as represented by
the Secretary of Defense. All rights reserved.
November 12 2012
-Authors: Matthew Fioravante (JHUAPL),
+Authors: Matthew Fioravante (JHUAPL), Daniel De Graaf (NSA)
This document describes the virtual Trusted Platform Module (vTPM) subsystem
for Xen. The reader is assumed to have familiarity with building and installing
@@ -15,7 +15,8 @@ operating system (a DomU). This allows programs to interact with a TPM in a
virtual system the same way they interact with a TPM on the physical system.
Each guest gets its own unique, emulated, software TPM. However, each of the
vTPM's secrets (Keys, NVRAM, etc) are managed by a vTPM Manager domain, which
-seals the secrets to the Physical TPM. Thus, the vTPM subsystem extends the
+seals the secrets to the Physical TPM. If the process of creating each of these
+domains (manager, vTPM, and guest) is trusted, the vTPM subsystem extends the
chain of trust rooted in the hardware TPM to virtual machines in Xen. Each
major component of vTPM is implemented as a separate domain, providing secure
separation guaranteed by the hypervisor. The vTPM domains are implemented in
@@ -119,14 +120,17 @@ the stubdom tree.
Compiling the LINUX dom0 kernel:
--------------------------------
-The Linux dom0 kernel has no special prerequisites.
+The Linux dom0 kernel should not try accessing the TPM while the vTPM
+Manager domain is accessing it; the simplest way to accomplish this is
+to ensure the kernel is compiled without a driver for the TPM, or avoid
+loading the driver by blacklisting the module.
Compiling the LINUX domU kernel:
--------------------------------
-The domU kernel used by domains with vtpms must
-include the xen-tpmfront.ko driver. It can be built
-directly into the kernel or as a module.
+The domU kernel used by domains with vtpms must include the xen-tpmfront.ko
+driver. It can be built directly into the kernel or as a module; however, some
+features such as IMA require the TPM to be built in to the kernel.
CONFIG_TCG_TPM=y
CONFIG_TCG_XEN=y
@@ -160,9 +164,10 @@ disk=["file:/var/vtpmmgr-stubdom.img,hda,w"]
name="vtpmmgr"
iomem=["fed40,5"]
-The iomem line tells xl to allow access to the TPM
-IO memory pages, which are 5 pages that start at
-0xfed40000.
+The iomem line tells xl to allow access to all of the TPM IO memory
+pages, which are 5 pages (one per locality) that start at 0xfed40000. By
+default, the TPM manager uses locality 0 (so only the page at 0xfed40 is
+needed); this can be changed on the domain's command line.
Starting and stopping the manager:
----------------------------------
@@ -285,6 +290,24 @@ On guest:
You may wish to write a script to start your vtpm and guest together.
------------------------------
+INTEGRATION WITH PV-GRUB
+------------------------------
+
+The vTPM currently starts up with all PCRs set to their default values (all
+zeros for the lower 16). This means that any decisions about the
+trustworthiness of the created domain must be made based on the environment that
+created the vTPM and the domU; for example, a system that only constructs images
+using a trusted configuration and guest kernel be able to provide guarantees
+about the guests and any measurements done that kernel (such as the IMA TCB
+log). Guests wishing to use a custom kernel in such a secure environment are
+often started using the pv-grub bootloader as the kernel, which then can load
+the untrusted kernel without needing to parse an untrusted filesystem and kernel
+in dom0. If the pv-grub stub domain succeeds in connecting to a vTPM, it will
+extend the hash of the kernel that it boots into PCR #4, and will extend the
+command line and initrd into PCR #5 before booting so that a domU booted in this
+way can attest to its early boot state.
+
+------------------------------
MORE INFORMATION
------------------------------
diff --git a/stubdom/Makefile b/stubdom/Makefile
index ebb37b6..680abee 100644
--- a/stubdom/Makefile
+++ b/stubdom/Makefile
@@ -399,7 +399,7 @@ grub-upstream: grub-$(GRUB_VERSION).tar.gz
done
.PHONY: grub
-grub: grub-upstream $(CROSS_ROOT)
+grub: cross-polarssl grub-upstream $(CROSS_ROOT)
mkdir -p grub-$(XEN_TARGET_ARCH)
CPPFLAGS="$(TARGET_CPPFLAGS)" CFLAGS="$(TARGET_CFLAGS)" $(MAKE) DESTDIR= -C $@ OBJ_DIR=$(CURDIR)/grub-$(XEN_TARGET_ARCH)
diff --git a/stubdom/grub/Makefile b/stubdom/grub/Makefile
index d6e3a1e..6bd2c4c 100644
--- a/stubdom/grub/Makefile
+++ b/stubdom/grub/Makefile
@@ -60,6 +60,7 @@ NETBOOT_SOURCES:=$(addprefix netboot/,$(NETBOOT_SOURCES))
$(BOOT): DEF_CPPFLAGS+=-D__ASSEMBLY__
PV_GRUB_SOURCES = kexec.c mini-os.c
+PV_GRUB_SOURCES += ../polarssl-$(XEN_TARGET_ARCH)/library/sha1.o
SOURCES = $(NETBOOT_SOURCES) $(STAGE2_SOURCES) $(PV_GRUB_SOURCES)
diff --git a/stubdom/grub/kexec.c b/stubdom/grub/kexec.c
index b21c91a..cef357e 100644
--- a/stubdom/grub/kexec.c
+++ b/stubdom/grub/kexec.c
@@ -28,7 +28,9 @@
#include <blkfront.h>
#include <netfront.h>
#include <fbfront.h>
+#include <tpmfront.h>
#include <shared.h>
+#include <byteswap.h>
#include "mini-os.h"
@@ -54,6 +56,22 @@ static unsigned long allocated;
int pin_table(xc_interface *xc_handle, unsigned int type, unsigned long mfn,
domid_t dom);
+#define TPM_TAG_RQU_COMMAND 0xC1
+#define TPM_ORD_Extend 20
+
+struct pcr_extend_cmd {
+ uint16_t tag;
+ uint32_t size;
+ uint32_t ord;
+
+ uint32_t pcr;
+ unsigned char hash[20];
+} __attribute__((packed));
+
+/* Not imported from polarssl's header since the prototype unhelpfully defines
+ * the input as unsigned char, which causes pointer type mismatches */
+void sha1(const void *input, size_t ilen, unsigned char output[20]);
+
/* We need mfn to appear as target_pfn, so exchange with the MFN there */
static void do_exchange(struct xc_dom_image *dom, xen_pfn_t target_pfn, xen_pfn_t source_mfn)
{
@@ -117,6 +135,40 @@ int kexec_allocate(struct xc_dom_image *dom, xen_vaddr_t up_to)
return 0;
}
+static void tpm_hash2pcr(struct xc_dom_image *dom, char *cmdline)
+{
+ struct tpmfront_dev* tpm = init_tpmfront(NULL);
+ uint8_t *resp;
+ size_t resplen = 0;
+ struct pcr_extend_cmd cmd;
+
+ /* If all guests have access to a vTPM, it may be useful to replace this
+ * with ASSERT(tpm) to prevent configuration errors from allowing a guest
+ * to boot without a TPM (or with a TPM that has not been sent any
+ * measurements, which could allow forging the measurements).
+ */
+ if (!tpm)
+ return;
+
+ cmd.tag = bswap_16(TPM_TAG_RQU_COMMAND);
+ cmd.size = bswap_32(sizeof(cmd));
+ cmd.ord = bswap_32(TPM_ORD_Extend);
+ cmd.pcr = bswap_32(4); // PCR #4 for kernel
+ sha1(dom->kernel_blob, dom->kernel_size, cmd.hash);
+
+ tpmfront_cmd(tpm, (void*)&cmd, sizeof(cmd), &resp, &resplen);
+
+ cmd.pcr = bswap_32(5); // PCR #5 for cmdline
+ sha1(cmdline, strlen(cmdline), cmd.hash);
+ tpmfront_cmd(tpm, (void*)&cmd, sizeof(cmd), &resp, &resplen);
+
+ cmd.pcr = bswap_32(5); // PCR #5 for initrd
+ sha1(dom->ramdisk_blob, dom->ramdisk_size, cmd.hash);
+ tpmfront_cmd(tpm, (void*)&cmd, sizeof(cmd), &resp, &resplen);
+
+ shutdown_tpmfront(tpm);
+}
+
void kexec(void *kernel, long kernel_size, void *module, long module_size, char *cmdline, unsigned long flags)
{
struct xc_dom_image *dom;
@@ -151,6 +203,8 @@ void kexec(void *kernel, long kernel_size, void *module, long module_size, char
dom->console_evtchn = start_info.console.domU.evtchn;
dom->xenstore_evtchn = start_info.store_evtchn;
+ tpm_hash2pcr(dom, cmdline);
+
if ( (rc = xc_dom_boot_xen_init(dom, xc_handle, domid)) != 0 ) {
grub_printf("xc_dom_boot_xen_init returned %d\n", rc);
errnum = ERR_BOOT_FAILURE;
diff --git a/stubdom/grub/minios.cfg b/stubdom/grub/minios.cfg
index 40cfa68..8df4909 100644
--- a/stubdom/grub/minios.cfg
+++ b/stubdom/grub/minios.cfg
@@ -1,2 +1,3 @@
CONFIG_START_NETWORK=n
CONFIG_SPARSE_BSS=n
+CONFIG_TPMFRONT=y
--
1.8.1.4
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 12/12] stubdom/Makefile: Fix gmp extract rule
2013-03-21 20:11 [PATCH v5 00/12] vTPM updates for 4.3 Daniel De Graaf
` (10 preceding siblings ...)
2013-03-21 20:11 ` [PATCH 11/12] stubdom/grub: send kernel measurements to vTPM Daniel De Graaf
@ 2013-03-21 20:11 ` Daniel De Graaf
2013-04-11 14:54 ` Ian Campbell
2013-03-21 20:12 ` [PATCH] drivers/tpm-xen: Change vTPM shared page ABI Daniel De Graaf
2013-04-12 13:42 ` [PATCH v5 00/12] vTPM updates for 4.3 Ian Campbell
13 siblings, 1 reply; 25+ messages in thread
From: Daniel De Graaf @ 2013-03-21 20:11 UTC (permalink / raw)
To: Matthew.Fioravante; +Cc: dgdegra, Ian.Campbell, xen-devel
When NEWLIB_STAMPFILE is updated but gmp has already been extracted, the mv
command will incorrectly create a subdirectory instead of renaming. Remove the
old target before renaming to fix this.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
stubdom/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/stubdom/Makefile b/stubdom/Makefile
index 680abee..427e4d6 100644
--- a/stubdom/Makefile
+++ b/stubdom/Makefile
@@ -162,6 +162,7 @@ ifeq ($(XEN_TARGET_ARCH), x86_32)
endif
gmp-$(XEN_TARGET_ARCH): gmp-$(GMP_VERSION).tar.bz2 $(NEWLIB_STAMPFILE)
tar xjf $<
+ rm $@ -rf || :
mv gmp-$(GMP_VERSION) $@
#patch -d $@ -p0 < gmp.patch
cd $@; CPPFLAGS="-isystem $(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf/include $(TARGET_CPPFLAGS)" CFLAGS="$(TARGET_CFLAGS)" CC=$(CC) $(GMPEXT) ./configure --disable-shared --enable-static --disable-fft --without-readline --prefix=$(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf
--
1.8.1.4
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH] drivers/tpm-xen: Change vTPM shared page ABI
2013-03-21 20:11 [PATCH v5 00/12] vTPM updates for 4.3 Daniel De Graaf
` (11 preceding siblings ...)
2013-03-21 20:11 ` [PATCH 12/12] stubdom/Makefile: Fix gmp extract rule Daniel De Graaf
@ 2013-03-21 20:12 ` Daniel De Graaf
2013-03-22 8:26 ` Jan Beulich
2013-03-22 12:41 ` Konrad Rzeszutek Wilk
2013-04-12 13:42 ` [PATCH v5 00/12] vTPM updates for 4.3 Ian Campbell
13 siblings, 2 replies; 25+ messages in thread
From: Daniel De Graaf @ 2013-03-21 20:12 UTC (permalink / raw)
To: Matthew.Fioravante; +Cc: Daniel De Graaf, Ian.Campbell, xen-devel
This changes the vTPM shared page ABI from a copy of the Xen network
interface to a single-page interface that better reflects the expected
behavior of a TPM: only a single request packet can be sent at any given
time, and every packet sent generates a single response packet.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
drivers/char/tpm/xen-tpmfront_if.c | 219 ++++++++++---------------------------
include/xen/interface/io/tpmif.h | 45 +++-----
2 files changed, 73 insertions(+), 191 deletions(-)
diff --git a/drivers/char/tpm/xen-tpmfront_if.c b/drivers/char/tpm/xen-tpmfront_if.c
index 649aee6..b1f95c0 100644
--- a/drivers/char/tpm/xen-tpmfront_if.c
+++ b/drivers/char/tpm/xen-tpmfront_if.c
@@ -53,7 +53,7 @@
struct tpm_private {
struct tpm_chip *chip;
- struct tpmif_tx_interface *tx;
+ struct vtpm_shared_page *page;
atomic_t refcnt;
unsigned int evtchn;
u8 is_connected;
@@ -61,8 +61,6 @@ struct tpm_private {
spinlock_t tx_lock;
- struct tx_buffer *tx_buffers[TPMIF_TX_RING_SIZE];
-
atomic_t tx_busy;
void *tx_remember;
@@ -73,15 +71,7 @@ struct tpm_private {
int ring_ref;
};
-struct tx_buffer {
- unsigned int size; /* available space in data */
- unsigned int len; /* used space in data */
- unsigned char *data; /* pointer to a page */
-};
-
-
/* locally visible variables */
-static grant_ref_t gref_head;
static struct tpm_private *my_priv;
/* local function prototypes */
@@ -92,8 +82,6 @@ static int tpmif_connect(struct xenbus_device *dev,
struct tpm_private *tp,
domid_t domid);
static DECLARE_TASKLET(tpmif_rx_tasklet, tpmif_rx_action, 0);
-static int tpmif_allocate_tx_buffers(struct tpm_private *tp);
-static void tpmif_free_tx_buffers(struct tpm_private *tp);
static void tpmif_set_connected_state(struct tpm_private *tp,
u8 newstate);
static int tpm_xmit(struct tpm_private *tp,
@@ -101,52 +89,6 @@ static int tpm_xmit(struct tpm_private *tp,
void *remember);
static void destroy_tpmring(struct tpm_private *tp);
-static inline int
-tx_buffer_copy(struct tx_buffer *txb, const u8 *src, int len,
- int isuserbuffer)
-{
- int copied = len;
-
- if (len > txb->size)
- copied = txb->size;
- if (isuserbuffer) {
- if (copy_from_user(txb->data, src, copied))
- return -EFAULT;
- } else {
- memcpy(txb->data, src, copied);
- }
- txb->len = len;
- return copied;
-}
-
-static inline struct tx_buffer *tx_buffer_alloc(void)
-{
- struct tx_buffer *txb;
-
- txb = kzalloc(sizeof(struct tx_buffer), GFP_KERNEL);
- if (!txb)
- return NULL;
-
- txb->len = 0;
- txb->size = PAGE_SIZE;
- txb->data = (unsigned char *)__get_free_page(GFP_KERNEL);
- if (txb->data == NULL) {
- kfree(txb);
- txb = NULL;
- }
-
- return txb;
-}
-
-
-static inline void tx_buffer_free(struct tx_buffer *txb)
-{
- if (txb) {
- free_page((long)txb->data);
- kfree(txb);
- }
-}
-
/**************************************************************
Utility function for the tpm_private structure
**************************************************************/
@@ -162,15 +104,12 @@ static void tpm_private_put(void)
if (!atomic_dec_and_test(&my_priv->refcnt))
return;
- tpmif_free_tx_buffers(my_priv);
kfree(my_priv);
my_priv = NULL;
}
static struct tpm_private *tpm_private_get(void)
{
- int err;
-
if (my_priv) {
atomic_inc(&my_priv->refcnt);
return my_priv;
@@ -181,9 +120,6 @@ static struct tpm_private *tpm_private_get(void)
return NULL;
tpm_private_init(my_priv);
- err = tpmif_allocate_tx_buffers(my_priv);
- if (err < 0)
- tpm_private_put();
return my_priv;
}
@@ -218,22 +154,22 @@ int vtpm_vd_send(struct tpm_private *tp,
static int setup_tpmring(struct xenbus_device *dev,
struct tpm_private *tp)
{
- struct tpmif_tx_interface *sring;
+ struct vtpm_shared_page *sring;
int err;
tp->ring_ref = GRANT_INVALID_REF;
- sring = (void *)__get_free_page(GFP_KERNEL);
+ sring = (void *)__get_free_page(GFP_KERNEL|__GFP_ZERO);
if (!sring) {
xenbus_dev_fatal(dev, -ENOMEM, "allocating shared ring");
return -ENOMEM;
}
- tp->tx = sring;
+ tp->page = sring;
- err = xenbus_grant_ring(dev, virt_to_mfn(tp->tx));
+ err = xenbus_grant_ring(dev, virt_to_mfn(tp->page));
if (err < 0) {
free_page((unsigned long)sring);
- tp->tx = NULL;
+ tp->page = NULL;
xenbus_dev_fatal(dev, err, "allocating grant reference");
goto fail;
}
@@ -256,9 +192,9 @@ static void destroy_tpmring(struct tpm_private *tp)
if (tp->ring_ref != GRANT_INVALID_REF) {
gnttab_end_foreign_access(tp->ring_ref,
- 0, (unsigned long)tp->tx);
+ 0, (unsigned long)tp->page);
tp->ring_ref = GRANT_INVALID_REF;
- tp->tx = NULL;
+ tp->page = NULL;
}
if (tp->evtchn)
@@ -302,6 +238,13 @@ again:
goto abort_transaction;
}
+ err = xenbus_printf(xbt, dev->nodename, "feature-protocol-v2", "1");
+ if (err) {
+ message = "writing feature-protocol-v2";
+ goto abort_transaction;
+ }
+
+
err = xenbus_transaction_end(xbt, 0);
if (err == -EAGAIN)
goto again;
@@ -331,6 +274,7 @@ static void backend_changed(struct xenbus_device *dev,
enum xenbus_state backend_state)
{
struct tpm_private *tp = tpm_private_from_dev(&dev->dev);
+ int val;
switch (backend_state) {
case XenbusStateInitialising:
@@ -342,7 +286,14 @@ static void backend_changed(struct xenbus_device *dev,
break;
case XenbusStateConnected:
- tpmif_set_connected_state(tp, 1);
+ if (xenbus_scanf(XBT_NIL, dev->otherend,
+ "feature-protocol-v2", "%d", &val) < 0)
+ val = 0;
+ if (val)
+ tpmif_set_connected_state(tp, 1);
+ else
+ xenbus_dev_fatal(dev, -EINVAL,
+ "vTPM protocol 2 required");
break;
case XenbusStateClosing:
@@ -470,62 +421,41 @@ static DEFINE_XENBUS_DRIVER(tpmfront, ,
.suspend = tpmfront_suspend,
);
-static int tpmif_allocate_tx_buffers(struct tpm_private *tp)
-{
- unsigned int i;
-
- for (i = 0; i < TPMIF_TX_RING_SIZE; i++) {
- tp->tx_buffers[i] = tx_buffer_alloc();
- if (!tp->tx_buffers[i]) {
- tpmif_free_tx_buffers(tp);
- return -ENOMEM;
- }
- }
- return 0;
-}
-
-static void tpmif_free_tx_buffers(struct tpm_private *tp)
-{
- unsigned int i;
-
- for (i = 0; i < TPMIF_TX_RING_SIZE; i++)
- tx_buffer_free(tp->tx_buffers[i]);
-}
-
static void tpmif_rx_action(unsigned long priv)
{
struct tpm_private *tp = (struct tpm_private *)priv;
- int i = 0;
unsigned int received;
unsigned int offset = 0;
u8 *buffer;
- struct tpmif_tx_request *tx = &tp->tx->ring[i].req;
+ struct vtpm_shared_page *shr = tp->page;
+ int state = shr->state;
+
+ switch (state) {
+ case VTPM_STATE_IDLE:
+ received = 0;
+ break;
+ case VTPM_STATE_FINISH:
+ received = shr->length;
+ break;
+ default:
+ return;
+ }
atomic_set(&tp->tx_busy, 0);
wake_up_interruptible(&tp->wait_q);
- received = tx->size;
+ offset = sizeof(*shr) + 4*shr->nr_extra_pages;
+
+ if (offset > PAGE_SIZE || offset + received > PAGE_SIZE) {
+ printk(KERN_WARNING "tpmif_rx_action packet too large\n");
+ return;
+ }
buffer = kmalloc(received, GFP_ATOMIC);
if (!buffer)
return;
- for (i = 0; i < TPMIF_TX_RING_SIZE && offset < received; i++) {
- struct tx_buffer *txb = tp->tx_buffers[i];
- struct tpmif_tx_request *tx;
- unsigned int tocopy;
-
- tx = &tp->tx->ring[i].req;
- tocopy = tx->size;
- if (tocopy > PAGE_SIZE)
- tocopy = PAGE_SIZE;
-
- memcpy(&buffer[offset], txb->data, tocopy);
-
- gnttab_release_grant_reference(&gref_head, tx->ref);
-
- offset += tocopy;
- }
+ memcpy(buffer, offset + (u8*)shr, received);
vtpm_vd_recv(tp->chip, buffer, received, tp->tx_remember);
kfree(buffer);
@@ -550,8 +480,7 @@ static int tpm_xmit(struct tpm_private *tp,
const u8 *buf, size_t count, int isuserbuffer,
void *remember)
{
- struct tpmif_tx_request *tx;
- int i;
+ struct vtpm_shared_page *shr;
unsigned int offset = 0;
spin_lock_irq(&tp->tx_lock);
@@ -566,48 +495,23 @@ static int tpm_xmit(struct tpm_private *tp,
return -EIO;
}
- for (i = 0; count > 0 && i < TPMIF_TX_RING_SIZE; i++) {
- struct tx_buffer *txb = tp->tx_buffers[i];
- int copied;
-
- if (!txb) {
- spin_unlock_irq(&tp->tx_lock);
- return -EFAULT;
- }
-
- copied = tx_buffer_copy(txb, &buf[offset], count,
- isuserbuffer);
- if (copied < 0) {
- /* An error occurred */
- spin_unlock_irq(&tp->tx_lock);
- return copied;
- }
- count -= copied;
- offset += copied;
-
- tx = &tp->tx->ring[i].req;
- tx->addr = virt_to_machine(txb->data).maddr;
- tx->size = txb->len;
- tx->unused = 0;
-
- /* Get the granttable reference for this page. */
- tx->ref = gnttab_claim_grant_reference(&gref_head);
- if (tx->ref == -ENOSPC) {
- spin_unlock_irq(&tp->tx_lock);
- return -ENOSPC;
- }
- gnttab_grant_foreign_access_ref(tx->ref,
- tp->backend_id,
- virt_to_mfn(txb->data),
- 0 /*RW*/);
- wmb();
- }
+ shr = tp->page;
+ offset = sizeof(*shr) + 4*shr->nr_extra_pages;
+
+ if (offset > PAGE_SIZE)
+ return -EIO;
+
+ if (offset + count > PAGE_SIZE)
+ count = PAGE_SIZE - offset;
+
+ memcpy(offset + (u8*)shr, buf, count);
+ shr->length = count;
+ barrier();
+ shr->state = VTPM_STATE_SUBMIT;
atomic_set(&tp->tx_busy, 1);
tp->tx_remember = remember;
- mb();
-
notify_remote_via_evtchn(tp->evtchn);
spin_unlock_irq(&tp->tx_lock);
@@ -667,12 +571,6 @@ static int __init tpmif_init(void)
if (!tp)
return -ENOMEM;
- if (gnttab_alloc_grant_references(TPMIF_TX_RING_SIZE,
- &gref_head) < 0) {
- tpm_private_put();
- return -EFAULT;
- }
-
return xenbus_register_frontend(&tpmfront_driver);
}
module_init(tpmif_init);
@@ -680,7 +578,6 @@ module_init(tpmif_init);
static void __exit tpmif_exit(void)
{
xenbus_unregister_driver(&tpmfront_driver);
- gnttab_free_grant_references(gref_head);
tpm_private_put();
}
module_exit(tpmif_exit);
diff --git a/include/xen/interface/io/tpmif.h b/include/xen/interface/io/tpmif.h
index c9e7294..2536337 100644
--- a/include/xen/interface/io/tpmif.h
+++ b/include/xen/interface/io/tpmif.h
@@ -1,7 +1,7 @@
/******************************************************************************
* tpmif.h
*
- * TPM I/O interface for Xen guest OSes.
+ * TPM I/O interface for Xen guest OSes, v2
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to
@@ -21,45 +21,30 @@
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*
- * Copyright (c) 2005, IBM Corporation
- *
- * Author: Stefan Berger, stefanb@us.ibm.com
- * Grant table support: Mahadevan Gomathisankaran
- *
- * This code has been derived from tools/libxc/xen/io/netif.h
- *
- * Copyright (c) 2003-2004, Keir Fraser
*/
#ifndef __XEN_PUBLIC_IO_TPMIF_H__
#define __XEN_PUBLIC_IO_TPMIF_H__
-#include "../grant_table.h"
-
-struct tpmif_tx_request {
- unsigned long addr; /* Machine address of packet. */
- grant_ref_t ref; /* grant table access reference */
- uint16_t unused;
- uint16_t size; /* Packet size in bytes. */
+enum vtpm_shared_page_state {
+ VTPM_STATE_IDLE, /* no contents / vTPM idle / cancel complete */
+ VTPM_STATE_SUBMIT, /* request ready / vTPM working */
+ VTPM_STATE_FINISH, /* response ready / vTPM idle */
+ VTPM_STATE_CANCEL, /* cancel requested / vTPM working */
};
-struct tpmif_tx_request;
+/* The backend should only change state to IDLE or FINISH, while the
+ * frontend should only change to SUBMIT or CANCEL. */
-/*
- * The TPMIF_TX_RING_SIZE defines the number of pages the
- * front-end and backend can exchange (= size of array).
- */
-#define TPMIF_TX_RING_SIZE 1
-/* This structure must fit in a memory page. */
+struct vtpm_shared_page {
+ uint32_t length; /* request/response length in bytes */
-struct tpmif_ring {
- struct tpmif_tx_request req;
-};
-struct tpmif_ring;
+ uint8_t state; /* enum vtpm_shared_page_state */
+ uint8_t locality; /* for the current request */
+ uint8_t pad;
-struct tpmif_tx_interface {
- struct tpmif_ring ring[TPMIF_TX_RING_SIZE];
+ uint8_t nr_extra_pages; /* extra pages for long packets; may be zero */
+ uint32_t extra_pages[0]; /* grant IDs; length is actually nr_extra_pages */
};
-struct tpmif_tx_interface;
#endif
--
1.8.1.4
^ permalink raw reply related [flat|nested] 25+ messages in thread* Re: [PATCH] drivers/tpm-xen: Change vTPM shared page ABI
2013-03-21 20:12 ` [PATCH] drivers/tpm-xen: Change vTPM shared page ABI Daniel De Graaf
@ 2013-03-22 8:26 ` Jan Beulich
2013-03-22 14:37 ` Daniel De Graaf
2013-03-22 12:41 ` Konrad Rzeszutek Wilk
1 sibling, 1 reply; 25+ messages in thread
From: Jan Beulich @ 2013-03-22 8:26 UTC (permalink / raw)
To: Matthew.Fioravante, Daniel De Graaf; +Cc: Ian.Campbell, xen-devel
>>> On 21.03.13 at 21:12, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote:
> --- a/include/xen/interface/io/tpmif.h
> +++ b/include/xen/interface/io/tpmif.h
> @@ -1,7 +1,7 @@
>
> /******************************************************************************
> * tpmif.h
> *
> - * TPM I/O interface for Xen guest OSes.
> + * TPM I/O interface for Xen guest OSes, v2
> *
> * Permission is hereby granted, free of charge, to any person obtaining a copy
> * of this software and associated documentation files (the "Software"), to
> @@ -21,45 +21,30 @@
> * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
> * DEALINGS IN THE SOFTWARE.
> *
> - * Copyright (c) 2005, IBM Corporation
> - *
> - * Author: Stefan Berger, stefanb@us.ibm.com
> - * Grant table support: Mahadevan Gomathisankaran
> - *
> - * This code has been derived from tools/libxc/xen/io/netif.h
> - *
> - * Copyright (c) 2003-2004, Keir Fraser
> */
>
> #ifndef __XEN_PUBLIC_IO_TPMIF_H__
> #define __XEN_PUBLIC_IO_TPMIF_H__
>
> -#include "../grant_table.h"
> -
> -struct tpmif_tx_request {
> - unsigned long addr; /* Machine address of packet. */
> - grant_ref_t ref; /* grant table access reference */
> - uint16_t unused;
> - uint16_t size; /* Packet size in bytes. */
> +enum vtpm_shared_page_state {
> + VTPM_STATE_IDLE, /* no contents / vTPM idle / cancel complete */
> + VTPM_STATE_SUBMIT, /* request ready / vTPM working */
> + VTPM_STATE_FINISH, /* response ready / vTPM idle */
> + VTPM_STATE_CANCEL, /* cancel requested / vTPM working */
> };
> -struct tpmif_tx_request;
> +/* The backend should only change state to IDLE or FINISH, while the
> + * frontend should only change to SUBMIT or CANCEL. */
>
> -/*
> - * The TPMIF_TX_RING_SIZE defines the number of pages the
> - * front-end and backend can exchange (= size of array).
> - */
> -#define TPMIF_TX_RING_SIZE 1
>
> -/* This structure must fit in a memory page. */
> +struct vtpm_shared_page {
> + uint32_t length; /* request/response length in bytes */
>
> -struct tpmif_ring {
> - struct tpmif_tx_request req;
> -};
> -struct tpmif_ring;
> + uint8_t state; /* enum vtpm_shared_page_state */
> + uint8_t locality; /* for the current request */
> + uint8_t pad;
>
> -struct tpmif_tx_interface {
> - struct tpmif_ring ring[TPMIF_TX_RING_SIZE];
> + uint8_t nr_extra_pages; /* extra pages for long packets; may be zero */
> + uint32_t extra_pages[0]; /* grant IDs; length is actually nr_extra_pages */
> };
> -struct tpmif_tx_interface;
>
> #endif
I'm relatively certain I said this before: For one, a patch to the
master copy of this header is going to be needed. And you can't
just rip out the old interface - existing consumers must continue
to build (and work, with an old interface counterpart).
Jan
^ permalink raw reply [flat|nested] 25+ messages in thread* Re: [PATCH] drivers/tpm-xen: Change vTPM shared page ABI
2013-03-22 8:26 ` Jan Beulich
@ 2013-03-22 14:37 ` Daniel De Graaf
2013-03-22 15:25 ` Jan Beulich
0 siblings, 1 reply; 25+ messages in thread
From: Daniel De Graaf @ 2013-03-22 14:37 UTC (permalink / raw)
To: Jan Beulich; +Cc: Matthew.Fioravante, Ian.Campbell, xen-devel
On 03/22/2013 04:26 AM, Jan Beulich wrote:
>>>> On 21.03.13 at 21:12, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote:
>> --- a/include/xen/interface/io/tpmif.h
>> +++ b/include/xen/interface/io/tpmif.h
>> @@ -1,7 +1,7 @@
>>
>> /******************************************************************************
>> * tpmif.h
>> *
>> - * TPM I/O interface for Xen guest OSes.
>> + * TPM I/O interface for Xen guest OSes, v2
>> *
>> * Permission is hereby granted, free of charge, to any person obtaining a copy
>> * of this software and associated documentation files (the "Software"), to
>> @@ -21,45 +21,30 @@
>> * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
>> * DEALINGS IN THE SOFTWARE.
>> *
>> - * Copyright (c) 2005, IBM Corporation
>> - *
>> - * Author: Stefan Berger, stefanb@us.ibm.com
>> - * Grant table support: Mahadevan Gomathisankaran
>> - *
>> - * This code has been derived from tools/libxc/xen/io/netif.h
>> - *
>> - * Copyright (c) 2003-2004, Keir Fraser
>> */
>>
>> #ifndef __XEN_PUBLIC_IO_TPMIF_H__
>> #define __XEN_PUBLIC_IO_TPMIF_H__
>>
>> -#include "../grant_table.h"
>> -
>> -struct tpmif_tx_request {
>> - unsigned long addr; /* Machine address of packet. */
>> - grant_ref_t ref; /* grant table access reference */
>> - uint16_t unused;
>> - uint16_t size; /* Packet size in bytes. */
>> +enum vtpm_shared_page_state {
>> + VTPM_STATE_IDLE, /* no contents / vTPM idle / cancel complete */
>> + VTPM_STATE_SUBMIT, /* request ready / vTPM working */
>> + VTPM_STATE_FINISH, /* response ready / vTPM idle */
>> + VTPM_STATE_CANCEL, /* cancel requested / vTPM working */
>> };
>> -struct tpmif_tx_request;
>> +/* The backend should only change state to IDLE or FINISH, while the
>> + * frontend should only change to SUBMIT or CANCEL. */
>>
>> -/*
>> - * The TPMIF_TX_RING_SIZE defines the number of pages the
>> - * front-end and backend can exchange (= size of array).
>> - */
>> -#define TPMIF_TX_RING_SIZE 1
>>
>> -/* This structure must fit in a memory page. */
>> +struct vtpm_shared_page {
>> + uint32_t length; /* request/response length in bytes */
>>
>> -struct tpmif_ring {
>> - struct tpmif_tx_request req;
>> -};
>> -struct tpmif_ring;
>> + uint8_t state; /* enum vtpm_shared_page_state */
>> + uint8_t locality; /* for the current request */
>> + uint8_t pad;
>>
>> -struct tpmif_tx_interface {
>> - struct tpmif_ring ring[TPMIF_TX_RING_SIZE];
>> + uint8_t nr_extra_pages; /* extra pages for long packets; may be zero */
>> + uint32_t extra_pages[0]; /* grant IDs; length is actually nr_extra_pages */
>> };
>> -struct tpmif_tx_interface;
>>
>> #endif
>
> I'm relatively certain I said this before: For one, a patch to the
> master copy of this header is going to be needed. And you can't
> just rip out the old interface - existing consumers must continue
> to build (and work, with an old interface counterpart).
>
> Jan
>
The master copy of the header was changed in the patch series that this
message was a reply to (in patch 01/12). The changes are identical
except for whitespace conversion.
Since the structure names between the v1 and v2 interfaces do not
collide, the new shared page definition can just be added to the header
instead of replacing the old definitions; I will do that in the next
version. The reason I did not do that in the current version is that the
old interface could not have any users as it is not yet in an upstream
kernel.
--
Daniel De Graaf
National Security Agency
^ permalink raw reply [flat|nested] 25+ messages in thread* Re: [PATCH] drivers/tpm-xen: Change vTPM shared page ABI
2013-03-22 14:37 ` Daniel De Graaf
@ 2013-03-22 15:25 ` Jan Beulich
2013-03-22 16:46 ` Daniel De Graaf
0 siblings, 1 reply; 25+ messages in thread
From: Jan Beulich @ 2013-03-22 15:25 UTC (permalink / raw)
To: Daniel De Graaf; +Cc: Matthew.Fioravante, Ian.Campbell, xen-devel
>>> On 22.03.13 at 15:37, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote:
> Since the structure names between the v1 and v2 interfaces do not
> collide, the new shared page definition can just be added to the header
> instead of replacing the old definitions; I will do that in the next
> version. The reason I did not do that in the current version is that the
> old interface could not have any users as it is not yet in an upstream
> kernel.
I.e. you ignored the drivers in linux-2.6.18-xen.hg?
Jan
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH] drivers/tpm-xen: Change vTPM shared page ABI
2013-03-22 15:25 ` Jan Beulich
@ 2013-03-22 16:46 ` Daniel De Graaf
0 siblings, 0 replies; 25+ messages in thread
From: Daniel De Graaf @ 2013-03-22 16:46 UTC (permalink / raw)
To: Jan Beulich; +Cc: Matthew.Fioravante, Ian.Campbell, xen-devel
On 03/22/2013 11:25 AM, Jan Beulich wrote:
>>>> On 22.03.13 at 15:37, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote:
>> Since the structure names between the v1 and v2 interfaces do not
>> collide, the new shared page definition can just be added to the header
>> instead of replacing the old definitions; I will do that in the next
>> version. The reason I did not do that in the current version is that the
>> old interface could not have any users as it is not yet in an upstream
>> kernel.
>
> I.e. you ignored the drivers in linux-2.6.18-xen.hg?
>
> Jan
>
Beyond the fact that those drivers are the basis for the Matthew's patch,
yes. The stub domains already in 4.3 have replaced the use of tpmback in
the Linux kernel.
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH] drivers/tpm-xen: Change vTPM shared page ABI
2013-03-21 20:12 ` [PATCH] drivers/tpm-xen: Change vTPM shared page ABI Daniel De Graaf
2013-03-22 8:26 ` Jan Beulich
@ 2013-03-22 12:41 ` Konrad Rzeszutek Wilk
2013-03-22 14:37 ` Daniel De Graaf
1 sibling, 1 reply; 25+ messages in thread
From: Konrad Rzeszutek Wilk @ 2013-03-22 12:41 UTC (permalink / raw)
To: Daniel De Graaf; +Cc: Matthew.Fioravante, Ian.Campbell, xen-devel
On Thu, Mar 21, 2013 at 04:12:27PM -0400, Daniel De Graaf wrote:
> This changes the vTPM shared page ABI from a copy of the Xen network
> interface to a single-page interface that better reflects the expected
> behavior of a TPM: only a single request packet can be sent at any given
> time, and every packet sent generates a single response packet.
What tree is this based on?
>
> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> ---
> drivers/char/tpm/xen-tpmfront_if.c | 219 ++++++++++---------------------------
> include/xen/interface/io/tpmif.h | 45 +++-----
> 2 files changed, 73 insertions(+), 191 deletions(-)
>
> diff --git a/drivers/char/tpm/xen-tpmfront_if.c b/drivers/char/tpm/xen-tpmfront_if.c
> index 649aee6..b1f95c0 100644
> --- a/drivers/char/tpm/xen-tpmfront_if.c
> +++ b/drivers/char/tpm/xen-tpmfront_if.c
> @@ -53,7 +53,7 @@
> struct tpm_private {
> struct tpm_chip *chip;
>
> - struct tpmif_tx_interface *tx;
> + struct vtpm_shared_page *page;
> atomic_t refcnt;
> unsigned int evtchn;
> u8 is_connected;
> @@ -61,8 +61,6 @@ struct tpm_private {
>
> spinlock_t tx_lock;
>
> - struct tx_buffer *tx_buffers[TPMIF_TX_RING_SIZE];
> -
> atomic_t tx_busy;
> void *tx_remember;
>
> @@ -73,15 +71,7 @@ struct tpm_private {
> int ring_ref;
> };
>
> -struct tx_buffer {
> - unsigned int size; /* available space in data */
> - unsigned int len; /* used space in data */
> - unsigned char *data; /* pointer to a page */
> -};
> -
> -
> /* locally visible variables */
> -static grant_ref_t gref_head;
> static struct tpm_private *my_priv;
>
> /* local function prototypes */
> @@ -92,8 +82,6 @@ static int tpmif_connect(struct xenbus_device *dev,
> struct tpm_private *tp,
> domid_t domid);
> static DECLARE_TASKLET(tpmif_rx_tasklet, tpmif_rx_action, 0);
> -static int tpmif_allocate_tx_buffers(struct tpm_private *tp);
> -static void tpmif_free_tx_buffers(struct tpm_private *tp);
> static void tpmif_set_connected_state(struct tpm_private *tp,
> u8 newstate);
> static int tpm_xmit(struct tpm_private *tp,
> @@ -101,52 +89,6 @@ static int tpm_xmit(struct tpm_private *tp,
> void *remember);
> static void destroy_tpmring(struct tpm_private *tp);
>
> -static inline int
> -tx_buffer_copy(struct tx_buffer *txb, const u8 *src, int len,
> - int isuserbuffer)
> -{
> - int copied = len;
> -
> - if (len > txb->size)
> - copied = txb->size;
> - if (isuserbuffer) {
> - if (copy_from_user(txb->data, src, copied))
> - return -EFAULT;
> - } else {
> - memcpy(txb->data, src, copied);
> - }
> - txb->len = len;
> - return copied;
> -}
> -
> -static inline struct tx_buffer *tx_buffer_alloc(void)
> -{
> - struct tx_buffer *txb;
> -
> - txb = kzalloc(sizeof(struct tx_buffer), GFP_KERNEL);
> - if (!txb)
> - return NULL;
> -
> - txb->len = 0;
> - txb->size = PAGE_SIZE;
> - txb->data = (unsigned char *)__get_free_page(GFP_KERNEL);
> - if (txb->data == NULL) {
> - kfree(txb);
> - txb = NULL;
> - }
> -
> - return txb;
> -}
> -
> -
> -static inline void tx_buffer_free(struct tx_buffer *txb)
> -{
> - if (txb) {
> - free_page((long)txb->data);
> - kfree(txb);
> - }
> -}
> -
> /**************************************************************
> Utility function for the tpm_private structure
> **************************************************************/
> @@ -162,15 +104,12 @@ static void tpm_private_put(void)
> if (!atomic_dec_and_test(&my_priv->refcnt))
> return;
>
> - tpmif_free_tx_buffers(my_priv);
> kfree(my_priv);
> my_priv = NULL;
> }
>
> static struct tpm_private *tpm_private_get(void)
> {
> - int err;
> -
> if (my_priv) {
> atomic_inc(&my_priv->refcnt);
> return my_priv;
> @@ -181,9 +120,6 @@ static struct tpm_private *tpm_private_get(void)
> return NULL;
>
> tpm_private_init(my_priv);
> - err = tpmif_allocate_tx_buffers(my_priv);
> - if (err < 0)
> - tpm_private_put();
>
> return my_priv;
> }
> @@ -218,22 +154,22 @@ int vtpm_vd_send(struct tpm_private *tp,
> static int setup_tpmring(struct xenbus_device *dev,
> struct tpm_private *tp)
> {
> - struct tpmif_tx_interface *sring;
> + struct vtpm_shared_page *sring;
> int err;
>
> tp->ring_ref = GRANT_INVALID_REF;
>
> - sring = (void *)__get_free_page(GFP_KERNEL);
> + sring = (void *)__get_free_page(GFP_KERNEL|__GFP_ZERO);
> if (!sring) {
> xenbus_dev_fatal(dev, -ENOMEM, "allocating shared ring");
> return -ENOMEM;
> }
> - tp->tx = sring;
> + tp->page = sring;
>
> - err = xenbus_grant_ring(dev, virt_to_mfn(tp->tx));
> + err = xenbus_grant_ring(dev, virt_to_mfn(tp->page));
> if (err < 0) {
> free_page((unsigned long)sring);
> - tp->tx = NULL;
> + tp->page = NULL;
> xenbus_dev_fatal(dev, err, "allocating grant reference");
> goto fail;
> }
> @@ -256,9 +192,9 @@ static void destroy_tpmring(struct tpm_private *tp)
>
> if (tp->ring_ref != GRANT_INVALID_REF) {
> gnttab_end_foreign_access(tp->ring_ref,
> - 0, (unsigned long)tp->tx);
> + 0, (unsigned long)tp->page);
> tp->ring_ref = GRANT_INVALID_REF;
> - tp->tx = NULL;
> + tp->page = NULL;
> }
>
> if (tp->evtchn)
> @@ -302,6 +238,13 @@ again:
> goto abort_transaction;
> }
>
> + err = xenbus_printf(xbt, dev->nodename, "feature-protocol-v2", "1");
> + if (err) {
> + message = "writing feature-protocol-v2";
> + goto abort_transaction;
> + }
> +
> +
> err = xenbus_transaction_end(xbt, 0);
> if (err == -EAGAIN)
> goto again;
> @@ -331,6 +274,7 @@ static void backend_changed(struct xenbus_device *dev,
> enum xenbus_state backend_state)
> {
> struct tpm_private *tp = tpm_private_from_dev(&dev->dev);
> + int val;
>
> switch (backend_state) {
> case XenbusStateInitialising:
> @@ -342,7 +286,14 @@ static void backend_changed(struct xenbus_device *dev,
> break;
>
> case XenbusStateConnected:
> - tpmif_set_connected_state(tp, 1);
> + if (xenbus_scanf(XBT_NIL, dev->otherend,
> + "feature-protocol-v2", "%d", &val) < 0)
> + val = 0;
> + if (val)
> + tpmif_set_connected_state(tp, 1);
> + else
> + xenbus_dev_fatal(dev, -EINVAL,
> + "vTPM protocol 2 required");
> break;
>
> case XenbusStateClosing:
> @@ -470,62 +421,41 @@ static DEFINE_XENBUS_DRIVER(tpmfront, ,
> .suspend = tpmfront_suspend,
> );
>
> -static int tpmif_allocate_tx_buffers(struct tpm_private *tp)
> -{
> - unsigned int i;
> -
> - for (i = 0; i < TPMIF_TX_RING_SIZE; i++) {
> - tp->tx_buffers[i] = tx_buffer_alloc();
> - if (!tp->tx_buffers[i]) {
> - tpmif_free_tx_buffers(tp);
> - return -ENOMEM;
> - }
> - }
> - return 0;
> -}
> -
> -static void tpmif_free_tx_buffers(struct tpm_private *tp)
> -{
> - unsigned int i;
> -
> - for (i = 0; i < TPMIF_TX_RING_SIZE; i++)
> - tx_buffer_free(tp->tx_buffers[i]);
> -}
> -
> static void tpmif_rx_action(unsigned long priv)
> {
> struct tpm_private *tp = (struct tpm_private *)priv;
> - int i = 0;
> unsigned int received;
> unsigned int offset = 0;
> u8 *buffer;
> - struct tpmif_tx_request *tx = &tp->tx->ring[i].req;
> + struct vtpm_shared_page *shr = tp->page;
> + int state = shr->state;
> +
> + switch (state) {
> + case VTPM_STATE_IDLE:
> + received = 0;
> + break;
> + case VTPM_STATE_FINISH:
> + received = shr->length;
> + break;
> + default:
> + return;
> + }
>
> atomic_set(&tp->tx_busy, 0);
> wake_up_interruptible(&tp->wait_q);
>
> - received = tx->size;
> + offset = sizeof(*shr) + 4*shr->nr_extra_pages;
> +
> + if (offset > PAGE_SIZE || offset + received > PAGE_SIZE) {
> + printk(KERN_WARNING "tpmif_rx_action packet too large\n");
> + return;
> + }
>
> buffer = kmalloc(received, GFP_ATOMIC);
> if (!buffer)
> return;
>
> - for (i = 0; i < TPMIF_TX_RING_SIZE && offset < received; i++) {
> - struct tx_buffer *txb = tp->tx_buffers[i];
> - struct tpmif_tx_request *tx;
> - unsigned int tocopy;
> -
> - tx = &tp->tx->ring[i].req;
> - tocopy = tx->size;
> - if (tocopy > PAGE_SIZE)
> - tocopy = PAGE_SIZE;
> -
> - memcpy(&buffer[offset], txb->data, tocopy);
> -
> - gnttab_release_grant_reference(&gref_head, tx->ref);
> -
> - offset += tocopy;
> - }
> + memcpy(buffer, offset + (u8*)shr, received);
>
> vtpm_vd_recv(tp->chip, buffer, received, tp->tx_remember);
> kfree(buffer);
> @@ -550,8 +480,7 @@ static int tpm_xmit(struct tpm_private *tp,
> const u8 *buf, size_t count, int isuserbuffer,
> void *remember)
> {
> - struct tpmif_tx_request *tx;
> - int i;
> + struct vtpm_shared_page *shr;
> unsigned int offset = 0;
>
> spin_lock_irq(&tp->tx_lock);
> @@ -566,48 +495,23 @@ static int tpm_xmit(struct tpm_private *tp,
> return -EIO;
> }
>
> - for (i = 0; count > 0 && i < TPMIF_TX_RING_SIZE; i++) {
> - struct tx_buffer *txb = tp->tx_buffers[i];
> - int copied;
> -
> - if (!txb) {
> - spin_unlock_irq(&tp->tx_lock);
> - return -EFAULT;
> - }
> -
> - copied = tx_buffer_copy(txb, &buf[offset], count,
> - isuserbuffer);
> - if (copied < 0) {
> - /* An error occurred */
> - spin_unlock_irq(&tp->tx_lock);
> - return copied;
> - }
> - count -= copied;
> - offset += copied;
> -
> - tx = &tp->tx->ring[i].req;
> - tx->addr = virt_to_machine(txb->data).maddr;
> - tx->size = txb->len;
> - tx->unused = 0;
> -
> - /* Get the granttable reference for this page. */
> - tx->ref = gnttab_claim_grant_reference(&gref_head);
> - if (tx->ref == -ENOSPC) {
> - spin_unlock_irq(&tp->tx_lock);
> - return -ENOSPC;
> - }
> - gnttab_grant_foreign_access_ref(tx->ref,
> - tp->backend_id,
> - virt_to_mfn(txb->data),
> - 0 /*RW*/);
> - wmb();
> - }
> + shr = tp->page;
> + offset = sizeof(*shr) + 4*shr->nr_extra_pages;
> +
> + if (offset > PAGE_SIZE)
> + return -EIO;
> +
> + if (offset + count > PAGE_SIZE)
> + count = PAGE_SIZE - offset;
> +
> + memcpy(offset + (u8*)shr, buf, count);
> + shr->length = count;
> + barrier();
> + shr->state = VTPM_STATE_SUBMIT;
>
> atomic_set(&tp->tx_busy, 1);
> tp->tx_remember = remember;
>
> - mb();
> -
> notify_remote_via_evtchn(tp->evtchn);
>
> spin_unlock_irq(&tp->tx_lock);
> @@ -667,12 +571,6 @@ static int __init tpmif_init(void)
> if (!tp)
> return -ENOMEM;
>
> - if (gnttab_alloc_grant_references(TPMIF_TX_RING_SIZE,
> - &gref_head) < 0) {
> - tpm_private_put();
> - return -EFAULT;
> - }
> -
> return xenbus_register_frontend(&tpmfront_driver);
> }
> module_init(tpmif_init);
> @@ -680,7 +578,6 @@ module_init(tpmif_init);
> static void __exit tpmif_exit(void)
> {
> xenbus_unregister_driver(&tpmfront_driver);
> - gnttab_free_grant_references(gref_head);
> tpm_private_put();
> }
> module_exit(tpmif_exit);
> diff --git a/include/xen/interface/io/tpmif.h b/include/xen/interface/io/tpmif.h
> index c9e7294..2536337 100644
> --- a/include/xen/interface/io/tpmif.h
> +++ b/include/xen/interface/io/tpmif.h
> @@ -1,7 +1,7 @@
> /******************************************************************************
> * tpmif.h
> *
> - * TPM I/O interface for Xen guest OSes.
> + * TPM I/O interface for Xen guest OSes, v2
> *
> * Permission is hereby granted, free of charge, to any person obtaining a copy
> * of this software and associated documentation files (the "Software"), to
> @@ -21,45 +21,30 @@
> * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
> * DEALINGS IN THE SOFTWARE.
> *
> - * Copyright (c) 2005, IBM Corporation
> - *
> - * Author: Stefan Berger, stefanb@us.ibm.com
> - * Grant table support: Mahadevan Gomathisankaran
> - *
> - * This code has been derived from tools/libxc/xen/io/netif.h
> - *
> - * Copyright (c) 2003-2004, Keir Fraser
> */
>
> #ifndef __XEN_PUBLIC_IO_TPMIF_H__
> #define __XEN_PUBLIC_IO_TPMIF_H__
>
> -#include "../grant_table.h"
> -
> -struct tpmif_tx_request {
> - unsigned long addr; /* Machine address of packet. */
> - grant_ref_t ref; /* grant table access reference */
> - uint16_t unused;
> - uint16_t size; /* Packet size in bytes. */
> +enum vtpm_shared_page_state {
> + VTPM_STATE_IDLE, /* no contents / vTPM idle / cancel complete */
> + VTPM_STATE_SUBMIT, /* request ready / vTPM working */
> + VTPM_STATE_FINISH, /* response ready / vTPM idle */
> + VTPM_STATE_CANCEL, /* cancel requested / vTPM working */
> };
> -struct tpmif_tx_request;
> +/* The backend should only change state to IDLE or FINISH, while the
> + * frontend should only change to SUBMIT or CANCEL. */
>
> -/*
> - * The TPMIF_TX_RING_SIZE defines the number of pages the
> - * front-end and backend can exchange (= size of array).
> - */
> -#define TPMIF_TX_RING_SIZE 1
>
> -/* This structure must fit in a memory page. */
> +struct vtpm_shared_page {
> + uint32_t length; /* request/response length in bytes */
>
> -struct tpmif_ring {
> - struct tpmif_tx_request req;
> -};
> -struct tpmif_ring;
> + uint8_t state; /* enum vtpm_shared_page_state */
> + uint8_t locality; /* for the current request */
> + uint8_t pad;
>
> -struct tpmif_tx_interface {
> - struct tpmif_ring ring[TPMIF_TX_RING_SIZE];
> + uint8_t nr_extra_pages; /* extra pages for long packets; may be zero */
> + uint32_t extra_pages[0]; /* grant IDs; length is actually nr_extra_pages */
> };
> -struct tpmif_tx_interface;
>
> #endif
> --
> 1.8.1.4
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel
>
^ permalink raw reply [flat|nested] 25+ messages in thread* Re: [PATCH] drivers/tpm-xen: Change vTPM shared page ABI
2013-03-22 12:41 ` Konrad Rzeszutek Wilk
@ 2013-03-22 14:37 ` Daniel De Graaf
0 siblings, 0 replies; 25+ messages in thread
From: Daniel De Graaf @ 2013-03-22 14:37 UTC (permalink / raw)
To: Konrad Rzeszutek Wilk; +Cc: Matthew.Fioravante, Ian.Campbell, xen-devel
On 03/22/2013 08:41 AM, Konrad Rzeszutek Wilk wrote:
> On Thu, Mar 21, 2013 at 04:12:27PM -0400, Daniel De Graaf wrote:
>> This changes the vTPM shared page ABI from a copy of the Xen network
>> interface to a single-page interface that better reflects the expected
>> behavior of a TPM: only a single request packet can be sent at any given
>> time, and every packet sent generates a single response packet.
>
> What tree is this based on?
This is based off of Matthew Fioravante's latest xen-tpmfront.ko patch:
http://lists.xen.org/archives/html/xen-devel/2012-11/msg01041.html
To build on kernel 3.8, this patch needs __devexit references removed
(as below); I assume this will be addressed when the other issues you
raised when reviewing that patch are fixed.
---
diff --git a/drivers/char/tpm/xen-tpmfront_if.c b/drivers/char/tpm/xen-tpmfront_if.c
index ba7fad8..649aee6 100644
--- a/drivers/char/tpm/xen-tpmfront_if.c
+++ b/drivers/char/tpm/xen-tpmfront_if.c
@@ -395,7 +395,7 @@ static int tpmfront_probe(struct xenbus_device *dev,
}
-static int __devexit tpmfront_remove(struct xenbus_device *dev)
+static int tpmfront_remove(struct xenbus_device *dev)
{
struct tpm_private *tp = tpm_private_from_dev(&dev->dev);
destroy_tpmring(tp);
@@ -464,7 +464,7 @@ MODULE_ALIAS("xen:vtpm");
static DEFINE_XENBUS_DRIVER(tpmfront, ,
.probe = tpmfront_probe,
- .remove = __devexit_p(tpmfront_remove),
+ .remove = tpmfront_remove,
.resume = tpmfront_resume,
.otherend_changed = backend_changed,
.suspend = tpmfront_suspend,
^ permalink raw reply related [flat|nested] 25+ messages in thread
* Re: [PATCH v5 00/12] vTPM updates for 4.3
2013-03-21 20:11 [PATCH v5 00/12] vTPM updates for 4.3 Daniel De Graaf
` (12 preceding siblings ...)
2013-03-21 20:12 ` [PATCH] drivers/tpm-xen: Change vTPM shared page ABI Daniel De Graaf
@ 2013-04-12 13:42 ` Ian Campbell
13 siblings, 0 replies; 25+ messages in thread
From: Ian Campbell @ 2013-04-12 13:42 UTC (permalink / raw)
To: Daniel De Graaf; +Cc: Matthew.Fioravante@jhuapl.edu, xen-devel@lists.xen.org
On Thu, 2013-03-21 at 20:11 +0000, Daniel De Graaf wrote:
[...]
Looks like Samuel has already acked all the non-tpm mini-os bits so I've
applied v5.2 of 01/12 from
<1365697225-16476-1-git-send-email-dgdegra@tycho.nsa.gov> plus patches
2..11 here (#12 I applied earlier)
Ian.
^ permalink raw reply [flat|nested] 25+ messages in thread