Data transfer to/from hardware TPM devices is not always fully reliable.
The existing driver code contains already many checks to detect
corrupted data (e.g. unexpected register values, CRC failures, etc.) and
usually returns EIO in such cases. This series adds automatic retries to
the command/response transmission in tpm_tis_send/tpm_tis_recv, so that
occasional communication errors do not cause the command execution to
fail and the perceived reliability of the TPM device is increased.
v2:
* Remove Change-Ids accidentially left in commit messages
Alexander Steffen (4):
tpm_tis: Explicitly check for error code
tpm_tis: Move CRC check to generic send routine
tpm_tis: Use responseRetry to recover from data transfer errors
tpm_tis: Resend command to recover from data transfer errors
drivers/char/tpm/tpm_tis_core.c | 73 +++++++++++++++++++++++++--------
drivers/char/tpm/tpm_tis_core.h | 1 +
2 files changed, 56 insertions(+), 18 deletions(-)
--
2.34.1
recv_data either returns the number of received bytes, or a negative value
representing an error code. Adding the return value directly to the total
number of received bytes therefore looks a little weird, since it might add
a negative error code to a sum of bytes.
The following check for size < expected usually makes the function return
ETIME in that case, so it does not cause too many problems in practice. But
to make the code look cleaner and because the caller might still be
interested in the original error code, explicitly check for the presence of
an error code and pass that through.
Signed-off-by: Alexander Steffen <[email protected]>
---
drivers/char/tpm/tpm_tis_core.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index 558144fa707a..aaaa136044ae 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -363,8 +363,13 @@ static int tpm_tis_recv(struct tpm_chip *chip, u8 *buf, size_t count)
goto out;
}
- size += recv_data(chip, &buf[TPM_HEADER_SIZE],
- expected - TPM_HEADER_SIZE);
+ rc = recv_data(chip, &buf[TPM_HEADER_SIZE],
+ expected - TPM_HEADER_SIZE);
+ if (rc < 0) {
+ size = rc;
+ goto out;
+ }
+ size += rc;
if (size < expected) {
dev_err(&chip->dev, "Unable to read remainder of result\n");
size = -ETIME;
--
2.34.1
On Mon Jun 5, 2023 at 8:59 PM EEST, Alexander Steffen wrote:
> recv_data either returns the number of received bytes, or a negative value
> representing an error code. Adding the return value directly to the total
> number of received bytes therefore looks a little weird, since it might add
> a negative error code to a sum of bytes.
>
> The following check for size < expected usually makes the function return
> ETIME in that case, so it does not cause too many problems in practice. But
> to make the code look cleaner and because the caller might still be
> interested in the original error code, explicitly check for the presence of
> an error code and pass that through.
>
Cc: [email protected]
Fixes: cb5354253af2 ("[PATCH] tpm: spacing cleanups 2")
> Signed-off-by: Alexander Steffen <[email protected]>
> ---
> drivers/char/tpm/tpm_tis_core.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
> index 558144fa707a..aaaa136044ae 100644
> --- a/drivers/char/tpm/tpm_tis_core.c
> +++ b/drivers/char/tpm/tpm_tis_core.c
> @@ -363,8 +363,13 @@ static int tpm_tis_recv(struct tpm_chip *chip, u8 *buf, size_t count)
> goto out;
> }
>
> - size += recv_data(chip, &buf[TPM_HEADER_SIZE],
> - expected - TPM_HEADER_SIZE);
> + rc = recv_data(chip, &buf[TPM_HEADER_SIZE],
> + expected - TPM_HEADER_SIZE);
> + if (rc < 0) {
> + size = rc;
> + goto out;
> + }
> + size += rc;
> if (size < expected) {
> dev_err(&chip->dev, "Unable to read remainder of result\n");
> size = -ETIME;
> --
> 2.34.1
BR, Jarkko