2005-05-12 22:20:51

by Kylene Jo Hall

[permalink] [raw]
Subject: [PATCH] tpm: improve output in sysfs files when the TPM fails

When the TPM is in a disabled or deactivated state the sysfs pcrs and
pubek files will appear empty. To remove any confusion this might cause,
the files will instead contain the error the TPM returned (also indicative
of what state the TPM is in and what actions might be needed to change
that state).

Signed-off-by: Kylene Hall <[email protected]>
---
diff -uprN linux-2.6.12-rc3/drivers/char/tpm/tpm.c /home/kylie/kernel/linux-2.6.12-rc3-tpmdd/drivers/char/tpm/tpm.c
--- linux-2.6.12-rc3/drivers/char/tpm/tpm.c 2005-05-12 18:03:43.000000000 -0500
+++ /home/kylie/kernel/linux-2.6.12-rc3-tpmdd/drivers/char/tpm/tpm.c 2005-05-12 17:40:26.000000000 -0500
@@ -212,8 +183,11 @@ ssize_t tpm_show_pcrs(struct device *dev

memcpy(data, cap_pcr, sizeof(cap_pcr));
if ((len = tpm_transmit(chip, data, sizeof(data)))
- < CAP_PCR_RESULT_SIZE)
- return len;
+ < CAP_PCR_RESULT_SIZE) {
+ str += sprintf( str, "TPM ERROR: %d\n",
+ be32_to_cpu(*((__be32 *) (data + 6))));
+ goto out;
+ }

num_pcrs = be32_to_cpu(*((__be32 *) (data + 14)));

@@ -222,13 +196,17 @@ ssize_t tpm_show_pcrs(struct device *dev
index = cpu_to_be32(i);
memcpy(data + 10, &index, 4);
if ((len = tpm_transmit(chip, data, sizeof(data)))
- < READ_PCR_RESULT_SIZE)
- return len;
+ < READ_PCR_RESULT_SIZE){
+ str += sprintf( str, "TPM ERROR: %d\n",
+ be32_to_cpu(*((__be32 *) (data + 6))));
+ goto out;
+ }
str += sprintf(str, "PCR-%02d: ", i);
for (j = 0; j < TPM_DIGEST_SIZE; j++)
str += sprintf(str, "%02X ", *(data + 10 + j));
str += sprintf(str, "\n");
}
+out:
return str - buf;
}

@@ -262,7 +240,8 @@ ssize_t tpm_show_pubek(struct device *de

if ((len = tpm_transmit(chip, data, READ_PUBEK_RESULT_SIZE)) <
READ_PUBEK_RESULT_SIZE) {
- rc = len;
+ str += sprintf( str, "TPM ERROR: %d\n",
+ be32_to_cpu(*((__be32 *) (data + 6))));
goto out;
}

@@ -294,8 +273,8 @@ ssize_t tpm_show_pubek(struct device *de
if ((i + 1) % 16 == 0)
str += sprintf(str, "\n");
}
- rc = str - buf;
out:
+ rc = str - buf;
kfree(data);
return rc;
}


2005-05-12 22:55:53

by Greg KH

[permalink] [raw]
Subject: Re: [PATCH] tpm: improve output in sysfs files when the TPM fails

On Thu, May 12, 2005 at 05:20:22PM -0500, Kylene Hall wrote:
> When the TPM is in a disabled or deactivated state the sysfs pcrs and
> pubek files will appear empty. To remove any confusion this might cause,
> the files will instead contain the error the TPM returned (also indicative
> of what state the TPM is in and what actions might be needed to change
> that state).

No, sysfs files are not error logs. Please use the standard system wide
error log for this (syslog).

Why not just change the mode of the sysfs file instead, or delete it
entirely in this case?

thanks,

greg k-h

2005-05-13 19:39:52

by Kylene Jo Hall

[permalink] [raw]
Subject: Re: [PATCH] tpm: improve output in sysfs files when the TPM fails

On Thu, 12 May 2005, Greg KH wrote:
> On Thu, May 12, 2005 at 05:20:22PM -0500, Kylene Hall wrote:
> > When the TPM is in a disabled or deactivated state the sysfs pcrs and
> > pubek files will appear empty. To remove any confusion this might cause,
> > the files will instead contain the error the TPM returned (also indicative
> > of what state the TPM is in and what actions might be needed to change
> > that state).
>
> No, sysfs files are not error logs. Please use the standard system wide
> error log for this (syslog).
>
> Why not just change the mode of the sysfs file instead, or delete it
> entirely in this case?

Ok, instead of putting error information in the sysfs file this new patch
will put an error entry in syslog. The sysfs files can't easily be
removed in these cases as the driver does not know this information and it
can be changed by commands sent to the TPM from userspace.

Signed-off-by: Kylene Hall <[email protected]>
---
diff -uprN linux-2.6.12-rc3/drivers/char/tpm/tpm.c /home/kylie/kernel/linux-2.6.12-rc3-tpmdd/drivers/char/tpm/tpm.c
--- linux-2.6.12-rc3/drivers/char/tpm/tpm.c 2005-05-12 18:03:43.000000000 -0500
+++ /home/kylie/kernel/linux-2.6.12-rc3-tpmdd/drivers/char/tpm/tpm.c 2005-05-13 13:43:52.000000000 -0500
@@ -212,8 +183,11 @@ ssize_t tpm_show_pcrs(struct device *dev

memcpy(data, cap_pcr, sizeof(cap_pcr));
if ((len = tpm_transmit(chip, data, sizeof(data)))
- < CAP_PCR_RESULT_SIZE)
- return len;
+ < CAP_PCR_RESULT_SIZE) {
+ dev_err(&chip->pci_dev->dev, "A TPM error (%d) occurred attempting to determine the number of PCRS\n",
+ be32_to_cpu(*((__be32 *) (data + 6))));
+ return 0;
+ }

num_pcrs = be32_to_cpu(*((__be32 *) (data + 14)));

@@ -222,13 +196,17 @@ ssize_t tpm_show_pcrs(struct device *dev
index = cpu_to_be32(i);
memcpy(data + 10, &index, 4);
if ((len = tpm_transmit(chip, data, sizeof(data)))
- < READ_PCR_RESULT_SIZE)
- return len;
+ < READ_PCR_RESULT_SIZE){
+ dev_err(&chip->pci_dev->dev, "A TPM error (%d) occurred attempting to read PCR %d of %d\n",
+ be32_to_cpu(*((__be32 *) (data + 6))), i, num_pcrs);
+ goto out;
+ }
str += sprintf(str, "PCR-%02d: ", i);
for (j = 0; j < TPM_DIGEST_SIZE; j++)
str += sprintf(str, "%02X ", *(data + 10 + j));
str += sprintf(str, "\n");
}
+out:
return str - buf;
}

@@ -262,8 +240,9 @@ ssize_t tpm_show_pubek(struct device *de

if ((len = tpm_transmit(chip, data, READ_PUBEK_RESULT_SIZE)) <
READ_PUBEK_RESULT_SIZE) {
- rc = len;
- goto out;
+ dev_err(&chip->pci_dev->dev, "A TPM error (%d) occurred attempting to read the PUBEK\n",
+ be32_to_cpu(*((__be32 *) (data + 6))));
+ return 0;
}

/*
@@ -295,7 +274,6 @@ ssize_t tpm_show_pubek(struct device *de
str += sprintf(str, "\n");
}
rc = str - buf;
-out:
kfree(data);
return rc;
}

2005-05-14 05:30:49

by Andrew Morton

[permalink] [raw]
Subject: Re: [PATCH] tpm: improve output in sysfs files when the TPM fails

Kylene Hall <[email protected]> wrote:
>
> On Thu, 12 May 2005, Greg KH wrote:
> > On Thu, May 12, 2005 at 05:20:22PM -0500, Kylene Hall wrote:
> > > When the TPM is in a disabled or deactivated state the sysfs pcrs and
> > > pubek files will appear empty. To remove any confusion this might cause,
> > > the files will instead contain the error the TPM returned (also indicative
> > > of what state the TPM is in and what actions might be needed to change
> > > that state).
> >
> > No, sysfs files are not error logs. Please use the standard system wide
> > error log for this (syslog).
> >
> > Why not just change the mode of the sysfs file instead, or delete it
> > entirely in this case?
>
> Ok, instead of putting error information in the sysfs file this new patch
> will put an error entry in syslog. The sysfs files can't easily be
> removed in these cases as the driver does not know this information and it
> can be changed by commands sent to the TPM from userspace.

Will this change permit unprivileged users to create large amounts of
syslog output? If so, this is considered poor form.

IOW: please confirm that the relevant sysfs files are root-read-only?

2005-05-16 17:42:01

by Kylene Jo Hall

[permalink] [raw]
Subject: Re: [PATCH] tpm: improve output in sysfs files when the TPM fails

On Fri, 13 May 2005, Andrew Morton wrote:

> Kylene Hall <[email protected]> wrote:
> >
> > On Thu, 12 May 2005, Greg KH wrote:
> > > On Thu, May 12, 2005 at 05:20:22PM -0500, Kylene Hall wrote:
> > > > When the TPM is in a disabled or deactivated state the sysfs pcrs and
> > > > pubek files will appear empty. To remove any confusion this might cause,
> > > > the files will instead contain the error the TPM returned (also indicative
> > > > of what state the TPM is in and what actions might be needed to change
> > > > that state).
> > >
> > > No, sysfs files are not error logs. Please use the standard system wide
> > > error log for this (syslog).
> > >
> > > Why not just change the mode of the sysfs file instead, or delete it
> > > entirely in this case?
> >
> > Ok, instead of putting error information in the sysfs file this new patch
> > will put an error entry in syslog. The sysfs files can't easily be
> > removed in these cases as the driver does not know this information and it
> > can be changed by commands sent to the TPM from userspace.
>
> Will this change permit unprivileged users to create large amounts of
> syslog output? If so, this is considered poor form.
>
> IOW: please confirm that the relevant sysfs files are root-read-only?
>
>

Please back this patch out since it is undesirable to use the sysfs
file or syslog for the error reporting for various reasons and is
desirable to keep the files not root-read-only. The status of the TPM can
be gleaned from other sources.

Thanks,
Kylie