Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751297AbcJJEp6 (ORCPT ); Mon, 10 Oct 2016 00:45:58 -0400 Received: from mga02.intel.com ([134.134.136.20]:59369 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750846AbcJJEp5 (ORCPT ); Mon, 10 Oct 2016 00:45:57 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,470,1473145200"; d="scan'208";a="1068306705" Date: Mon, 10 Oct 2016 07:45:08 +0300 From: Jarkko Sakkinen To: Jason Gunthorpe Cc: Peter Huewe , Marcel Selhorst , "moderated list:TPM DEVICE DRIVER" , open list Subject: Re: [PATCH RFC 1/3] tpm_crb: expand struct crb_control_area to struct crb_regs Message-ID: <20161010044508.GA5920@intel.com> References: <1475972112-2819-1-git-send-email-jarkko.sakkinen@linux.intel.com> <1475972112-2819-2-git-send-email-jarkko.sakkinen@linux.intel.com> <20161009014256.GA8210@obsidianresearch.com> <20161009093818.GG31891@intel.com> <20161009164905.GA12551@obsidianresearch.com> <20161009183232.GA27764@intel.com> <20161009183358.GB27764@intel.com> <20161009230737.GA23823@obsidianresearch.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20161009230737.GA23823@obsidianresearch.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1992 Lines: 48 On Sun, Oct 09, 2016 at 05:07:37PM -0600, Jason Gunthorpe wrote: > On Sun, Oct 09, 2016 at 09:33:58PM +0300, Jarkko Sakkinen wrote: > > > > Sorry I missed this part. > > > > > > Here are the constraints for existing hardware: > > > > > > 1. All the existing CRB start only hardware has the iomem covering the > > > control area and registers for multiple localities. > > > 2. All the existing ACPI start hardware has only the control area. > > > > > > If you assume that SSDT does not have malicous behavior caused by either > > > a BIOS bug or maybe a rootkit, then the current patch works for all the > > > existing hardware. > > > > > > To counter-measure for unexpected behavior in non-existing hardware and > > > buggy or malicious firmware it probably make sense to use crb_map_res to > > > validate the part of the CRB registers that is not part of the control > > > area. > > I don't know how much I'd assume BIOS authors do what you think - the > spec I saw for this seems very vauge. > > Certainly checking that locality region falls within the acpi mapping > seems essential. > > > > Doing it in the way you proposed does not work for ACPI start devices. > > > > > > For them it should be done in the same way as I'm doing in the existing > > > patch as for ACPI start devices the address below the control area are > > > never accessed. Having a separate crb_map_res for CRB start only devices > > > is sane thing to do for validation. > > > > Alternative is to do two structures crb_regs_head and crb_regs_tail, > > which might be cleaner. I'm fine with going either route. > > Since the iomem doesn't actually exist for a configuration having two > pointers is the better choice. Make sure one is null for the > configuration that does not support it. > > The negative offset thing is way too subtle. Yeah, I do agree with you on this. Even if it was functionalliy correct, it is hard to understand if you don't proactively work on the driver. > Jason /Jarkko