Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751297AbcJJEp6 (ORCPT <rfc822;w@1wt.eu>);
        Mon, 10 Oct 2016 00:45:58 -0400
Received: from mga02.intel.com ([134.134.136.20]:59369 "EHLO mga02.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1750846AbcJJEp5 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 10 Oct 2016 00:45:57 -0400
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.31,470,1473145200"; 
   d="scan'208";a="1068306705"
Date: Mon, 10 Oct 2016 07:45:08 +0300
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Cc: Peter Huewe <peterhuewe@gmx.de>, Marcel Selhorst <tpmdd@selhorst.net>,
        "moderated list:TPM DEVICE DRIVER" 
        <tpmdd-devel@lists.sourceforge.net>,
        open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH RFC 1/3] tpm_crb: expand struct crb_control_area to
 struct crb_regs
Message-ID: <20161010044508.GA5920@intel.com>
References: <1475972112-2819-1-git-send-email-jarkko.sakkinen@linux.intel.com>
 <1475972112-2819-2-git-send-email-jarkko.sakkinen@linux.intel.com>
 <20161009014256.GA8210@obsidianresearch.com>
 <20161009093818.GG31891@intel.com>
 <20161009164905.GA12551@obsidianresearch.com>
 <20161009183232.GA27764@intel.com>
 <20161009183358.GB27764@intel.com>
 <20161009230737.GA23823@obsidianresearch.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20161009230737.GA23823@obsidianresearch.com>
Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1992
Lines: 48

On Sun, Oct 09, 2016 at 05:07:37PM -0600, Jason Gunthorpe wrote:
> On Sun, Oct 09, 2016 at 09:33:58PM +0300, Jarkko Sakkinen wrote:
> 
> > > Sorry I missed this part.
> > > 
> > > Here are the constraints for existing hardware:
> > > 
> > > 1. All the existing CRB start only hardware has the iomem covering the
> > >    control area and registers for multiple localities.
> > > 2. All the existing ACPI start hardware has only the control area.
> > > 
> > > If you assume that SSDT does not have malicous behavior caused by either
> > > a BIOS bug or maybe a rootkit, then the current patch works for all the
> > > existing hardware.
> > > 
> > > To counter-measure for unexpected behavior in non-existing hardware and
> > > buggy or malicious firmware it probably make sense to use crb_map_res to
> > > validate the part of the CRB registers that is not part of the control
> > > area.
> 
> I don't know how much I'd assume BIOS authors do what you think - the
> spec I saw for this seems very vauge.
> 
> Certainly checking that locality region falls within the acpi mapping
> seems essential.
> 
> > > Doing it in the way you proposed does not work for ACPI start devices.
> > > 
> > > For them it should be done in the same way as I'm doing in the existing
> > > patch as for ACPI start devices the address below the control area are
> > > never accessed. Having a separate crb_map_res for CRB start only devices
> > > is sane thing to do for validation.
> > 
> > Alternative is to do two structures crb_regs_head and crb_regs_tail,
> > which might be cleaner. I'm fine with going either route.
> 
> Since the iomem doesn't actually exist for a configuration having two
> pointers is the better choice. Make sure one is null for the
> configuration that does not support it.
> 
> The negative offset thing is way too subtle.

Yeah, I do agree with you on this. Even if it was functionalliy correct,
it is hard to understand if you don't proactively work on the driver.

> Jason

/Jarkko