Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1166061imm;
        Fri, 11 May 2018 12:04:30 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZo9Lc6RyRkF36zo5zTy+kEM5d3O4AeRPMmKREubArO4A9M7mmoRF8iwtrwBiFtj8LRWr5oY
X-Received: by 2002:a17:902:2826:: with SMTP id e35-v6mr6650284plb.348.1526065470547;
        Fri, 11 May 2018 12:04:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1526065470; cv=none;
        d=google.com; s=arc-20160816;
        b=mVbqF0c4krjy82c9m2Dy9vAy3NBS4HMOf9f0cgLe3/rsiQ0of9+81mYb06cbTcDcCb
         buxovvNYFv4FaZCQwTAaSRqE13VeCCqBrrUA3NRbok0iK310vkibr+/p3t1VcJyGPQaJ
         ChAsOC7ZYwRcjDlH/Gmw0SFX/pdVUeh1fJQKbiSB+LDoGPpMMTgc9AdxzEHwoWGxUs7D
         WM69+R0CIulSPA7KIW3aJ0YWPj7OvB+c9zQz6xnNmd25ctj0dC1C9aUzAWs2Iu/nygv/
         Q7zTh7zgsp48hCip71rRtfAMZN4WRnH7f+Ex2lNIdTkReGHu8CvJzG28AFWJBoZhsyb+
         CXYg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-language
         :content-transfer-encoding:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:to:subject:arc-authentication-results;
        bh=tC5SdeDJ39kCP+IIvJ2eMVOoZmplO+RZTy9oZVMwwJQ=;
        b=DaEvZgojIzgB/Hzo/0poYwCqcgdgA4PGd5OyehQwzuzDtalEBF0hSNUFxW6i+Yafme
         6bFtetHvaXncTna8/6M/ZCPsiVUkZ6cywANX2sJugM5jaWLskxQIwo30j7dEGXyiSzYi
         CnIw8Gbr5FG0uggnqdAjxRMbZOEdkIMxi1b1LJRioah2Q0pWA++nukEnxS0eXPhgA53E
         xkr+CvnOO33kT2+YOS1wP/afvk3d7Cp1Mbl3cEnCh6+TLVcmRcfIWYHLtdoRfdWaJisd
         BYSGJc/rnx0IWwjeUJBEDQL0nzkhFrqdseVV6ryw7mn6YwqmzV2ST3uXj8eNlAaEcwgY
         zqLg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t9-v6si3896938pfk.228.2018.05.11.12.04.12;
        Fri, 11 May 2018 12:04:30 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751579AbeEKTCo (ORCPT <rfc822;plaguedbypenguins@gmail.com>
        + 99 others); Fri, 11 May 2018 15:02:44 -0400
Received: from anor.bigon.be ([91.121.173.99]:46651 "EHLO anor.bigon.be"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1750937AbeEKTCm (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 11 May 2018 15:02:42 -0400
Received: from anor.bigon.be (localhost.localdomain [127.0.0.1])
        by anor.bigon.be (Postfix) with ESMTP id E1C0D1A0C0;
        Fri, 11 May 2018 21:02:40 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at bigon.be
Received: from anor.bigon.be ([127.0.0.1])
        by anor.bigon.be (anor.bigon.be [127.0.0.1]) (amavisd-new, port 10026)
        with ESMTP id QbKN3JiY8EL7; Fri, 11 May 2018 21:02:17 +0200 (CEST)
Received: from [IPv6:2a02:a03f:3cdd:ea00:78cd:ee5b:2d35:292b] (unknown [IPv6:2a02:a03f:3cdd:ea00:78cd:ee5b:2d35:292b])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (Client did not present a certificate)
        (Authenticated sender: bigon)
        by anor.bigon.be (Postfix) with ESMTPSA id 3F8241A055;
        Fri, 11 May 2018 21:02:17 +0200 (CEST)
Subject: Re: [PATCH] tpm_tis: verify locality released before returning from
 release_locality
To:     linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        Peter Huewe <peterhuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca>
References: <20180505195453.10431-1-jsnitsel@redhat.com>
 <20180505200315.x7jt33j7psizmfyi@cantor>
From:   Laurent Bigonville <bigon@debian.org>
Message-ID: <bcac4481-108a-4598-6524-041879be7c06@debian.org>
Date:   Fri, 11 May 2018 21:02:16 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <20180505200315.x7jt33j7psizmfyi@cantor>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: fr-BE
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Le 05/05/18 à 22:03, Jerry Snitselaar a écrit :
> On Sat May 05 18, Jerry Snitselaar wrote:
>> For certain tpm chips releasing locality can take long enough that a
>> subsequent call to request_locality will see the locality as being
>> active when the access register is read in check_locality. So check
>> that the locality has been released before returning from
>> release_locality.
>>
>> Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
>> Cc: Peter Huewe <peterhuewe@gmx.de>
>> Cc: Jason Gunthorpe <jgg@ziepe.ca>
>> Reported-by: Laurent Bigonville <bigon@debian.org>
>> Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
Tested-by: Laurent Bigonville <bigon@debian.org>
>> ---
>> drivers/char/tpm/tpm_tis_core.c | 47 
>> ++++++++++++++++++++++++++++++++++++++++-
>> 1 file changed, 46 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/char/tpm/tpm_tis_core.c 
>> b/drivers/char/tpm/tpm_tis_core.c
>> index 5a1f47b43947..d547cd309dbd 100644
>> --- a/drivers/char/tpm/tpm_tis_core.c
>> +++ b/drivers/char/tpm/tpm_tis_core.c
>> @@ -143,13 +143,58 @@ static bool check_locality(struct tpm_chip 
>> *chip, int l)
>>     return false;
>> }
>>
>> +static bool locality_inactive(struct tpm_chip *chip, int l)
>> +{
>> +    struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
>> +    int rc;
>> +    u8 access;
>> +
>> +    rc = tpm_tis_read8(priv, TPM_ACCESS(l), &access);
>> +    if (rc < 0)
>> +        return false;
>> +
>> +    if ((access & (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY))
>> +        == TPM_ACCESS_VALID)
>> +        return true;
>> +
>> +    return false;
>> +}
>> +
>> static int release_locality(struct tpm_chip *chip, int l)
>> {
>>     struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
>> +    unsigned long stop, timeout;
>> +    long rc;
>>
>>     tpm_tis_write8(priv, TPM_ACCESS(l), TPM_ACCESS_ACTIVE_LOCALITY);
>>
>> -    return 0;
>> +    stop = jiffies + chip->timeout_a;
>> +
>> +    if (chip->flags & TPM_CHIP_FLAG_IRQ) {
>> +again:
>> +        timeout = stop - jiffies;
>> +        if ((long)timeout <= 0)
>> +            return -1;
>> +
>> +        rc = wait_event_interruptible_timeout(priv->int_queue,
>> +                              (locality_inactive(chip, l)),
>> +                              timeout);
>> +
>> +        if (rc > 0)
>> +            return 0;
>> +
>> +        if (rc == -ERESTARTSYS && freezing(current)) {
>> +            clear_thread_flag(TIF_SIGPENDING);
>> +            goto again;
>> +        }
>> +    } else {
>> +        do {
>> +            if (locality_inactive(chip, l))
>> +                return 0;
>> +            tpm_msleep(TPM_TIMEOUT);
>> +        } while (time_before(jiffies, stop));
>> +    }
>> +    return -1;
>> }
>>
>> static int request_locality(struct tpm_chip *chip, int l)
>> -- 
>> 2.15.0
>>
>
> Laurent,
>
> Can you try this patch with your system since it is the one
> that has exhibited the problem so far. I've tested on a
> tpm2.0 and tpm1.2 system here.
>
> Regards,
> Jerry