Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp691469pxb; Sat, 16 Jan 2021 04:15:25 -0800 (PST) X-Google-Smtp-Source: ABdhPJz3mMje6nhMTZF847zjbj3zjsgwFh6acNRubEwcMz8EacYVeT9slQB1DOqH13Qwr5jNA2ve X-Received: by 2002:a17:906:39d0:: with SMTP id i16mr5623037eje.18.1610799324870; Sat, 16 Jan 2021 04:15:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610799324; cv=none; d=google.com; s=arc-20160816; b=cknY3LYF7WB81YOWUegcqB7h1uu0qDPOq4lFUma7rHMpjNFQoZ8HuYGCstIT7q4IT5 tsAy/J5r2uv1Inyynoy8cC1aAa8F+CSiR1sGB+dK7QiVSnjlyJ++hBqFCymGYB4x/gVi 2E1psgNJ9cIf7jcTtjXapvZdesCD3RJjdoHFt9BYnVZo228EIiOm/mOsWEl8PfM0fK9t c30ZwM02FVdCgGVvjq8SMPqpwEBI6IoK5s7d3SUsdKo5eV4fGbcKOjocgXexYoe8T/4d gLssTJh6FQVwQVEbNNY5S1eT7OLirPyB/sGHPj8mab7zroL1OOVmIkXOXxEEd1pzqzav VSNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=p7H0fvmXiskQPeDj6HjFg//R8x/xZr5JEnTtaCWu2i8=; b=mzQFVj3/OrDeBMTkgE+vlbmU1YIP6pyhgHd0yPYm44+y6C2FkO1Zfs7AQGDpJWjsQ1 pHly/iuaJXAxIrBBFs8QvDf7Y37rEzl+4nxnSQVftPQ+bPw4CITWHFYaxICEgv31J4ER d9cJLCJ9ggegCXTnsm9AdkQ/I2jsz3wTyBrWB2GbmQdpZcWH6wns7Q5EQYiYfOvmtrBP hsvKP/pelNDrZCcn5WNqhTy5Oz8eWS6mSIdkMOiYOa5/cwteiK60uuruD9+dLVuVUYVb YDqLKNB3dP89oxXPkPwquKWWkoK11e3fX5Tcc3zSxONag4PBl0g+LZKSDjZLFveLPLta jC4Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z22si4666476ejc.125.2021.01.16.04.15.00; Sat, 16 Jan 2021 04:15:24 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726273AbhAPMLy (ORCPT + 99 others); Sat, 16 Jan 2021 07:11:54 -0500 Received: from mail-wm1-f53.google.com ([209.85.128.53]:40595 "EHLO mail-wm1-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725979AbhAPMLy (ORCPT ); Sat, 16 Jan 2021 07:11:54 -0500 Received: by mail-wm1-f53.google.com with SMTP id r4so9814009wmh.5 for ; Sat, 16 Jan 2021 04:11:37 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=p7H0fvmXiskQPeDj6HjFg//R8x/xZr5JEnTtaCWu2i8=; b=HuzJ0ZrwjUNFLJsELZ6D80Clqi4HkCnDwbYpej+kXFpEvWX1Ktv+igRfpxYE1wawh2 UdO7SjAox/RKclpnG48qOP3LmXjPt+nYojjLzlJgeQezOnQR1RyVrigNPLU4rbLu2t2d 33awUsgYSHL0mL45+Jg2YL+EZlvyfADiFQyx0n0Jw2tra+LcKDs/rvVruNAbR918/6hr Or6ioRE55bm2ur6JyarKfC5zvxAEZaSLfgdVnE0MfgZmsMRLBGyzlzp2FAc8wx99DuUI 0nHMr3fJY4ayHlSXzGLab7aC4Hn4DjbfefQhJEYbEbWrOYalhBsp6rsbDWUprQKwMAs3 PaHA== X-Gm-Message-State: AOAM531aO4TMgxdkbdc83E11yBTIupyMr5mb34bdaICsOz0b5QRl4pgG FPSgauW3FdGET/i/IUJvXzQ= X-Received: by 2002:a05:600c:1986:: with SMTP id t6mr8808979wmq.93.1610799071437; Sat, 16 Jan 2021 04:11:11 -0800 (PST) Received: from liuwe-devbox-debian-v2 ([51.145.34.42]) by smtp.gmail.com with ESMTPSA id g194sm15934714wme.39.2021.01.16.04.11.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 16 Jan 2021 04:11:11 -0800 (PST) Date: Sat, 16 Jan 2021 12:11:09 +0000 From: Wei Liu To: Randy Dunlap Cc: Wei Liu , Linux Kernel List , tyhicks@linux.microsoft.com, "Michael S. Tsirkin" , Jason Wang , Greg Kroah-Hartman , Thomas Gleixner , Arnd Bergmann , Christian Gromm Subject: Re: [PATCH] fTPM: make sure TEE is initialized before fTPM Message-ID: <20210116121109.xenpxbobni4glecg@liuwe-devbox-debian-v2> References: <20210116001301.16861-1-wei.liu@kernel.org> <20210116115529.oq2k2qpgyawngcqn@liuwe-devbox-debian-v2> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210116115529.oq2k2qpgyawngcqn@liuwe-devbox-debian-v2> User-Agent: NeoMutt/20180716 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jan 16, 2021 at 11:55:29AM +0000, Wei Liu wrote: > On Fri, Jan 15, 2021 at 04:49:57PM -0800, Randy Dunlap wrote: > > Hi, > > > > On 1/15/21 4:12 PM, Wei Liu wrote: > > > For built-in drivers, the order of initialization function invocation is > > > determined by their link order. > > > > > > The original code linked TPM drivers before TEE driver when they were > > > both built in. That caused fTPM's initialization to be deferred to a > > > worker thread instead of running on PID 1. > > > > > > That is problematic because IMA's initialization routine, which runs on > > > PID 1 as a late initcall, needs to have access to the default TPM > > > instance. If fTPM's initialization is deferred, IMA will not be able to > > > get hold of a TPM instance in time. > > > > > > Fix this by modifying Makefile to make sure TEE is initialized before > > > fTPM when they are both built in. > > > > > > Signed-off-by: Wei Liu > > > --- > > > drivers/Makefile | 5 +++++ > > > 1 file changed, 5 insertions(+) > > > > > > diff --git a/drivers/Makefile b/drivers/Makefile > > > index fd11b9ac4cc3..45ea5ec9d0fd 100644 > > > --- a/drivers/Makefile > > > +++ b/drivers/Makefile > > > @@ -180,6 +180,11 @@ obj-$(CONFIG_NVMEM) += nvmem/ > > > obj-$(CONFIG_FPGA) += fpga/ > > > obj-$(CONFIG_FSI) += fsi/ > > > obj-$(CONFIG_TEE) += tee/ > > > + > > > +# TPM drivers must come after TEE, otherwise fTPM initialization will be > > > +# deferred, which causes IMA to not get a TPM device in time > > > +obj-$(CONFIG_TCG_TPM) += char/tpm/ > > > + > > > obj-$(CONFIG_MULTIPLEXER) += mux/ > > > obj-$(CONFIG_UNISYS_VISORBUS) += visorbus/ > > > obj-$(CONFIG_SIOX) += siox/ > > > > > > > As I suspected and then tested, since you did not remove the other build > > of char/tpm/, this ends up with multiple definition linker errors (below). > > Oops, I didn't commit the hunk that removed the line in char/Makefile. > > But I will hold off sending out v2 until the following discussion is > settled. > > > > > I would think that instead of depending on Makefile order you should use different > > initcall levels as needed. Depending on Makefile order is what we did 15 years ago. > > > > No, not really. The same trick was used in 2014 (1bacc894c227). > > Both TEE and TPM are just drivers. I think they belong to the same level > (at the moment device_initcall). Looking at the list of levels, I'm not > sure how I can move TEE to a different level. > > Out of the seven levels, which one would you suggest I use for which > driver? A bit more random thought. Moving one driver to a different level is not the solution either. What if there is a dependency chain in the future in which more than 2 drivers are involved? Do we invent more levels or abuse levels that aren't supposed to be used by device drivers? The proper solution to me is to somehow sort the initcalls with their dependencies in mind. The requires quite a bit of engineering (integrating depmod into kernel build?). Given that there are only a few cases, I don't think effort would be worth it. Wei. > > Wei.