Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1213669pxb; Sun, 17 Jan 2021 00:37:17 -0800 (PST) X-Google-Smtp-Source: ABdhPJyuWg8mg9H1q/QoMw9zNmZdDDnO3DjZRBxZll+jSoJn04681R/XWId7Vh/WGjRLij08UM3C X-Received: by 2002:a50:dacd:: with SMTP id s13mr15681169edj.173.1610872636918; Sun, 17 Jan 2021 00:37:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610872636; cv=none; d=google.com; s=arc-20160816; b=z3UgSRUVP3h7Vh/Wlde//Vo354sDgQcV0Wk7XiIrqmnRDlz5wsJtEt6WDv2NP17k7t 3Xh0CZ5E9HJzSk79dfx7kDobKQubgY5k6E5uMJDDAn+OgXbxZdjaTzQWPLD/Z+a+nGNe nnLGqg7TeatqcqR+JbyqyJH/seuTAwtpyozG+43hwi9U05br/jgT5DupBD4duDDIeJxx Nm83k4Np/zVbj8yL9mT9ro9egX561r9+8l4m5BxgMwfUi1YjG6xnskzI9tCxgtQf6F7t RQ4hoi1ItkUvU/WMHcJgeoP2CWAOQA4YGjkWS8C3SuT9rNDfvVhIfk+9cPzKzOs/+c5K AuWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=07k6NcDsCyXw8E/sGzJY4vnDDJmU3/9rzPj1Di10VWI=; b=biTbAHDnMy4TKWH6o4FYMs0nFnP4fKSpqH90/5vhzn0jXc9lVhKJzJAKaeVrglLPnD rB3LpoI8cGkPMI/iSH0RbMrSZdSQ+8srnVOZDLRByGA5NTuKOZdqcVGRgw32MWRX1QcJ fQ0FIdCIWkhuYbN2GKdNQCN7TOJYjbPNdUS0HX6bwkTA3bWinHYKVpaDaZ+6UgkpA460 WavYSfmBQNBbMiYP90cBFpUGiUqGRznjhcFnyHiSqYFZiAjwVh79PXylt3KSAwCn/Aiw 4eU8Ok2tzxPkKw2e8GO/RPoMfVuIxtKmOw6m2cwWrbWMo4iAE6UJl6owDXSSRWFakhv7 DAZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=J1v2SEZY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v1si5933356ejd.298.2021.01.17.00.36.53; Sun, 17 Jan 2021 00:37:16 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=J1v2SEZY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728368AbhAQIdt (ORCPT + 99 others); Sun, 17 Jan 2021 03:33:49 -0500 Received: from mail.kernel.org ([198.145.29.99]:53660 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728267AbhAQIaf (ORCPT ); Sun, 17 Jan 2021 03:30:35 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id A4B3923107; Sun, 17 Jan 2021 08:29:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1610872186; bh=pj/h2k6d0lxTn7A+05AgOl/ZsBfLX0qiMy1ktJLXD8E=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=J1v2SEZYJwtZjVFU5vtkdwHbnmnRFKItgC/EW2LHj6rvVzsr8L8kAjCsekuK4Q3nc V104xw46G5HzToaM2ztVUX9R6rfEdj4BU8AgE4+DZqJ+xyBeZEcbdnL7VDxr6otkkd iHBxr2KE8Q5cCWCuH4m8Akv8LmZ85MMLIxqE2Fcg= Date: Sun, 17 Jan 2021 09:29:42 +0100 From: Greg Kroah-Hartman To: Wei Liu Cc: Randy Dunlap , Linux Kernel List , tyhicks@linux.microsoft.com, "Michael S. Tsirkin" , Jason Wang , Thomas Gleixner , Arnd Bergmann , Christian Gromm Subject: Re: [PATCH] fTPM: make sure TEE is initialized before fTPM Message-ID: References: <20210116001301.16861-1-wei.liu@kernel.org> <20210116115529.oq2k2qpgyawngcqn@liuwe-devbox-debian-v2> <20210116121109.xenpxbobni4glecg@liuwe-devbox-debian-v2> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210116121109.xenpxbobni4glecg@liuwe-devbox-debian-v2> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jan 16, 2021 at 12:11:09PM +0000, Wei Liu wrote: > On Sat, Jan 16, 2021 at 11:55:29AM +0000, Wei Liu wrote: > > On Fri, Jan 15, 2021 at 04:49:57PM -0800, Randy Dunlap wrote: > > > Hi, > > > > > > On 1/15/21 4:12 PM, Wei Liu wrote: > > > > For built-in drivers, the order of initialization function invocation is > > > > determined by their link order. > > > > > > > > The original code linked TPM drivers before TEE driver when they were > > > > both built in. That caused fTPM's initialization to be deferred to a > > > > worker thread instead of running on PID 1. > > > > > > > > That is problematic because IMA's initialization routine, which runs on > > > > PID 1 as a late initcall, needs to have access to the default TPM > > > > instance. If fTPM's initialization is deferred, IMA will not be able to > > > > get hold of a TPM instance in time. > > > > > > > > Fix this by modifying Makefile to make sure TEE is initialized before > > > > fTPM when they are both built in. > > > > > > > > Signed-off-by: Wei Liu > > > > --- > > > > drivers/Makefile | 5 +++++ > > > > 1 file changed, 5 insertions(+) > > > > > > > > diff --git a/drivers/Makefile b/drivers/Makefile > > > > index fd11b9ac4cc3..45ea5ec9d0fd 100644 > > > > --- a/drivers/Makefile > > > > +++ b/drivers/Makefile > > > > @@ -180,6 +180,11 @@ obj-$(CONFIG_NVMEM) += nvmem/ > > > > obj-$(CONFIG_FPGA) += fpga/ > > > > obj-$(CONFIG_FSI) += fsi/ > > > > obj-$(CONFIG_TEE) += tee/ > > > > + > > > > +# TPM drivers must come after TEE, otherwise fTPM initialization will be > > > > +# deferred, which causes IMA to not get a TPM device in time > > > > +obj-$(CONFIG_TCG_TPM) += char/tpm/ > > > > + > > > > obj-$(CONFIG_MULTIPLEXER) += mux/ > > > > obj-$(CONFIG_UNISYS_VISORBUS) += visorbus/ > > > > obj-$(CONFIG_SIOX) += siox/ > > > > > > > > > > As I suspected and then tested, since you did not remove the other build > > > of char/tpm/, this ends up with multiple definition linker errors (below). > > > > Oops, I didn't commit the hunk that removed the line in char/Makefile. > > > > But I will hold off sending out v2 until the following discussion is > > settled. > > > > > > > > I would think that instead of depending on Makefile order you should use different > > > initcall levels as needed. Depending on Makefile order is what we did 15 years ago. > > > > > > > No, not really. The same trick was used in 2014 (1bacc894c227). > > > > Both TEE and TPM are just drivers. I think they belong to the same level > > (at the moment device_initcall). Looking at the list of levels, I'm not > > sure how I can move TEE to a different level. > > > > Out of the seven levels, which one would you suggest I use for which > > driver? > > A bit more random thought. > > Moving one driver to a different level is not the solution either. What > if there is a dependency chain in the future in which more than 2 > drivers are involved? Do we invent more levels or abuse levels that > aren't supposed to be used by device drivers? > > The proper solution to me is to somehow sort the initcalls with their > dependencies in mind. The requires quite a bit of engineering > (integrating depmod into kernel build?). Given that there are only a few > cases, I don't think effort would be worth it. Make it an explicit dependancy in the driver, and then things will be loaded properly. You can always defer your probe if you do not have all of the proper resources, which is how these types of things are handled, instead of worrying about creating new init levels. thanks, greg k-h