Received: by 2002:a05:6358:e9c4:b0:b2:91dc:71ab with SMTP id hc4csp6305332rwb; Tue, 9 Aug 2022 12:49:28 -0700 (PDT) X-Google-Smtp-Source: AA6agR5GeKGgK9MXzh8TeVv1rQSUxp/F/hk0zK4v7OZ0BR7WLgruTJEfiYa9fRTVKcrMqLtkAHIf X-Received: by 2002:a17:90b:3d85:b0:1f7:6a32:3576 with SMTP id pq5-20020a17090b3d8500b001f76a323576mr79074pjb.187.1660074568558; Tue, 09 Aug 2022 12:49:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660074568; cv=none; d=google.com; s=arc-20160816; b=Ogn1qMS+sY630pLamGlp7Ns0TlVOyl8d2gaNXOH/treHye5ktQCYxL1cZxvhFnysEM 8ivlgQlTUrCqokjGuV1UjIH+3WkmJLLTXKNOcHffPTbnDua3/7W4+h8TrLsfvt8q/gFl 0xoVsSzaZJSGOT5EbX2ru9HTI6bbROU7GgJJf5icy48mlJsoMeIUlCQjvjQD57ymN+IR 0X0q76jrijUZilYVgLTfmKOn5TlDmmDbA6dWs6/xWu1qdb/f0vXTvy11qhDqyiMR7Z1Z Gkl9bPj8ZiQVqLEtcg5M+S+A7kcj2LTg7IaFl9Pz+IetAYHGXWjSTaHFcGBaR/eucXYA tiMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=WQADmAbbPY4UNq4TbQtJ0wmwYjKdHy+t7oPSx2knkGw=; b=Bpwr56Si7LkHGj0EDaLOGjFWHg1O3/yJFyLVpHligNSivwslGhE1ln7PZR2IsqFPqM xwUCwxkuJ8F+fG7iX0L5oFoTCpzuMeyGuY/NOhiACXeZZgzAucxAVnYnZcc+Roo1E0XK 4DH+UqFD13BPgZKi0UL+XXQXl7kA52tygd1wuX8OXciPGSsn+ic2/20FkFf2Vu7rbzGe RDKGg6ZwhwikmWdUyUqOG8TWRbaaLjkSqp28MyVU+1EOWteSdT8Hm/OiA+c6lzxX/ZUo O6d+of6d//w3FKgxl/wwc9BE5jscy4EE6tdx/tcU10tj04UhPDAGarHnpDRzZ9Jr1dL8 LY2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="T3xk/rfI"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f11-20020a170902ce8b00b0016da4dcae60si17437416plg.64.2022.08.09.12.49.15; Tue, 09 Aug 2022 12:49:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="T3xk/rfI"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343742AbiHITkd (ORCPT + 99 others); Tue, 9 Aug 2022 15:40:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41366 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243048AbiHITkE (ORCPT ); Tue, 9 Aug 2022 15:40:04 -0400 Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B4DBC255BF for ; Tue, 9 Aug 2022 12:40:02 -0700 (PDT) Received: by mail-qk1-x72e.google.com with SMTP id c16so131442qkk.10 for ; Tue, 09 Aug 2022 12:40:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=WQADmAbbPY4UNq4TbQtJ0wmwYjKdHy+t7oPSx2knkGw=; b=T3xk/rfIHpnSaArGMKToaLTdDcPztKs73hwbF/4oilTSRO/u+Y5EH66x921BEN+iwS n8Efv/cl0XGLh75r3nPSGiSRcCWOIMa4+iO2L2boSNmbA+An9VwgOdQ57BecRqDId3cr 93aVbwUsrAk/jVP3NrBx8OlA8Som+xmHbXQmc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=WQADmAbbPY4UNq4TbQtJ0wmwYjKdHy+t7oPSx2knkGw=; b=d2C1jOFvKDs0+HRy2jvoF1MGaFFiib+mbZl/eQbdbDCy0EogTGaaw235YseOjhUfgs EKh/YXvIz9DvTdDOIztLsXfSaNlUNTO1liaxNbTwsfU4n5cKFwFdYU7tN3vBxzRflE1w SFdRFEEp2DjEsQTIy12Sp8WshDwzRgvyzotvHwKDAtynyDCMviVQPADoKT868U6VdYIl 0PBhpSv9cxsOUn2XLiUqBzDXt0jRMqgPMLFhV4m/Q2COzQY92UcMHr3ULoimzr4gYyBI qSLDhj6E+kmhs/0j1YNhukx3PVWisSt+m0bK47RotYJZOI6qvvvSLh/uqzhJkQ7BweH7 ps1Q== X-Gm-Message-State: ACgBeo3ROlhky58u4jCd4qrH32A2xHUzoxPKSpOXpx+rXn7aelaLRD8P fff2Nz/VMpypZ56uW7aP69bQnQ== X-Received: by 2002:a05:620a:c4f:b0:6b8:ea30:2d4a with SMTP id u15-20020a05620a0c4f00b006b8ea302d4amr18690230qki.717.1660074001883; Tue, 09 Aug 2022 12:40:01 -0700 (PDT) Received: from trappist.c.googlers.com.com (128.174.85.34.bc.googleusercontent.com. [34.85.174.128]) by smtp.gmail.com with ESMTPSA id w19-20020a05620a445300b006b9264191b5sm9562422qkp.32.2022.08.09.12.40.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Aug 2022 12:40:01 -0700 (PDT) From: Sven van Ashbrook To: Peter Huewe , Jarkko Sakkinen , Jason Gunthorpe , Hao Wu , Yi Chou , Andrey Pronin , Sven van Ashbrook , James Morris Cc: stable@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] tpm: fix potential race condition in suspend/resume Date: Tue, 9 Aug 2022 19:39:18 +0000 Message-Id: <20220809193921.544546-1-svenva@chromium.org> X-Mailer: git-send-email 2.37.1.559.g78731f0fdb-goog MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Concurrent accesses to the tpm chip are prevented by allowing only a single thread at a time to obtain a tpm chip reference through tpm_try_get_ops(). However, the tpm's suspend function does not use this mechanism, so when the tpm api is called by a kthread which does not get frozen on suspend (such as the hw_random kthread) it's possible that the tpm is used when already in suspend, or in use while in the process of suspending. This is seen on certain ChromeOS platforms - low-probability warnings are generated during suspend. In this case, the tpm attempted to read data from a tpm chip on an already-suspended bus. i2c_designware i2c_designware.1: Transfer while suspended Fix: 1. prevent concurrent execution of tpm accesses and suspend/ resume, by letting suspend/resume grab the tpm_mutex. 2. before commencing a tpm access, check if the tpm chip is already suspended. Fail with -EAGAIN if so. Tested by running 6000 suspend/resume cycles back-to-back on a ChromeOS "brya" device. The intermittent warnings reliably disappear after applying this patch. No system issues were observed. Cc: Fixes: e891db1a18bf ("tpm: turn on TPM on suspend for TPM 1.x") Signed-off-by: Sven van Ashbrook --- drivers/char/tpm/tpm-interface.c | 16 ++++++++++++++++ include/linux/tpm.h | 2 ++ 2 files changed, 18 insertions(+) diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 1621ce818705..16ca490fd483 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -82,6 +82,11 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip, void *buf, size_t bufsiz) return -E2BIG; } + if (chip->is_suspended) { + dev_info(&chip->dev, "blocking transmit while suspended\n"); + return -EAGAIN; + } + rc = chip->ops->send(chip, buf, count); if (rc < 0) { if (rc != -EPIPE) @@ -394,6 +399,8 @@ int tpm_pm_suspend(struct device *dev) if (!chip) return -ENODEV; + mutex_lock(&chip->tpm_mutex); + if (chip->flags & TPM_CHIP_FLAG_ALWAYS_POWERED) goto suspended; @@ -411,6 +418,11 @@ int tpm_pm_suspend(struct device *dev) } suspended: + if (!rc) + chip->is_suspended = true; + + mutex_unlock(&chip->tpm_mutex); + return rc; } EXPORT_SYMBOL_GPL(tpm_pm_suspend); @@ -426,6 +438,10 @@ int tpm_pm_resume(struct device *dev) if (chip == NULL) return -ENODEV; + mutex_lock(&chip->tpm_mutex); + chip->is_suspended = false; + mutex_unlock(&chip->tpm_mutex); + return 0; } EXPORT_SYMBOL_GPL(tpm_pm_resume); diff --git a/include/linux/tpm.h b/include/linux/tpm.h index d7c67581929f..0fbc1a43ae80 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -131,6 +131,8 @@ struct tpm_chip { int dev_num; /* /dev/tpm# */ unsigned long is_open; /* only one allowed */ + bool is_suspended; + char hwrng_name[64]; struct hwrng hwrng; -- 2.37.1.559.g78731f0fdb-goog