From: Hao Wu <hao.wu@rubrik.com>
To: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Shrihari Kalkar <shrihari.kalkar@rubrik.com>,
Seungyeop Han <seungyeop.han@rubrik.com>,
Anish Jhaveri <anish.jhaveri@rubrik.com>,
peterhuewe@gmx.de, jgg@ziepe.ca, linux-integrity@vger.kernel.org,
Paul Menzel <pmenzel@molgen.mpg.de>,
Ken Goldman <kgold@linux.ibm.com>,
zohar@linux.vnet.ibm.com, why2jjj.linux@gmail.com,
Hamza Attak <hamza@hpe.com>,
gregkh@linuxfoundation.org, arnd@arndb.de,
Nayna <nayna@linux.vnet.ibm.com>,
James.Bottomley@hansenpartnership.com
Subject: Re: [PATCH v5] tpm: fix Atmel TPM crash caused by too frequent queries
Date: Wed, 8 Sep 2021 01:33:36 -0700 [thread overview]
Message-ID: <5549873C-B4B8-4D87-A1A1-DE965A6E85CE@rubrik.com> (raw)
In-Reply-To: <b2f16ed95526cf47ca32b2fe973733e97cf4632b.camel@kernel.org>
> On Sep 7, 2021, at 10:43 AM, Jarkko Sakkinen <jarkko@kernel.org> wrote:
>
> On Sat, 2021-09-04 at 20:51 -0700, Hao Wu wrote:
>> The Atmel TPM 1.2 chips crash with error
>> `tpm_try_transmit: send(): error -62` since kernel 4.14.
>> It is observed from the kernel log after running `tpm_sealdata -z`.
>> The error thrown from the command is as follows
>> ```
>> $ tpm_sealdata -z
>> Tspi_Key_LoadKey failed: 0x00001087 - layer=tddl,
>> code=0087 (135), I/O error
>> ```
>>
>> The issue was reproduced with the following Atmel TPM chip:
>> ```
>> $ tpm_version
>> T0 TPM 1.2 Version Info:
>> Chip Version: 1.2.66.1
>> Spec Level: 2
>> Errata Revision: 3
>> TPM Vendor ID: ATML
>> TPM Version: 01010000
>> Manufacturer Info: 41544d4c
>> ```
>>
>> The root cause of the issue is due to the TPM calls to msleep()
>> were replaced with usleep_range() [1], which reduces
>> the actual timeout. Via experiments, it is observed that
>> the original msleep(5) actually sleeps for 15ms.
>> Because of a known timeout issue in Atmel TPM 1.2 chip,
>> the shorter timeout than 15ms can cause the error described above.
>>
>> A few further changes in kernel 4.16 [2] and 4.18 [3, 4] further
>> reduced the timeout to less than 1ms. With experiments,
>> the problematic timeout in the latest kernel is the one
>> for `wait_for_tpm_stat`.
>>
>> To fix it, the patch reverts the timeout of `wait_for_tpm_stat`
>> to 15ms for all Atmel TPM 1.2 chips, but leave it untouched
>> for Ateml TPM 2.0 chip, and chips from other vendors.
>> As explained above, the chosen 15ms timeout is
>> the actual timeout before this issue introduced,
>> thus the old value is used here.
>> Particularly, TPM_ATML_TIMEOUT_WAIT_STAT_MIN is set to 14700us,
>> TPM_ATML_TIMEOUT_WAIT_STAT_MIN is set to 15000us according to
>> the existing TPM_TIMEOUT_RANGE_US (300us).
>> The fixed has been tested in the system with the affected Atmel chip
>> with no issues observed after boot up.
>>
>> References:
>> [1] 9f3fc7bcddcb tpm: replace msleep() with usleep_range() in TPM
>> 1.2/2.0 generic drivers
>> [2] cf151a9a44d5 tpm: reduce tpm polling delay in tpm_tis_core
>> [3] 59f5a6b07f64 tpm: reduce poll sleep time in tpm_transmit()
>> [4] 424eaf910c32 tpm: reduce polling time to usecs for even finer
>> granularity
>>
>> Fixes: 9f3fc7bcddcb ("tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers")
>> Link: https://patchwork.kernel.org/project/linux-integrity/patch/20200926223150.109645-1-hao.wu@rubrik.com/
>> Signed-off-by: Hao Wu <hao.wu@rubrik.com>
>> ---
>> v5:
>> - Rename variables according to feedbacks
>> - Move timeout min/max to tpm_tis_data
>>
>> v4:
>> - Move timeout constants to drivers/char/tpm/tpm_tis_core.h
>> - Cleanup unnecessary inline comment
>>
>> v3:
>> - removes unnecessary condition check in `wait_for_tpm_stat`
>>
>> v2:
>> - follow the existing way to define two timeouts (min and max)
>> for ATMEL chip, thus keep the exact timeout logic for
>> non-ATEML chips.
>> - limit the timeout increase to only ATMEL TPM 1.2 chips,
>> because it is not an issue for TPM 2.0 chips yet.
>>
>> Test Plan:
>> - Run fixed kernel with ATMEL TPM chips and see crash
>> has been fixed.
>> - Run fixed kernel with non-ATMEL TPM chips, and confirm
>> the timeout has not been changed.
>>
>> drivers/char/tpm/tpm_tis_core.c | 27 +++++++++++++++++++--------
>> drivers/char/tpm/tpm_tis_core.h | 4 ++++
>> include/linux/tpm.h | 1 +
>> 3 files changed, 24 insertions(+), 8 deletions(-)
>>
>
> I just noticed that these are part of the same email thread from
> lore.kernel.org. Please always use separate thread. E.g. I'm not sure if
> this would play out well with tooling such as b4 that can pick up patch
> sets from lore.
I see. I thought I need to chain these. Will send a separate one.
>
>> diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
>> index 55b9d3965ae1..29de383aec5f 100644
>> --- a/drivers/char/tpm/tpm_tis_core.c
>> +++ b/drivers/char/tpm/tpm_tis_core.c
>> @@ -79,9 +79,10 @@ static int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask,
>> goto again;
>> }
>> } else {
>> + struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
>
> Move this declaration to the beginning of the function.
OK
>> do {
>> - usleep_range(TPM_TIMEOUT_USECS_MIN,
>> - TPM_TIMEOUT_USECS_MAX);
>> + usleep_range(priv->timeout_min,
>> + priv->timeout_max);
>> status = chip->ops->status(chip);
>> if ((status & mask) == mask)
>> return 0;
>> @@ -934,7 +935,23 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
>> chip->timeout_b = msecs_to_jiffies(TIS_TIMEOUT_B_MAX);
>> chip->timeout_c = msecs_to_jiffies(TIS_TIMEOUT_C_MAX);
>> chip->timeout_d = msecs_to_jiffies(TIS_TIMEOUT_D_MAX);
>> + priv->timeout_min = TPM_TIMEOUT_USECS_MIN;
>> + priv->timeout_max = TPM_TIMEOUT_USECS_MAX;
>> priv->phy_ops = phy_ops;
>> +
>> + rc = tpm_tis_read32(priv, TPM_DID_VID(0), &vendor);
>> + if (rc < 0)
>> + goto out_err;
>> +
>> + priv->manufacturer_id = vendor;
>> +
>> + if (priv->manufacturer_id == TPM_VID_ATML &&
>> + !(chip->flags & TPM_CHIP_FLAG_TPM2)) {
>> + /* If TPM chip is 1.2 ATMEL chip, timeout need to be relaxed*/
>
> A ' ' character missing before the last asterisk.
>
> Also the comment is just in English the same exact thing already
> clearly expressed by the if-statement, so it's better that you
> just remove the comment altogether.
Sure will remove it
>
>> + priv->timeout_min = TIS_TIMEOUT_MIN_ATML;
>> + priv->timeout_max = TIS_TIMEOUT_MAX_ATML;
>> + }
>> +
>> dev_set_drvdata(&chip->dev, priv);
>>
>> if (is_bsw()) {
>> @@ -977,12 +994,6 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
>> if (rc)
>> goto out_err;
>>
>> - rc = tpm_tis_read32(priv, TPM_DID_VID(0), &vendor);
>> - if (rc < 0)
>> - goto out_err;
>> -
>> - priv->manufacturer_id = vendor;
>> -
>> rc = tpm_tis_read8(priv, TPM_RID(0), &rid);
>> if (rc < 0)
>> goto out_err;
>> diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h
>> index 9b2d32a59f67..c33f27c929f4 100644
>> --- a/drivers/char/tpm/tpm_tis_core.h
>> +++ b/drivers/char/tpm/tpm_tis_core.h
>> @@ -54,6 +54,8 @@ enum tis_defaults {
>> TIS_MEM_LEN = 0x5000,
>> TIS_SHORT_TIMEOUT = 750, /* ms */
>> TIS_LONG_TIMEOUT = 2000, /* 2 sec */
>> + TIS_TIMEOUT_MIN_ATML = 14700, /* usecs */
>> + TIS_TIMEOUT_MAX_ATML = 15000, /* usecs */
>> };
>>
>> /* Some timeout values are needed before it is known whether the chip is
>> @@ -97,6 +99,8 @@ struct tpm_tis_data {
>> wait_queue_head_t read_queue;
>> const struct tpm_tis_phy_ops *phy_ops;
>> unsigned short rng_quality;
>> + unsigned int timeout_min; /* usecs */
>> + unsigned int timeout_max; /* usecs */
>> };
>>
>> struct tpm_tis_phy_ops {
>> diff --git a/include/linux/tpm.h b/include/linux/tpm.h
>> index aa11fe323c56..12d827734686 100644
>> --- a/include/linux/tpm.h
>> +++ b/include/linux/tpm.h
>> @@ -269,6 +269,7 @@ enum tpm2_cc_attrs {
>> #define TPM_VID_INTEL 0x8086
>> #define TPM_VID_WINBOND 0x1050
>> #define TPM_VID_STM 0x104A
>> +#define TPM_VID_ATML 0x1114
>>
>> enum tpm_chip_flags {
>> TPM_CHIP_FLAG_TPM2 = BIT(1),
>
> Looking good other than a those minor nitpicks. Please send the next as
> a separate thread, and *not* as response, so that it can be picked up.
>
> /Jarkko
>
Thanks!
Hao
prev parent reply other threads:[~2021-09-08 8:33 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-20 23:18 [PATCH] Fix Atmel TPM crash caused by too frequent queries Hao Wu
2021-06-23 13:35 ` Jarkko Sakkinen
2021-06-24 5:49 ` Hao Wu
2021-06-29 20:06 ` Jarkko Sakkinen
2021-06-30 4:27 ` Hao Wu
2021-06-24 5:33 ` Hao Wu
2021-06-29 20:07 ` Jarkko Sakkinen
2021-06-30 4:22 ` [PATCH] tpm: fix ATMEL " Hao Wu
2021-07-02 6:35 ` Jarkko Sakkinen
2021-07-02 7:12 ` Greg KH
2021-07-02 7:33 ` Hao Wu
2021-07-02 7:35 ` Hao Wu
2021-07-02 7:45 ` Jarkko Sakkinen
2021-07-02 7:59 ` Hao Wu
2021-07-02 8:42 ` Jarkko Sakkinen
2021-07-02 11:57 ` Jarkko Sakkinen
2021-07-02 19:16 ` Hao Wu
2021-07-05 5:19 ` Jarkko Sakkinen
2021-07-05 5:29 ` Hao Wu
2021-07-04 0:07 ` Hao Wu
2021-07-05 7:15 ` Jarkko Sakkinen
2021-07-05 23:09 ` Hao Wu
2021-07-06 12:34 ` Mimi Zohar
2021-07-07 4:18 ` Hao Wu
2021-07-07 4:34 ` Hao Wu
2021-07-07 4:31 ` [PATCH v2] " Hao Wu
2021-07-07 9:24 ` Jarkko Sakkinen
2021-07-07 18:28 ` Hao Wu
2021-07-07 21:10 ` Jarkko Sakkinen
2021-07-09 4:43 ` Hao Wu
2021-07-09 4:40 ` [PATCH v2] tpm: fix Atmel " Hao Wu
2021-07-09 17:47 ` Jarkko Sakkinen
2021-07-09 19:23 ` Hao Wu
2021-07-11 7:37 ` Hao Wu
2021-07-16 5:30 ` Hao Wu
2021-07-11 7:51 ` [PATCH v3] " Hao Wu
2021-07-27 2:46 ` Jarkko Sakkinen
2021-07-27 3:40 ` Hao Wu
2021-08-14 22:25 ` [PATCH v4] " Hao Wu
2021-08-26 5:38 ` Hao Wu
2021-08-26 16:24 ` Jarkko Sakkinen
2021-08-27 0:35 ` Hao Wu
2021-09-04 21:14 ` Hao Wu
2021-09-04 23:15 ` Hao Wu
2021-09-05 3:51 ` [PATCH v5] " Hao Wu
2021-09-07 17:43 ` Jarkko Sakkinen
2021-09-08 8:33 ` Hao Wu [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5549873C-B4B8-4D87-A1A1-DE965A6E85CE@rubrik.com \
--to=hao.wu@rubrik.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=anish.jhaveri@rubrik.com \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=hamza@hpe.com \
--cc=jarkko@kernel.org \
--cc=jgg@ziepe.ca \
--cc=kgold@linux.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=nayna@linux.vnet.ibm.com \
--cc=peterhuewe@gmx.de \
--cc=pmenzel@molgen.mpg.de \
--cc=seungyeop.han@rubrik.com \
--cc=shrihari.kalkar@rubrik.com \
--cc=why2jjj.linux@gmail.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).