This patchset introduces an optional maximum transfer size that can be specified by a tpm driver. Setting the max_xfer_size helps to catch the cases when burstcnt is incorrectly reported by the device (e.g. >64 for spi - happened in practice) and gracefully handle such situations. Andrey Pronin (2): tpm_tis_core: add optional max xfer size check tpm_tis_spi: add max xfer size drivers/char/tpm/tpm_tis_core.c | 17 +++++++++++++++-- drivers/char/tpm/tpm_tis_core.h | 13 +++++++++++++ drivers/char/tpm/tpm_tis_spi.c | 1 + 3 files changed, 29 insertions(+), 2 deletions(-) -- 2.6.6
If tpm reports a bigger burstcnt than allowed by the physical protocol, re-query the burstcnt and correct, if needed, if still too large. In practice, seen in case of xfer issues (e.g. in spi interface case, lost header causing flow control issues and wrong values returned on read from TPM_STS). Without catching, causes the physical layer to reject xfer, while is easily preventable by re-querying TPM_STS. Signed-off-by: Andrey Pronin <apronin@chromium.org> --- drivers/char/tpm/tpm_tis_core.c | 17 +++++++++++++++-- drivers/char/tpm/tpm_tis_core.h | 13 +++++++++++++ 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index 8110b52..f5d456c 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -158,6 +158,7 @@ static int get_burstcount(struct tpm_chip *chip) unsigned long stop; int burstcnt, rc; u32 value; + bool retry_burstcnt = false; /* wait for burstcount */ /* which timeout value, spec has 2 answers (c & d) */ @@ -168,8 +169,20 @@ static int get_burstcount(struct tpm_chip *chip) return rc; burstcnt = (value >> 8) & 0xFFFF; - if (burstcnt) - return burstcnt; + if (burstcnt) { + /* If burstcnt is larger than max allowed xfer + * size, retry once - may be a glitch. Return + * max_xfer_size on the 2nd try to avoid being + * stuck forever. + */ + if (tpm_tis_burstcnt_is_valid(priv, burstcnt)) + return burstcnt; + if (retry_burstcnt) + return tpm_tis_max_xfer_size(priv); + dev_warn(&chip->dev, "Bad burstcnt read: %d\n", + burstcnt); + retry_burstcnt = true; + } msleep(TPM_TIMEOUT); } while (time_before(jiffies, stop)); return -EBUSY; diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h index 9191aab..713aa5a 100644 --- a/drivers/char/tpm/tpm_tis_core.h +++ b/drivers/char/tpm/tpm_tis_core.h @@ -102,6 +102,7 @@ struct tpm_tis_phy_ops { int (*read16)(struct tpm_tis_data *data, u32 addr, u16 *result); int (*read32)(struct tpm_tis_data *data, u32 addr, u32 *result); int (*write32)(struct tpm_tis_data *data, u32 addr, u32 src); + u16 max_xfer_size; }; static inline int tpm_tis_read_bytes(struct tpm_tis_data *data, u32 addr, @@ -144,6 +145,18 @@ static inline int tpm_tis_write32(struct tpm_tis_data *data, u32 addr, return data->phy_ops->write32(data, addr, value); } +static inline u16 tpm_tis_max_xfer_size(struct tpm_tis_data *data) +{ + return data->phy_ops->max_xfer_size; +} + +static inline bool tpm_tis_burstcnt_is_valid(struct tpm_tis_data *data, + u16 burstcnt) +{ + return (tpm_tis_max_xfer_size(data) == 0) + || (burstcnt <= tpm_tis_max_xfer_size(data)); +} + void tpm_tis_remove(struct tpm_chip *chip); int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, const struct tpm_tis_phy_ops *phy_ops, -- 2.6.6
Signed-off-by: Andrey Pronin <apronin@chromium.org> --- drivers/char/tpm/tpm_tis_spi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/char/tpm/tpm_tis_spi.c b/drivers/char/tpm/tpm_tis_spi.c index dbaad9c..b103373 100644 --- a/drivers/char/tpm/tpm_tis_spi.c +++ b/drivers/char/tpm/tpm_tis_spi.c @@ -206,6 +206,7 @@ static const struct tpm_tis_phy_ops tpm_spi_phy_ops = { .read16 = tpm_tis_spi_read16, .read32 = tpm_tis_spi_read32, .write32 = tpm_tis_spi_write32, + .max_xfer_size = MAX_SPI_FRAMESIZE, }; static int tpm_tis_spi_probe(struct spi_device *dev) -- 2.6.6
Signed-off-by: Andrey Pronin <apronin-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org> --- drivers/char/tpm/tpm_tis_spi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/char/tpm/tpm_tis_spi.c b/drivers/char/tpm/tpm_tis_spi.c index dbaad9c..b103373 100644 --- a/drivers/char/tpm/tpm_tis_spi.c +++ b/drivers/char/tpm/tpm_tis_spi.c @@ -206,6 +206,7 @@ static const struct tpm_tis_phy_ops tpm_spi_phy_ops = { .read16 = tpm_tis_spi_read16, .read32 = tpm_tis_spi_read32, .write32 = tpm_tis_spi_write32, + .max_xfer_size = MAX_SPI_FRAMESIZE, }; static int tpm_tis_spi_probe(struct spi_device *dev) -- 2.6.6 ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev
On Thu, Jul 14, 2016 at 06:39:04PM -0700, Andrey Pronin wrote:
> +static inline u16 tpm_tis_max_xfer_size(struct tpm_tis_data *data)
> +{
> + return data->phy_ops->max_xfer_size;
> +}
> +
> +static inline bool tpm_tis_burstcnt_is_valid(struct tpm_tis_data *data,
> + u16 burstcnt)
> +{
> + return (tpm_tis_max_xfer_size(data) == 0)
> + || (burstcnt <= tpm_tis_max_xfer_size(data));
> +}
We don't need these accessors, just open code it in the one call
site. That is more clear as the ==0 case is important to understand
that the flow is correct.
BTW, I dodn't think || as the start of a line was cannonical kernel
style.. Did checkpatch accept that?
Jason
On Thu, Jul 14, 2016 at 06:39:04PM -0700, Andrey Pronin wrote: > +static inline u16 tpm_tis_max_xfer_size(struct tpm_tis_data *data) > +{ > + return data->phy_ops->max_xfer_size; > +} > + > +static inline bool tpm_tis_burstcnt_is_valid(struct tpm_tis_data *data, > + u16 burstcnt) > +{ > + return (tpm_tis_max_xfer_size(data) == 0) > + || (burstcnt <= tpm_tis_max_xfer_size(data)); > +} We don't need these accessors, just open code it in the one call site. That is more clear as the ==0 case is important to understand that the flow is correct. BTW, I dodn't think || as the start of a line was cannonical kernel style.. Did checkpatch accept that? Jason ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev
On Thu, Jul 14, 2016 at 09:13:51PM -0600, Jason Gunthorpe wrote:
> On Thu, Jul 14, 2016 at 06:39:04PM -0700, Andrey Pronin wrote:
>
> > +static inline u16 tpm_tis_max_xfer_size(struct tpm_tis_data *data)
> > +{
> > + return data->phy_ops->max_xfer_size;
> > +}
> > +
> > +static inline bool tpm_tis_burstcnt_is_valid(struct tpm_tis_data *data,
> > + u16 burstcnt)
> > +{
> > + return (tpm_tis_max_xfer_size(data) == 0)
> > + || (burstcnt <= tpm_tis_max_xfer_size(data));
> > +}
>
> We don't need these accessors, just open code it in the one call
> site. That is more clear as the ==0 case is important to understand
> that the flow is correct.
>
> BTW, I dodn't think || as the start of a line was cannonical kernel
> style.. Did checkpatch accept that?
>
> Jason
You mean completely open code it inside get_burstcount()? Will do.
checkpatch.pl had no problems with it, but I can move it to the end
of the line, if it feels better.
Andrey
On Thu, Jul 14, 2016 at 8:25 PM, Andrey Pronin <apronin@chromium.org> wrote:
> On Thu, Jul 14, 2016 at 09:13:51PM -0600, Jason Gunthorpe wrote:
>> On Thu, Jul 14, 2016 at 06:39:04PM -0700, Andrey Pronin wrote:
>>
>> > +static inline u16 tpm_tis_max_xfer_size(struct tpm_tis_data *data)
>> > +{
>> > + return data->phy_ops->max_xfer_size;
>> > +}
>> > +
>> > +static inline bool tpm_tis_burstcnt_is_valid(struct tpm_tis_data *data,
>> > + u16 burstcnt)
>> > +{
>> > + return (tpm_tis_max_xfer_size(data) == 0)
>> > + || (burstcnt <= tpm_tis_max_xfer_size(data));
>> > +}
>>
>> We don't need these accessors, just open code it in the one call
>> site. That is more clear as the ==0 case is important to understand
>> that the flow is correct.
>>
>> BTW, I dodn't think || as the start of a line was cannonical kernel
>> style.. Did checkpatch accept that?
>>
>> Jason
>
> You mean completely open code it inside get_burstcount()? Will do.
> checkpatch.pl had no problems with it, but I can move it to the end
> of the line, if it feels better.
>
I would suggest to use checkpatch --strict; it will tell you. It will
also ask you to align continuation lines with '(' on the previous
line. On that, I would suggest to follow the style used in the file(s)
you are working on (or follow guidance from the maintainer).
Thanks,
Guenter
On Thu, Jul 14, 2016 at 09:13:51PM -0600, Jason Gunthorpe wrote: > On Thu, Jul 14, 2016 at 06:39:04PM -0700, Andrey Pronin wrote: > > > +static inline u16 tpm_tis_max_xfer_size(struct tpm_tis_data *data) > > +{ > > + return data->phy_ops->max_xfer_size; > > +} > > + > > +static inline bool tpm_tis_burstcnt_is_valid(struct tpm_tis_data *data, > > + u16 burstcnt) > > +{ > > + return (tpm_tis_max_xfer_size(data) == 0) > > + || (burstcnt <= tpm_tis_max_xfer_size(data)); > > +} > > We don't need these accessors, just open code it in the one call > site. That is more clear as the ==0 case is important to understand > that the flow is correct. +1 They add only indirection here with no value. > BTW, I dodn't think || as the start of a line was cannonical kernel > style.. Did checkpatch accept that? > > Jason /Jarkko
On Thu, Jul 14, 2016 at 09:13:51PM -0600, Jason Gunthorpe wrote: > On Thu, Jul 14, 2016 at 06:39:04PM -0700, Andrey Pronin wrote: > > > +static inline u16 tpm_tis_max_xfer_size(struct tpm_tis_data *data) > > +{ > > + return data->phy_ops->max_xfer_size; > > +} > > + > > +static inline bool tpm_tis_burstcnt_is_valid(struct tpm_tis_data *data, > > + u16 burstcnt) > > +{ > > + return (tpm_tis_max_xfer_size(data) == 0) > > + || (burstcnt <= tpm_tis_max_xfer_size(data)); > > +} > > We don't need these accessors, just open code it in the one call > site. That is more clear as the ==0 case is important to understand > that the flow is correct. +1 They add only indirection here with no value. > BTW, I dodn't think || as the start of a line was cannonical kernel > style.. Did checkpatch accept that? > > Jason /Jarkko ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev
This patchset introduces an optional maximum transfer size that can be specified by a tpm driver. Setting the max_xfer_size helps to catch the cases when burstcnt is incorrectly reported by the device (e.g. >64 for spi - happened in practice) and gracefully handle such situations. v2: removed unnecessary accessors in tpm_tis_core.h, fixed style Andrey Pronin (2): tpm_tis_core: add optional max xfer size check tpm_tis_spi: add max xfer size drivers/char/tpm/tpm_tis_core.c | 18 ++++++++++++++++-- drivers/char/tpm/tpm_tis_core.h | 1 + drivers/char/tpm/tpm_tis_spi.c | 1 + 3 files changed, 18 insertions(+), 2 deletions(-) -- 2.6.6
This patchset introduces an optional maximum transfer size that can be specified by a tpm driver. Setting the max_xfer_size helps to catch the cases when burstcnt is incorrectly reported by the device (e.g. >64 for spi - happened in practice) and gracefully handle such situations. v2: removed unnecessary accessors in tpm_tis_core.h, fixed style Andrey Pronin (2): tpm_tis_core: add optional max xfer size check tpm_tis_spi: add max xfer size drivers/char/tpm/tpm_tis_core.c | 18 ++++++++++++++++-- drivers/char/tpm/tpm_tis_core.h | 1 + drivers/char/tpm/tpm_tis_spi.c | 1 + 3 files changed, 18 insertions(+), 2 deletions(-) -- 2.6.6 ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev
If tpm reports a bigger burstcnt than allowed by the physical protocol, re-query the burstcnt and correct, if needed, if still too large. In practice, seen in case of xfer issues (e.g. in spi interface case, lost header causing flow control issues and wrong values returned on read from TPM_STS). Without catching, causes the physical layer to reject xfer, while is easily preventable by re-querying TPM_STS. Signed-off-by: Andrey Pronin <apronin@chromium.org> --- drivers/char/tpm/tpm_tis_core.c | 18 ++++++++++++++++-- drivers/char/tpm/tpm_tis_core.h | 1 + 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index d66f51b..ffc1acb 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -158,6 +158,7 @@ static int get_burstcount(struct tpm_chip *chip) unsigned long stop; int burstcnt, rc; u32 value; + bool retry_burstcnt = false; /* wait for burstcount */ /* which timeout value, spec has 2 answers (c & d) */ @@ -168,8 +169,21 @@ static int get_burstcount(struct tpm_chip *chip) return rc; burstcnt = (value >> 8) & 0xFFFF; - if (burstcnt) - return burstcnt; + if (burstcnt) { + /* If burstcnt is larger than max allowed xfer + * size, retry once - may be a glitch. Return + * max_xfer_size on the 2nd try to avoid being + * stuck forever. + */ + if ((priv->phy_ops->max_xfer_size == 0) || + (burstcnt <= priv->phy_ops->max_xfer_size)) + return burstcnt; + if (retry_burstcnt) + return priv->phy_ops->max_xfer_size; + dev_warn(&chip->dev, + "Bad burstcnt read: %d\n", burstcnt); + retry_burstcnt = true; + } msleep(TPM_TIMEOUT); } while (time_before(jiffies, stop)); return -EBUSY; diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h index 9191aab..58e8b14 100644 --- a/drivers/char/tpm/tpm_tis_core.h +++ b/drivers/char/tpm/tpm_tis_core.h @@ -102,6 +102,7 @@ struct tpm_tis_phy_ops { int (*read16)(struct tpm_tis_data *data, u32 addr, u16 *result); int (*read32)(struct tpm_tis_data *data, u32 addr, u32 *result); int (*write32)(struct tpm_tis_data *data, u32 addr, u32 src); + u16 max_xfer_size; }; static inline int tpm_tis_read_bytes(struct tpm_tis_data *data, u32 addr, -- 2.6.6
If tpm reports a bigger burstcnt than allowed by the physical protocol, re-query the burstcnt and correct, if needed, if still too large. In practice, seen in case of xfer issues (e.g. in spi interface case, lost header causing flow control issues and wrong values returned on read from TPM_STS). Without catching, causes the physical layer to reject xfer, while is easily preventable by re-querying TPM_STS. Signed-off-by: Andrey Pronin <apronin-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org> --- drivers/char/tpm/tpm_tis_core.c | 18 ++++++++++++++++-- drivers/char/tpm/tpm_tis_core.h | 1 + 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index d66f51b..ffc1acb 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -158,6 +158,7 @@ static int get_burstcount(struct tpm_chip *chip) unsigned long stop; int burstcnt, rc; u32 value; + bool retry_burstcnt = false; /* wait for burstcount */ /* which timeout value, spec has 2 answers (c & d) */ @@ -168,8 +169,21 @@ static int get_burstcount(struct tpm_chip *chip) return rc; burstcnt = (value >> 8) & 0xFFFF; - if (burstcnt) - return burstcnt; + if (burstcnt) { + /* If burstcnt is larger than max allowed xfer + * size, retry once - may be a glitch. Return + * max_xfer_size on the 2nd try to avoid being + * stuck forever. + */ + if ((priv->phy_ops->max_xfer_size == 0) || + (burstcnt <= priv->phy_ops->max_xfer_size)) + return burstcnt; + if (retry_burstcnt) + return priv->phy_ops->max_xfer_size; + dev_warn(&chip->dev, + "Bad burstcnt read: %d\n", burstcnt); + retry_burstcnt = true; + } msleep(TPM_TIMEOUT); } while (time_before(jiffies, stop)); return -EBUSY; diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h index 9191aab..58e8b14 100644 --- a/drivers/char/tpm/tpm_tis_core.h +++ b/drivers/char/tpm/tpm_tis_core.h @@ -102,6 +102,7 @@ struct tpm_tis_phy_ops { int (*read16)(struct tpm_tis_data *data, u32 addr, u16 *result); int (*read32)(struct tpm_tis_data *data, u32 addr, u32 *result); int (*write32)(struct tpm_tis_data *data, u32 addr, u32 src); + u16 max_xfer_size; }; static inline int tpm_tis_read_bytes(struct tpm_tis_data *data, u32 addr, -- 2.6.6 ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev
Reject burstcounts larger than 64 bytes reported by tpm. SPI Hardware Protocol defined in section 6.4 of TCG PTP Spec supports up to 64 bytes of data in a transaction. Signed-off-by: Andrey Pronin <apronin@chromium.org> --- drivers/char/tpm/tpm_tis_spi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/char/tpm/tpm_tis_spi.c b/drivers/char/tpm/tpm_tis_spi.c index dbaad9c..b103373 100644 --- a/drivers/char/tpm/tpm_tis_spi.c +++ b/drivers/char/tpm/tpm_tis_spi.c @@ -206,6 +206,7 @@ static const struct tpm_tis_phy_ops tpm_spi_phy_ops = { .read16 = tpm_tis_spi_read16, .read32 = tpm_tis_spi_read32, .write32 = tpm_tis_spi_write32, + .max_xfer_size = MAX_SPI_FRAMESIZE, }; static int tpm_tis_spi_probe(struct spi_device *dev) -- 2.6.6
On Tue, Jul 19, 2016 at 07:34:18PM -0700, Andrey Pronin wrote: > This patchset introduces an optional maximum transfer size that can > be specified by a tpm driver. Setting the max_xfer_size helps to catch > the cases when burstcnt is incorrectly reported by the device (e.g. >64 > for spi - happened in practice) and gracefully handle such situations. Acknowledged but I won't review these before the second week of August. I've been active for early this week to give the feedback for the queued patch sets and make sure that we deliver a solid 4.8 release. Back to the vacation... /Jarkko > v2: removed unnecessary accessors in tpm_tis_core.h, fixed style > > Andrey Pronin (2): > tpm_tis_core: add optional max xfer size check > tpm_tis_spi: add max xfer size > > drivers/char/tpm/tpm_tis_core.c | 18 ++++++++++++++++-- > drivers/char/tpm/tpm_tis_core.h | 1 + > drivers/char/tpm/tpm_tis_spi.c | 1 + > 3 files changed, 18 insertions(+), 2 deletions(-) > > -- > 2.6.6 >
On Tue, Jul 19, 2016 at 07:34:18PM -0700, Andrey Pronin wrote: > This patchset introduces an optional maximum transfer size that can > be specified by a tpm driver. Setting the max_xfer_size helps to catch > the cases when burstcnt is incorrectly reported by the device (e.g. >64 > for spi - happened in practice) and gracefully handle such situations. Acknowledged but I won't review these before the second week of August. I've been active for early this week to give the feedback for the queued patch sets and make sure that we deliver a solid 4.8 release. Back to the vacation... /Jarkko > v2: removed unnecessary accessors in tpm_tis_core.h, fixed style > > Andrey Pronin (2): > tpm_tis_core: add optional max xfer size check > tpm_tis_spi: add max xfer size > > drivers/char/tpm/tpm_tis_core.c | 18 ++++++++++++++++-- > drivers/char/tpm/tpm_tis_core.h | 1 + > drivers/char/tpm/tpm_tis_spi.c | 1 + > 3 files changed, 18 insertions(+), 2 deletions(-) > > -- > 2.6.6 > ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev
This patchset introduces an optional maximum transfer size that can be specified by a tpm driver. Setting the max_xfer_size helps to catch the cases when burstcnt is incorrectly reported by the device (e.g. >64 for spi - happened in practice) and gracefully handle such situations. v2: removed unnecessary accessors in tpm_tis_core.h, fixed style v3: simplified logic: simply cap the burstcnt at max_xfer_size, don't attempt to re-request from tpm. Andrey Pronin (2): tpm_tis_core: add optional max xfer size check tpm_tis_spi: add max xfer size drivers/char/tpm/tpm_tis_core.c | 9 ++++++++- drivers/char/tpm/tpm_tis_core.h | 1 + drivers/char/tpm/tpm_tis_spi.c | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) -- 2.6.6
This patchset introduces an optional maximum transfer size that can be specified by a tpm driver. Setting the max_xfer_size helps to catch the cases when burstcnt is incorrectly reported by the device (e.g. >64 for spi - happened in practice) and gracefully handle such situations. v2: removed unnecessary accessors in tpm_tis_core.h, fixed style v3: simplified logic: simply cap the burstcnt at max_xfer_size, don't attempt to re-request from tpm. Andrey Pronin (2): tpm_tis_core: add optional max xfer size check tpm_tis_spi: add max xfer size drivers/char/tpm/tpm_tis_core.c | 9 ++++++++- drivers/char/tpm/tpm_tis_core.h | 1 + drivers/char/tpm/tpm_tis_spi.c | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) -- 2.6.6 ------------------------------------------------------------------------------
If tpm reports a bigger burstcnt than allowed by the physical protocol, set burstcnt to the max allowed value. In practice, seen in case of xfer issues (e.g. in spi interface case, lost header causing flow control issues and wrong values returned on read from TPM_STS). Without catching, causes the physical layer to reject xfer. Signed-off-by: Andrey Pronin <apronin@chromium.org> --- drivers/char/tpm/tpm_tis_core.c | 9 ++++++++- drivers/char/tpm/tpm_tis_core.h | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index f22caf8..7c4fa0c 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -168,8 +168,15 @@ static int get_burstcount(struct tpm_chip *chip) return rc; burstcnt = (value >> 8) & 0xFFFF; - if (burstcnt) + if (burstcnt) { + if (priv->phy_ops->max_xfer_size && + (burstcnt > priv->phy_ops->max_xfer_size)) { + dev_warn(&chip->dev, + "Bad burstcnt read: %d\n", burstcnt); + burstcnt = priv->phy_ops->max_xfer_size; + } return burstcnt; + } msleep(TPM_TIMEOUT); } while (time_before(jiffies, stop)); return -EBUSY; diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h index 9191aab..58e8b14 100644 --- a/drivers/char/tpm/tpm_tis_core.h +++ b/drivers/char/tpm/tpm_tis_core.h @@ -102,6 +102,7 @@ struct tpm_tis_phy_ops { int (*read16)(struct tpm_tis_data *data, u32 addr, u16 *result); int (*read32)(struct tpm_tis_data *data, u32 addr, u32 *result); int (*write32)(struct tpm_tis_data *data, u32 addr, u32 src); + u16 max_xfer_size; }; static inline int tpm_tis_read_bytes(struct tpm_tis_data *data, u32 addr, -- 2.6.6
If tpm reports a bigger burstcnt than allowed by the physical protocol, set burstcnt to the max allowed value. In practice, seen in case of xfer issues (e.g. in spi interface case, lost header causing flow control issues and wrong values returned on read from TPM_STS). Without catching, causes the physical layer to reject xfer. Signed-off-by: Andrey Pronin <apronin-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org> --- drivers/char/tpm/tpm_tis_core.c | 9 ++++++++- drivers/char/tpm/tpm_tis_core.h | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index f22caf8..7c4fa0c 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -168,8 +168,15 @@ static int get_burstcount(struct tpm_chip *chip) return rc; burstcnt = (value >> 8) & 0xFFFF; - if (burstcnt) + if (burstcnt) { + if (priv->phy_ops->max_xfer_size && + (burstcnt > priv->phy_ops->max_xfer_size)) { + dev_warn(&chip->dev, + "Bad burstcnt read: %d\n", burstcnt); + burstcnt = priv->phy_ops->max_xfer_size; + } return burstcnt; + } msleep(TPM_TIMEOUT); } while (time_before(jiffies, stop)); return -EBUSY; diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h index 9191aab..58e8b14 100644 --- a/drivers/char/tpm/tpm_tis_core.h +++ b/drivers/char/tpm/tpm_tis_core.h @@ -102,6 +102,7 @@ struct tpm_tis_phy_ops { int (*read16)(struct tpm_tis_data *data, u32 addr, u16 *result); int (*read32)(struct tpm_tis_data *data, u32 addr, u32 *result); int (*write32)(struct tpm_tis_data *data, u32 addr, u32 src); + u16 max_xfer_size; }; static inline int tpm_tis_read_bytes(struct tpm_tis_data *data, u32 addr, -- 2.6.6 ------------------------------------------------------------------------------
Reject burstcounts larger than 64 bytes reported by tpm. SPI Hardware Protocol defined in section 6.4 of TCG PTP Spec supports up to 64 bytes of data in a transaction. Signed-off-by: Andrey Pronin <apronin@chromium.org> --- drivers/char/tpm/tpm_tis_spi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/char/tpm/tpm_tis_spi.c b/drivers/char/tpm/tpm_tis_spi.c index dbaad9c..b103373 100644 --- a/drivers/char/tpm/tpm_tis_spi.c +++ b/drivers/char/tpm/tpm_tis_spi.c @@ -206,6 +206,7 @@ static const struct tpm_tis_phy_ops tpm_spi_phy_ops = { .read16 = tpm_tis_spi_read16, .read32 = tpm_tis_spi_read32, .write32 = tpm_tis_spi_write32, + .max_xfer_size = MAX_SPI_FRAMESIZE, }; static int tpm_tis_spi_probe(struct spi_device *dev) -- 2.6.6
Reject burstcounts larger than 64 bytes reported by tpm. SPI Hardware Protocol defined in section 6.4 of TCG PTP Spec supports up to 64 bytes of data in a transaction. Signed-off-by: Andrey Pronin <apronin-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org> --- drivers/char/tpm/tpm_tis_spi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/char/tpm/tpm_tis_spi.c b/drivers/char/tpm/tpm_tis_spi.c index dbaad9c..b103373 100644 --- a/drivers/char/tpm/tpm_tis_spi.c +++ b/drivers/char/tpm/tpm_tis_spi.c @@ -206,6 +206,7 @@ static const struct tpm_tis_phy_ops tpm_spi_phy_ops = { .read16 = tpm_tis_spi_read16, .read32 = tpm_tis_spi_read32, .write32 = tpm_tis_spi_write32, + .max_xfer_size = MAX_SPI_FRAMESIZE, }; static int tpm_tis_spi_probe(struct spi_device *dev) -- 2.6.6 ------------------------------------------------------------------------------
On Wed, Jul 27, 2016 at 08:49:56PM -0700, Andrey Pronin wrote: > If tpm reports a bigger burstcnt than allowed by the physical protocol, > set burstcnt to the max allowed value. > > In practice, seen in case of xfer issues (e.g. in spi interface case, > lost header causing flow control issues and wrong values returned on read > from TPM_STS). Without catching, causes the physical layer to reject xfer. > > Signed-off-by: Andrey Pronin <apronin@chromium.org> > --- > drivers/char/tpm/tpm_tis_core.c | 9 ++++++++- > drivers/char/tpm/tpm_tis_core.h | 1 + > 2 files changed, 9 insertions(+), 1 deletion(-) > > diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c > index f22caf8..7c4fa0c 100644 > --- a/drivers/char/tpm/tpm_tis_core.c > +++ b/drivers/char/tpm/tpm_tis_core.c > @@ -168,8 +168,15 @@ static int get_burstcount(struct tpm_chip *chip) > return rc; > > burstcnt = (value >> 8) & 0xFFFF; > - if (burstcnt) > + if (burstcnt) { > + if (priv->phy_ops->max_xfer_size && > + (burstcnt > priv->phy_ops->max_xfer_size)) { This does not actually need parentheses, otehrwise: Reviewed-by: Dmitry Torokhov <dtor@chromium.org> > + dev_warn(&chip->dev, > + "Bad burstcnt read: %d\n", burstcnt); > + burstcnt = priv->phy_ops->max_xfer_size; > + } > return burstcnt; > + } > msleep(TPM_TIMEOUT); > } while (time_before(jiffies, stop)); > return -EBUSY; > diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h > index 9191aab..58e8b14 100644 > --- a/drivers/char/tpm/tpm_tis_core.h > +++ b/drivers/char/tpm/tpm_tis_core.h > @@ -102,6 +102,7 @@ struct tpm_tis_phy_ops { > int (*read16)(struct tpm_tis_data *data, u32 addr, u16 *result); > int (*read32)(struct tpm_tis_data *data, u32 addr, u32 *result); > int (*write32)(struct tpm_tis_data *data, u32 addr, u32 src); > + u16 max_xfer_size; > }; > > static inline int tpm_tis_read_bytes(struct tpm_tis_data *data, u32 addr, > -- > 2.6.6 > -- Dmitry
On Wed, Jul 27, 2016 at 08:49:57PM -0700, Andrey Pronin wrote: > Reject burstcounts larger than 64 bytes reported by tpm. > SPI Hardware Protocol defined in section 6.4 of TCG PTP > Spec supports up to 64 bytes of data in a transaction. > > Signed-off-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Dmitry Torokhov <dtor@chromium.org> > --- > drivers/char/tpm/tpm_tis_spi.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/char/tpm/tpm_tis_spi.c b/drivers/char/tpm/tpm_tis_spi.c > index dbaad9c..b103373 100644 > --- a/drivers/char/tpm/tpm_tis_spi.c > +++ b/drivers/char/tpm/tpm_tis_spi.c > @@ -206,6 +206,7 @@ static const struct tpm_tis_phy_ops tpm_spi_phy_ops = { > .read16 = tpm_tis_spi_read16, > .read32 = tpm_tis_spi_read32, > .write32 = tpm_tis_spi_write32, > + .max_xfer_size = MAX_SPI_FRAMESIZE, > }; > > static int tpm_tis_spi_probe(struct spi_device *dev) > -- > 2.6.6 > -- Dmitry
On Wed, Jul 27, 2016 at 08:49:56PM -0700, Andrey Pronin wrote: > If tpm reports a bigger burstcnt than allowed by the physical protocol, > set burstcnt to the max allowed value. > > In practice, seen in case of xfer issues (e.g. in spi interface case, > lost header causing flow control issues and wrong values returned on read > from TPM_STS). Without catching, causes the physical layer to reject xfer. > > Signed-off-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> I don't have hardware to test this. Someone should validate that it does not break anything. Christophe, are you able to do this? /Jarkko > --- > drivers/char/tpm/tpm_tis_core.c | 9 ++++++++- > drivers/char/tpm/tpm_tis_core.h | 1 + > 2 files changed, 9 insertions(+), 1 deletion(-) > > diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c > index f22caf8..7c4fa0c 100644 > --- a/drivers/char/tpm/tpm_tis_core.c > +++ b/drivers/char/tpm/tpm_tis_core.c > @@ -168,8 +168,15 @@ static int get_burstcount(struct tpm_chip *chip) > return rc; > > burstcnt = (value >> 8) & 0xFFFF; > - if (burstcnt) > + if (burstcnt) { > + if (priv->phy_ops->max_xfer_size && > + (burstcnt > priv->phy_ops->max_xfer_size)) { > + dev_warn(&chip->dev, > + "Bad burstcnt read: %d\n", burstcnt); > + burstcnt = priv->phy_ops->max_xfer_size; > + } > return burstcnt; > + } > msleep(TPM_TIMEOUT); > } while (time_before(jiffies, stop)); > return -EBUSY; > diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h > index 9191aab..58e8b14 100644 > --- a/drivers/char/tpm/tpm_tis_core.h > +++ b/drivers/char/tpm/tpm_tis_core.h > @@ -102,6 +102,7 @@ struct tpm_tis_phy_ops { > int (*read16)(struct tpm_tis_data *data, u32 addr, u16 *result); > int (*read32)(struct tpm_tis_data *data, u32 addr, u32 *result); > int (*write32)(struct tpm_tis_data *data, u32 addr, u32 src); > + u16 max_xfer_size; > }; > > static inline int tpm_tis_read_bytes(struct tpm_tis_data *data, u32 addr, > -- > 2.6.6 >
On Wed, Jul 27, 2016 at 08:49:56PM -0700, Andrey Pronin wrote: > If tpm reports a bigger burstcnt than allowed by the physical protocol, > set burstcnt to the max allowed value. > > In practice, seen in case of xfer issues (e.g. in spi interface case, > lost header causing flow control issues and wrong values returned on read > from TPM_STS). Without catching, causes the physical layer to reject xfer. > > Signed-off-by: Andrey Pronin <apronin-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org> I don't have hardware to test this. Someone should validate that it does not break anything. Christophe, are you able to do this? /Jarkko > --- > drivers/char/tpm/tpm_tis_core.c | 9 ++++++++- > drivers/char/tpm/tpm_tis_core.h | 1 + > 2 files changed, 9 insertions(+), 1 deletion(-) > > diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c > index f22caf8..7c4fa0c 100644 > --- a/drivers/char/tpm/tpm_tis_core.c > +++ b/drivers/char/tpm/tpm_tis_core.c > @@ -168,8 +168,15 @@ static int get_burstcount(struct tpm_chip *chip) > return rc; > > burstcnt = (value >> 8) & 0xFFFF; > - if (burstcnt) > + if (burstcnt) { > + if (priv->phy_ops->max_xfer_size && > + (burstcnt > priv->phy_ops->max_xfer_size)) { > + dev_warn(&chip->dev, > + "Bad burstcnt read: %d\n", burstcnt); > + burstcnt = priv->phy_ops->max_xfer_size; > + } > return burstcnt; > + } > msleep(TPM_TIMEOUT); > } while (time_before(jiffies, stop)); > return -EBUSY; > diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h > index 9191aab..58e8b14 100644 > --- a/drivers/char/tpm/tpm_tis_core.h > +++ b/drivers/char/tpm/tpm_tis_core.h > @@ -102,6 +102,7 @@ struct tpm_tis_phy_ops { > int (*read16)(struct tpm_tis_data *data, u32 addr, u16 *result); > int (*read32)(struct tpm_tis_data *data, u32 addr, u32 *result); > int (*write32)(struct tpm_tis_data *data, u32 addr, u32 src); > + u16 max_xfer_size; > }; > > static inline int tpm_tis_read_bytes(struct tpm_tis_data *data, u32 addr, > -- > 2.6.6 > ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://sdm.link/zohodev2dev
On Thu, Jul 28, 2016 at 03:53:16PM -0700, Dmitry Torokhov wrote: > On Wed, Jul 27, 2016 at 08:49:57PM -0700, Andrey Pronin wrote: > > Reject burstcounts larger than 64 bytes reported by tpm. > > SPI Hardware Protocol defined in section 6.4 of TCG PTP > > Spec supports up to 64 bytes of data in a transaction. > > > > Signed-off-by: Andrey Pronin <apronin@chromium.org> > > Reviewed-by: Dmitry Torokhov <dtor@chromium.org> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> /Jarkko > > --- > > drivers/char/tpm/tpm_tis_spi.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/drivers/char/tpm/tpm_tis_spi.c b/drivers/char/tpm/tpm_tis_spi.c > > index dbaad9c..b103373 100644 > > --- a/drivers/char/tpm/tpm_tis_spi.c > > +++ b/drivers/char/tpm/tpm_tis_spi.c > > @@ -206,6 +206,7 @@ static const struct tpm_tis_phy_ops tpm_spi_phy_ops = { > > .read16 = tpm_tis_spi_read16, > > .read32 = tpm_tis_spi_read32, > > .write32 = tpm_tis_spi_write32, > > + .max_xfer_size = MAX_SPI_FRAMESIZE, > > }; > > > > static int tpm_tis_spi_probe(struct spi_device *dev) > > -- > > 2.6.6 > > > > -- > Dmitry
On Thu, Jul 28, 2016 at 03:53:16PM -0700, Dmitry Torokhov wrote: > On Wed, Jul 27, 2016 at 08:49:57PM -0700, Andrey Pronin wrote: > > Reject burstcounts larger than 64 bytes reported by tpm. > > SPI Hardware Protocol defined in section 6.4 of TCG PTP > > Spec supports up to 64 bytes of data in a transaction. > > > > Signed-off-by: Andrey Pronin <apronin-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org> > > Reviewed-by: Dmitry Torokhov <dtor-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org> /Jarkko > > --- > > drivers/char/tpm/tpm_tis_spi.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/drivers/char/tpm/tpm_tis_spi.c b/drivers/char/tpm/tpm_tis_spi.c > > index dbaad9c..b103373 100644 > > --- a/drivers/char/tpm/tpm_tis_spi.c > > +++ b/drivers/char/tpm/tpm_tis_spi.c > > @@ -206,6 +206,7 @@ static const struct tpm_tis_phy_ops tpm_spi_phy_ops = { > > .read16 = tpm_tis_spi_read16, > > .read32 = tpm_tis_spi_read32, > > .write32 = tpm_tis_spi_write32, > > + .max_xfer_size = MAX_SPI_FRAMESIZE, > > }; > > > > static int tpm_tis_spi_probe(struct spi_device *dev) > > -- > > 2.6.6 > > > > -- > Dmitry ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://sdm.link/zohodev2dev
Hi, I am Dafna Hirschfeld. I work for Collabora on upstreaming patches found on the chromeos kernel. This patch is in chromeos and is not merged in mainline. Am 09.08.16 um 10:14 schrieb Jarkko Sakkinen: > On Wed, Jul 27, 2016 at 08:49:56PM -0700, Andrey Pronin wrote: >> If tpm reports a bigger burstcnt than allowed by the physical protocol, >> set burstcnt to the max allowed value. >> >> In practice, seen in case of xfer issues (e.g. in spi interface case, >> lost header causing flow control issues and wrong values returned on read >> from TPM_STS). Without catching, causes the physical layer to reject xfer. >> >> Signed-off-by: Andrey Pronin <apronin-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org> > > Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org> > > I don't have hardware to test this. Someone should validate that it > does not break anything. Christophe, are you able to do this? > > /Jarkko > >> --- >> drivers/char/tpm/tpm_tis_core.c | 9 ++++++++- >> drivers/char/tpm/tpm_tis_core.h | 1 + >> 2 files changed, 9 insertions(+), 1 deletion(-) >> >> diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c >> index f22caf8..7c4fa0c 100644 >> --- a/drivers/char/tpm/tpm_tis_core.c >> +++ b/drivers/char/tpm/tpm_tis_core.c >> @@ -168,8 +168,15 @@ static int get_burstcount(struct tpm_chip *chip) >> return rc; >> >> burstcnt = (value >> 8) & 0xFFFF; >> - if (burstcnt) >> + if (burstcnt) { >> + if (priv->phy_ops->max_xfer_size && >> + (burstcnt > priv->phy_ops->max_xfer_size)) { >> + dev_warn(&chip->dev, >> + "Bad burstcnt read: %d\n", burstcnt); >> + burstcnt = priv->phy_ops->max_xfer_size; >> + } >> return burstcnt; I see there is patch in mainline "tpm_tis_spi: Remove limitation of transfers to MAX_SPI_FRAMESIZE bytes" That already limits the transfer length to MAX_SPI_FRAMESIZE. So it seems that this patch is not needed anymore. Can someone confirm that? Thank you, Dafna [1] https://lore.kernel.org/tpmdd-devel/1488459879-24349-5-git-send-email-peter.huewe@infineon.com/ >> + } >> msleep(TPM_TIMEOUT); >> } while (time_before(jiffies, stop)); >> return -EBUSY; >> diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h >> index 9191aab..58e8b14 100644 >> --- a/drivers/char/tpm/tpm_tis_core.h >> +++ b/drivers/char/tpm/tpm_tis_core.h >> @@ -102,6 +102,7 @@ struct tpm_tis_phy_ops { >> int (*read16)(struct tpm_tis_data *data, u32 addr, u16 *result); >> int (*read32)(struct tpm_tis_data *data, u32 addr, u32 *result); >> int (*write32)(struct tpm_tis_data *data, u32 addr, u32 src); >> + u16 max_xfer_size; >> }; >> >> static inline int tpm_tis_read_bytes(struct tpm_tis_data *data, u32 addr, >> -- >> 2.6.6 >> > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning reports. http://sdm.link/zohodev2dev >
On Thu, Nov 19, 2020 at 11:00:40AM +0100, Dafna Hirschfeld wrote: > Hi, > I am Dafna Hirschfeld. I work for Collabora on upstreaming patches > found on the chromeos kernel. > This patch is in chromeos and is not merged in mainline. Tested-by is missing. /Jarkko > Am 09.08.16 um 10:14 schrieb Jarkko Sakkinen: > > On Wed, Jul 27, 2016 at 08:49:56PM -0700, Andrey Pronin wrote: > > > If tpm reports a bigger burstcnt than allowed by the physical protocol, > > > set burstcnt to the max allowed value. > > > > > > In practice, seen in case of xfer issues (e.g. in spi interface case, > > > lost header causing flow control issues and wrong values returned on read > > > from TPM_STS). Without catching, causes the physical layer to reject xfer. > > > > > > Signed-off-by: Andrey Pronin <apronin-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org> > > > > Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org> > > > > I don't have hardware to test this. Someone should validate that it > > does not break anything. Christophe, are you able to do this? > > > > /Jarkko > > > > > --- > > > drivers/char/tpm/tpm_tis_core.c | 9 ++++++++- > > > drivers/char/tpm/tpm_tis_core.h | 1 + > > > 2 files changed, 9 insertions(+), 1 deletion(-) > > > > > > diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c > > > index f22caf8..7c4fa0c 100644 > > > --- a/drivers/char/tpm/tpm_tis_core.c > > > +++ b/drivers/char/tpm/tpm_tis_core.c > > > @@ -168,8 +168,15 @@ static int get_burstcount(struct tpm_chip *chip) > > > return rc; > > > burstcnt = (value >> 8) & 0xFFFF; > > > - if (burstcnt) > > > + if (burstcnt) { > > > + if (priv->phy_ops->max_xfer_size && > > > + (burstcnt > priv->phy_ops->max_xfer_size)) { > > > + dev_warn(&chip->dev, > > > + "Bad burstcnt read: %d\n", burstcnt); > > > + burstcnt = priv->phy_ops->max_xfer_size; > > > + } > > > return burstcnt; > > I see there is patch in mainline "tpm_tis_spi: Remove limitation of transfers to MAX_SPI_FRAMESIZE bytes" > That already limits the transfer length to MAX_SPI_FRAMESIZE. So it seems that this patch is not needed anymore. > Can someone confirm that? > > Thank you, > Dafna > > > > [1] https://lore.kernel.org/tpmdd-devel/1488459879-24349-5-git-send-email-peter.huewe@infineon.com/ > > > > + } > > > msleep(TPM_TIMEOUT); > > > } while (time_before(jiffies, stop)); > > > return -EBUSY; > > > diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h > > > index 9191aab..58e8b14 100644 > > > --- a/drivers/char/tpm/tpm_tis_core.h > > > +++ b/drivers/char/tpm/tpm_tis_core.h > > > @@ -102,6 +102,7 @@ struct tpm_tis_phy_ops { > > > int (*read16)(struct tpm_tis_data *data, u32 addr, u16 *result); > > > int (*read32)(struct tpm_tis_data *data, u32 addr, u32 *result); > > > int (*write32)(struct tpm_tis_data *data, u32 addr, u32 src); > > > + u16 max_xfer_size; > > > }; > > > static inline int tpm_tis_read_bytes(struct tpm_tis_data *data, u32 addr, > > > -- > > > 2.6.6 > > > > > > > ------------------------------------------------------------------------------ > > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > > patterns at an interface-level. Reveals which users, apps, and protocols are > > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > > J-Flow, sFlow and other flows. Make informed decisions using capacity > > planning reports. http://sdm.link/zohodev2dev > >