[Qemu-devel] [PATCH 00/42] TPM: code cleanup & CRB device

[Qemu-devel] [PATCH 00/42] TPM: code cleanup & CRB device

[Marc-André Lureau]

Hi,

I accumulated a series of patch doing some TPM code cleanup while
doing review. I removed some dead code, simplified other parts, and
tried to isolate implementation of the backend and frontend by using a
new TPMIf interface. I solved a few issues, and added some FIXME for
what should be tackled.  Finally, I implemented a simple CRB device
(tpm 2.0) that is work in progress for now - it works fine with
passthrough, but swtpm/libtpms with win10 has some issues that need
more investigations.

seabios CRB support is required for TPM 2.0 & emulation
(https://mail.coreboot.org/pipermail/seabios/2017-October/011839.html)

Comments/review welcome!

Based-on: <1507222112-20315-1-git-send-email-stefanb@linux.vnet.ibm.com>

Marc-André Lureau (42):
  tpm-tis: remove unused hw_access argument
  tpm-tis: remove RAISE_STS_IRQ
  tpm: make tpm_get_backend_driver() static
  tpm: lookup tpm backend class in tpm_driver_find_by_type()
  tpm: replace tpm_get_backend_driver() to drop be_drivers
  tpm: remove tpm_register_driver()
  tpm: move TPMSizedBuffer to tpm_tis.h
  tpm: remove TPMDriverOps
  tpm: remove init() class method
  tpm: remove configure_tpm() hop
  tpm: remove unused TPMBackendCmd
  tpm: remove needless cast
  tpm: remove locty argument from receive_cb
  tpm: add TPMBackendCmd to hold the request state
  tpm-emulator: fix error handling
  tpm: remove locty_data from TPMState
  tpm-tis: move TPMState to TIS header
  tpm-tis: remove tpm_tis.h header
  tpm-tis: fold TPMTISEmuState in TPMState
  tpm: add a QOM TPM interface
  tpm: move recv_data_callback to TPM interface
  tpm-backend: store TPMIf interface, improve backend_init()
  tpm-tis: no longer expose TPMState
  tpm-be: call request_completed() out of thread
  tpm-be: report error instead of front-end
  tpm-be: ask model to the TPM interface
  tpm: remove unused opened code
  tpm-passthrough: don't save guessed cancel_path in options
  tpm-be: update optional function pointers
  tpm-passthrough: pass TPMPassthruState to handle_device_opts
  tpm-backend: move set 'id' to common code
  tpm-passthrough: make it safer to destroy after creation
  tpm-passthrough: remove error cleanup from handle_device_opts
  tpm-passthrough: workaround a possible race
  tpm-tis: simplify header inclusion
  tpm: rename qemu_find_tpm() -> qemu_find_tpm_be()
  tpm: lookup the the TPM interface instead of TIS device
  tpm: add TPM interface to lookup TPM version
  tpm: add tpm_cmd_get_size() to tpm_util
  acpi: change TPM TIS data conditions
  tpm-emulator: add a FIXME comment about blocking cancel
  WIP: add TPM CRB device

 qapi/tpm.json                      |   7 +-
 hw/tpm/tpm_int.h                   |  25 +-
 hw/tpm/tpm_tis.h                   |  70 ------
 hw/tpm/tpm_util.h                  |   8 +-
 include/hw/acpi/tpm.h              |  65 +++++
 include/sysemu/tpm.h               |  59 +++--
 include/sysemu/tpm_backend.h       |  70 ++----
 backends/tpm.c                     | 121 ++++-----
 hw/i386/acpi-build.c               |  33 ++-
 hw/tpm/tpm_crb.c                   | 320 ++++++++++++++++++++++++
 hw/tpm/tpm_emulator.c              |  95 +++----
 hw/tpm/tpm_passthrough.c           | 114 +++------
 hw/tpm/tpm_tis.c                   | 499 +++++++++++++++++++------------------
 hw/tpm/tpm_util.c                  |   1 +
 tpm.c                              |  63 ++---
 default-configs/i386-softmmu.mak   |   1 +
 default-configs/x86_64-softmmu.mak |   1 +
 hw/tpm/Makefile.objs               |   1 +
 scripts/checkpatch.pl              |   1 -
 19 files changed, 899 insertions(+), 655 deletions(-)
 delete mode 100644 hw/tpm/tpm_tis.h
 create mode 100644 hw/tpm/tpm_crb.c

-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 01/42] tpm-tis: remove unused hw_access argument

[Marc-André Lureau]

This argument is always false, simplify the code.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_tis.c | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index d5118e7f60..a9e9cbdeb2 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -615,9 +615,8 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
  * Write a value to a register of the TIS interface
  * See specs pages 33-63 for description of the registers
  */
-static void tpm_tis_mmio_write_intern(void *opaque, hwaddr addr,
-                                      uint64_t val, unsigned size,
-                                      bool hw_access)
+static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
+                               uint64_t val, unsigned size)
 {
     TPMState *s = opaque;
     TPMTISEmuState *tis = &s->s.tis;
@@ -631,7 +630,7 @@ static void tpm_tis_mmio_write_intern(void *opaque, hwaddr addr,
 
     DPRINTF("tpm_tis: write.%u(%08x) = %08x\n", size, (int)addr, (int)val);
 
-    if (locty == 4 && !hw_access) {
+    if (locty == 4) {
         DPRINTF("tpm_tis: Access to locality 4 only allowed from hardware\n");
         return;
     }
@@ -942,12 +941,6 @@ static void tpm_tis_mmio_write_intern(void *opaque, hwaddr addr,
     }
 }
 
-static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
-                               uint64_t val, unsigned size)
-{
-    tpm_tis_mmio_write_intern(opaque, addr, val, size, false);
-}
-
 static const MemoryRegionOps tpm_tis_memory_ops = {
     .read = tpm_tis_mmio_read,
     .write = tpm_tis_mmio_write,
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 02/42] tpm-tis: remove RAISE_STS_IRQ

[Marc-André Lureau]

This look like temporary hacking code. It shouldn't be necessary in
release code, or there should be a runtime option for it.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_tis.c | 24 +-----------------------
 1 file changed, 1 insertion(+), 23 deletions(-)

diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index a9e9cbdeb2..c54dac32de 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -43,9 +43,6 @@
     } \
 } while (0);
 
-/* whether the STS interrupt is supported */
-#define RAISE_STS_IRQ
-
 /* tis registers */
 #define TPM_TIS_REG_ACCESS                0x00
 #define TPM_TIS_REG_INT_ENABLE            0x08
@@ -98,21 +95,11 @@
 #define TPM_TIS_INT_POLARITY_MASK         (3 << 3)
 #define TPM_TIS_INT_POLARITY_LOW_LEVEL    (1 << 3)
 
-#ifndef RAISE_STS_IRQ
-
-#define TPM_TIS_INTERRUPTS_SUPPORTED (TPM_TIS_INT_LOCALITY_CHANGED | \
-                                      TPM_TIS_INT_DATA_AVAILABLE   | \
-                                      TPM_TIS_INT_COMMAND_READY)
-
-#else
-
 #define TPM_TIS_INTERRUPTS_SUPPORTED (TPM_TIS_INT_LOCALITY_CHANGED | \
                                       TPM_TIS_INT_DATA_AVAILABLE   | \
                                       TPM_TIS_INT_STS_VALID | \
                                       TPM_TIS_INT_COMMAND_READY)
 
-#endif
-
 #define TPM_TIS_CAP_INTERFACE_VERSION1_3 (2 << 28)
 #define TPM_TIS_CAP_INTERFACE_VERSION1_3_FOR_TPM2_0 (3 << 28)
 #define TPM_TIS_CAP_DATA_TRANSFER_64B    (3 << 9)
@@ -377,12 +364,8 @@ static void tpm_tis_receive_bh(void *opaque)
         tpm_tis_abort(s, locty);
     }
 
-#ifndef RAISE_STS_IRQ
-    tpm_tis_raise_irq(s, locty, TPM_TIS_INT_DATA_AVAILABLE);
-#else
     tpm_tis_raise_irq(s, locty,
                       TPM_TIS_INT_DATA_AVAILABLE | TPM_TIS_INT_STS_VALID);
-#endif
 }
 
 /*
@@ -421,9 +404,7 @@ static uint32_t tpm_tis_data_read(TPMState *s, uint8_t locty)
         if (tis->loc[locty].r_offset >= len) {
             /* got last byte */
             tpm_tis_sts_set(&tis->loc[locty], TPM_TIS_STS_VALID);
-#ifdef RAISE_STS_IRQ
             tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID);
-#endif
         }
         DPRINTF("tpm_tis: tpm_tis_data_read byte 0x%02x   [%d]\n",
                 ret, tis->loc[locty].r_offset-1);
@@ -912,9 +893,8 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
             if (tis->loc[locty].w_offset > 5 &&
                 (tis->loc[locty].sts & TPM_TIS_STS_EXPECT)) {
                 /* we have a packet length - see if we have all of it */
-#ifdef RAISE_STS_IRQ
                 bool need_irq = !(tis->loc[locty].sts & TPM_TIS_STS_VALID);
-#endif
+
                 len = tpm_tis_get_size_from_buffer(&tis->loc[locty].w_buffer);
                 if (len > tis->loc[locty].w_offset) {
                     tpm_tis_sts_set(&tis->loc[locty],
@@ -923,11 +903,9 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
                     /* packet complete */
                     tpm_tis_sts_set(&tis->loc[locty], TPM_TIS_STS_VALID);
                 }
-#ifdef RAISE_STS_IRQ
                 if (need_irq) {
                     tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID);
                 }
-#endif
             }
         }
         break;
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 03/42] tpm: make tpm_get_backend_driver() static

[Marc-André Lureau]

No need to export the function.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 include/sysemu/tpm_backend.h | 1 -
 tpm.c                        | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index 2c798a1eb4..c6e5637f68 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -215,7 +215,6 @@ TPMInfo *tpm_backend_query_tpm(TPMBackend *s);
 
 TPMBackend *qemu_find_tpm(const char *id);
 
-const TPMDriverOps *tpm_get_backend_driver(const char *type);
 void tpm_register_model(enum TpmModel model);
 void tpm_register_driver(const TPMDriverOps *tdo);
 
diff --git a/tpm.c b/tpm.c
index 3122227156..bc7d7470a8 100644
--- a/tpm.c
+++ b/tpm.c
@@ -31,7 +31,7 @@ void tpm_register_model(enum TpmModel model)
     tpm_models[model] = true;
 }
 
-const TPMDriverOps *tpm_get_backend_driver(const char *type)
+static const TPMDriverOps *tpm_get_backend_driver(const char *type)
 {
     int i = qapi_enum_parse(&TpmType_lookup, type, -1, NULL);
 
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 04/42] tpm: lookup tpm backend class in tpm_driver_find_by_type()

[Marc-André Lureau]

One step towards removing TPMDriverOps and driver registration.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 tpm.c | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/tpm.c b/tpm.c
index bc7d7470a8..04de8da5fd 100644
--- a/tpm.c
+++ b/tpm.c
@@ -47,6 +47,24 @@ void tpm_register_driver(const TPMDriverOps *tdo)
     be_drivers[tdo->type] = tdo;
 }
 
+static const TPMDriverOps *
+tpm_driver_find_by_type(enum TpmType type)
+{
+    ObjectClass *oc;
+    TPMBackendClass *bc;
+    char *typename = g_strdup_printf("tpm-%s", TpmType_str(type));
+
+    oc = object_class_by_name(typename);
+    g_free(typename);
+
+    if (!object_class_dynamic_cast(oc, TYPE_TPM_BACKEND)) {
+        return NULL;
+    }
+
+    bc = TPM_BACKEND_CLASS(oc);
+    return bc->ops;
+}
+
 /*
  * Walk the list of available TPM backend drivers and display them on the
  * screen.
@@ -58,11 +76,11 @@ static void tpm_display_backend_drivers(void)
     fprintf(stderr, "Supported TPM types (choose only one):\n");
 
     for (i = 0; i < TPM_TYPE__MAX; i++) {
-        if (be_drivers[i] == NULL) {
+        const TPMDriverOps *ops = tpm_driver_find_by_type(i);
+        if (!ops) {
             continue;
         }
-        fprintf(stderr, "%12s   %s\n",
-                TpmType_str(i), be_drivers[i]->desc);
+        fprintf(stderr, "%12s   %s\n", TpmType_str(i), ops->desc);
     }
     fprintf(stderr, "\n");
 }
@@ -196,11 +214,6 @@ int tpm_config_parse(QemuOptsList *opts_list, const char *optarg)
 
 #endif /* CONFIG_TPM */
 
-static const TPMDriverOps *tpm_driver_find_by_type(enum TpmType type)
-{
-    return be_drivers[type];
-}
-
 /*
  * Walk the list of active TPM backends and collect information about them
  * following the schema description in qapi-schema.json.
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 05/42] tpm: replace tpm_get_backend_driver() to drop be_drivers

[Marc-André Lureau]

Use tpm_driver_find_by_type() instead.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 tpm.c | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/tpm.c b/tpm.c
index 04de8da5fd..ad2ed6a0da 100644
--- a/tpm.c
+++ b/tpm.c
@@ -31,13 +31,6 @@ void tpm_register_model(enum TpmModel model)
     tpm_models[model] = true;
 }
 
-static const TPMDriverOps *tpm_get_backend_driver(const char *type)
-{
-    int i = qapi_enum_parse(&TpmType_lookup, type, -1, NULL);
-
-    return i >= 0 ? be_drivers[i] : NULL;
-}
-
 #ifdef CONFIG_TPM
 
 void tpm_register_driver(const TPMDriverOps *tdo)
@@ -110,6 +103,7 @@ static int configure_tpm(QemuOpts *opts)
     const TPMDriverOps *be;
     TPMBackend *drv;
     Error *local_err = NULL;
+    int i;
 
     if (!QLIST_EMPTY(&tpm_backends)) {
         error_report("Only one TPM is allowed.");
@@ -129,7 +123,8 @@ static int configure_tpm(QemuOpts *opts)
         return 1;
     }
 
-    be = tpm_get_backend_driver(value);
+    i = qapi_enum_parse(&TpmType_lookup, value, -1, NULL);
+    be = i >= 0 ? tpm_driver_find_by_type(i) : NULL;
     if (be == NULL) {
         error_report(QERR_INVALID_PARAMETER_VALUE,
                      "type", "a TPM backend type");
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 06/42] tpm: remove tpm_register_driver()

[Marc-André Lureau]

No more users of be_drivers[], drop that too.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 include/sysemu/tpm_backend.h | 1 -
 hw/tpm/tpm_emulator.c        | 1 -
 hw/tpm/tpm_passthrough.c     | 1 -
 tpm.c                        | 8 --------
 4 files changed, 11 deletions(-)

diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index c6e5637f68..adb6a68076 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -216,6 +216,5 @@ TPMInfo *tpm_backend_query_tpm(TPMBackend *s);
 TPMBackend *qemu_find_tpm(const char *id);
 
 void tpm_register_model(enum TpmModel model);
-void tpm_register_driver(const TPMDriverOps *tdo);
 
 #endif
diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 5ddd7238d2..9e24a5f30e 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -581,7 +581,6 @@ static const TypeInfo tpm_emulator_info = {
 static void tpm_emulator_register(void)
 {
     type_register_static(&tpm_emulator_info);
-    tpm_register_driver(&tpm_emulator_driver);
 }
 
 type_init(tpm_emulator_register)
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index e6ace28b04..f04eab3e63 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -418,7 +418,6 @@ static const TypeInfo tpm_passthrough_info = {
 static void tpm_passthrough_register(void)
 {
     type_register_static(&tpm_passthrough_info);
-    tpm_register_driver(&tpm_passthrough_driver);
 }
 
 type_init(tpm_passthrough_register)
diff --git a/tpm.c b/tpm.c
index ad2ed6a0da..75a589b837 100644
--- a/tpm.c
+++ b/tpm.c
@@ -23,7 +23,6 @@
 static QLIST_HEAD(, TPMBackend) tpm_backends =
     QLIST_HEAD_INITIALIZER(tpm_backends);
 
-static TPMDriverOps const *be_drivers[TPM_TYPE__MAX];
 static bool tpm_models[TPM_MODEL__MAX];
 
 void tpm_register_model(enum TpmModel model)
@@ -33,13 +32,6 @@ void tpm_register_model(enum TpmModel model)
 
 #ifdef CONFIG_TPM
 
-void tpm_register_driver(const TPMDriverOps *tdo)
-{
-    assert(!be_drivers[tdo->type]);
-
-    be_drivers[tdo->type] = tdo;
-}
-
 static const TPMDriverOps *
 tpm_driver_find_by_type(enum TpmType type)
 {
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 07/42] tpm: move TPMSizedBuffer to tpm_tis.h

[Marc-André Lureau]

Close to where it's being used.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_tis.h             | 5 +++++
 include/sysemu/tpm_backend.h | 5 -----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/tpm/tpm_tis.h b/hw/tpm/tpm_tis.h
index a1df41fa21..31e612a7f4 100644
--- a/hw/tpm/tpm_tis.h
+++ b/hw/tpm/tpm_tis.h
@@ -37,6 +37,11 @@ typedef enum {
     TPM_TIS_STATE_RECEPTION,
 } TPMTISState;
 
+typedef struct TPMSizedBuffer {
+    uint32_t size;
+    uint8_t  *buffer;
+} TPMSizedBuffer;
+
 /* locality data  -- all fields are persisted */
 typedef struct TPMLocality {
     TPMTISState state;
diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index adb6a68076..63093551a1 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -66,11 +66,6 @@ struct TPMBackendClass {
     void (*handle_request)(TPMBackend *s, TPMBackendCmd cmd);
 };
 
-typedef struct TPMSizedBuffer {
-    uint32_t size;
-    uint8_t  *buffer;
-} TPMSizedBuffer;
-
 struct TPMDriverOps {
     enum TpmType type;
     const QemuOptDesc *opts;
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 08/42] tpm: remove TPMDriverOps

[Marc-André Lureau]

Use TPMBackendClass to hold class methods/fields.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 include/sysemu/tpm_backend.h | 15 +++++----------
 backends/tpm.c               | 31 ++++++++++++++++---------------
 hw/tpm/tpm_emulator.c        | 29 ++++++++++++-----------------
 hw/tpm/tpm_passthrough.c     | 25 +++++++++++--------------
 tpm.c                        | 20 +++++++++-----------
 scripts/checkpatch.pl        |  1 -
 6 files changed, 53 insertions(+), 68 deletions(-)

diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index 63093551a1..a4288df038 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -29,7 +29,7 @@
 
 typedef struct TPMBackendClass TPMBackendClass;
 typedef struct TPMBackend TPMBackend;
-typedef struct TPMDriverOps TPMDriverOps;
+
 typedef void (TPMRecvDataCB)(TPMState *, uint8_t locty, bool selftest_done);
 
 typedef enum TPMBackendCmd {
@@ -59,14 +59,6 @@ struct TPMBackend {
 struct TPMBackendClass {
     ObjectClass parent_class;
 
-    const TPMDriverOps *ops;
-
-    void (*opened)(TPMBackend *s, Error **errp);
-
-    void (*handle_request)(TPMBackend *s, TPMBackendCmd cmd);
-};
-
-struct TPMDriverOps {
     enum TpmType type;
     const QemuOptDesc *opts;
     /* get a descriptive text of the backend to display to the user */
@@ -90,8 +82,11 @@ struct TPMDriverOps {
     TPMVersion (*get_tpm_version)(TPMBackend *t);
 
     TpmTypeOptions *(*get_tpm_options)(TPMBackend *t);
-};
 
+    void (*opened)(TPMBackend *s, Error **errp);
+
+    void (*handle_request)(TPMBackend *s, TPMBackendCmd cmd);
+};
 
 /**
  * tpm_backend_get_type:
diff --git a/backends/tpm.c b/backends/tpm.c
index 37c84b7c66..ca3a78eea8 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -41,7 +41,7 @@ enum TpmType tpm_backend_get_type(TPMBackend *s)
 {
     TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
 
-    return k->ops->type;
+    return k->type;
 }
 
 int tpm_backend_init(TPMBackend *s, TPMState *state,
@@ -53,7 +53,7 @@ int tpm_backend_init(TPMBackend *s, TPMState *state,
     s->recv_data_callback = datacb;
     s->had_startup_error = false;
 
-    return k->ops->init ? k->ops->init(s) : 0;
+    return k->init ? k->init(s) : 0;
 }
 
 int tpm_backend_startup_tpm(TPMBackend *s)
@@ -68,7 +68,7 @@ int tpm_backend_startup_tpm(TPMBackend *s)
                                        NULL);
     g_thread_pool_push(s->thread_pool, (gpointer)TPM_BACKEND_CMD_INIT, NULL);
 
-    res = k->ops->startup_tpm ? k->ops->startup_tpm(s) : 0;
+    res = k->startup_tpm ? k->startup_tpm(s) : 0;
 
     s->had_startup_error = (res != 0);
 
@@ -90,8 +90,8 @@ void tpm_backend_reset(TPMBackend *s)
 {
     TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
 
-    if (k->ops->reset) {
-        k->ops->reset(s);
+    if (k->reset) {
+        k->reset(s);
     }
 
     tpm_backend_thread_end(s);
@@ -103,34 +103,34 @@ void tpm_backend_cancel_cmd(TPMBackend *s)
 {
     TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
 
-    assert(k->ops->cancel_cmd);
+    assert(k->cancel_cmd);
 
-    k->ops->cancel_cmd(s);
+    k->cancel_cmd(s);
 }
 
 bool tpm_backend_get_tpm_established_flag(TPMBackend *s)
 {
     TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
 
-    return k->ops->get_tpm_established_flag ?
-           k->ops->get_tpm_established_flag(s) : false;
+    return k->get_tpm_established_flag ?
+           k->get_tpm_established_flag(s) : false;
 }
 
 int tpm_backend_reset_tpm_established_flag(TPMBackend *s, uint8_t locty)
 {
     TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
 
-    return k->ops->reset_tpm_established_flag ?
-           k->ops->reset_tpm_established_flag(s, locty) : 0;
+    return k->reset_tpm_established_flag ?
+           k->reset_tpm_established_flag(s, locty) : 0;
 }
 
 TPMVersion tpm_backend_get_tpm_version(TPMBackend *s)
 {
     TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
 
-    assert(k->ops->get_tpm_version);
+    assert(k->get_tpm_version);
 
-    return k->ops->get_tpm_version(s);
+    return k->get_tpm_version(s);
 }
 
 TPMInfo *tpm_backend_query_tpm(TPMBackend *s)
@@ -140,8 +140,9 @@ TPMInfo *tpm_backend_query_tpm(TPMBackend *s)
 
     info->id = g_strdup(s->id);
     info->model = s->fe_model;
-    info->options = k->ops->get_tpm_options ?
-                    k->ops->get_tpm_options(s) : NULL;
+    if (k->get_tpm_options) {
+        info->options = k->get_tpm_options(s);
+    }
 
     return info;
 }
diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 9e24a5f30e..bb5a65b492 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -60,8 +60,6 @@
 
 #define TPM_EMULATOR_IMPLEMENTS_ALL_CAPS(S, cap) (((S)->caps & (cap)) == (cap))
 
-static const TPMDriverOps tpm_emulator_driver;
-
 /* data structures */
 typedef struct TPMEmulator {
     TPMBackend parent;
@@ -504,20 +502,6 @@ static const QemuOptDesc tpm_emulator_cmdline_opts[] = {
     { /* end of list */ },
 };
 
-static const TPMDriverOps tpm_emulator_driver = {
-    .type                     = TPM_TYPE_EMULATOR,
-    .opts                     = tpm_emulator_cmdline_opts,
-    .desc                     = "TPM emulator backend driver",
-
-    .create                   = tpm_emulator_create,
-    .startup_tpm              = tpm_emulator_startup_tpm,
-    .cancel_cmd               = tpm_emulator_cancel_cmd,
-    .get_tpm_established_flag = tpm_emulator_get_tpm_established_flag,
-    .reset_tpm_established_flag = tpm_emulator_reset_tpm_established_flag,
-    .get_tpm_version          = tpm_emulator_get_tpm_version,
-    .get_tpm_options          = tpm_emulator_get_tpm_options,
-};
-
 static void tpm_emulator_inst_init(Object *obj)
 {
     TPMEmulator *tpm_emu = TPM_EMULATOR(obj);
@@ -565,7 +549,18 @@ static void tpm_emulator_inst_finalize(Object *obj)
 static void tpm_emulator_class_init(ObjectClass *klass, void *data)
 {
     TPMBackendClass *tbc = TPM_BACKEND_CLASS(klass);
-    tbc->ops = &tpm_emulator_driver;
+
+    tbc->type = TPM_TYPE_EMULATOR;
+    tbc->opts = tpm_emulator_cmdline_opts;
+    tbc->desc = "TPM emulator backend driver";
+    tbc->create = tpm_emulator_create;
+    tbc->startup_tpm = tpm_emulator_startup_tpm;
+    tbc->cancel_cmd = tpm_emulator_cancel_cmd;
+    tbc->get_tpm_established_flag = tpm_emulator_get_tpm_established_flag;
+    tbc->reset_tpm_established_flag = tpm_emulator_reset_tpm_established_flag;
+    tbc->get_tpm_version = tpm_emulator_get_tpm_version;
+    tbc->get_tpm_options = tpm_emulator_get_tpm_options;
+
     tbc->handle_request = tpm_emulator_handle_request;
 }
 
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index f04eab3e63..d9da99bc8e 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -365,19 +365,6 @@ static const QemuOptDesc tpm_passthrough_cmdline_opts[] = {
     { /* end of list */ },
 };
 
-static const TPMDriverOps tpm_passthrough_driver = {
-    .type                     = TPM_TYPE_PASSTHROUGH,
-    .opts                     = tpm_passthrough_cmdline_opts,
-    .desc                     = "Passthrough TPM backend driver",
-    .create                   = tpm_passthrough_create,
-    .reset                    = tpm_passthrough_reset,
-    .cancel_cmd               = tpm_passthrough_cancel_cmd,
-    .get_tpm_established_flag = tpm_passthrough_get_tpm_established_flag,
-    .reset_tpm_established_flag = tpm_passthrough_reset_tpm_established_flag,
-    .get_tpm_version          = tpm_passthrough_get_tpm_version,
-    .get_tpm_options          = tpm_passthrough_get_tpm_options,
-};
-
 static void tpm_passthrough_inst_init(Object *obj)
 {
     TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(obj);
@@ -402,7 +389,17 @@ static void tpm_passthrough_class_init(ObjectClass *klass, void *data)
 {
     TPMBackendClass *tbc = TPM_BACKEND_CLASS(klass);
 
-    tbc->ops = &tpm_passthrough_driver;
+    tbc->type = TPM_TYPE_PASSTHROUGH;
+    tbc->opts = tpm_passthrough_cmdline_opts;
+    tbc->desc = "Passthrough TPM backend driver";
+    tbc->create = tpm_passthrough_create;
+    tbc->reset = tpm_passthrough_reset;
+    tbc->cancel_cmd = tpm_passthrough_cancel_cmd;
+    tbc->get_tpm_established_flag = tpm_passthrough_get_tpm_established_flag;
+    tbc->reset_tpm_established_flag =
+        tpm_passthrough_reset_tpm_established_flag;
+    tbc->get_tpm_version = tpm_passthrough_get_tpm_version;
+    tbc->get_tpm_options = tpm_passthrough_get_tpm_options;
     tbc->handle_request = tpm_passthrough_handle_request;
 }
 
diff --git a/tpm.c b/tpm.c
index 75a589b837..4882501bd7 100644
--- a/tpm.c
+++ b/tpm.c
@@ -32,11 +32,10 @@ void tpm_register_model(enum TpmModel model)
 
 #ifdef CONFIG_TPM
 
-static const TPMDriverOps *
-tpm_driver_find_by_type(enum TpmType type)
+static const TPMBackendClass *
+tpm_be_find_by_type(enum TpmType type)
 {
     ObjectClass *oc;
-    TPMBackendClass *bc;
     char *typename = g_strdup_printf("tpm-%s", TpmType_str(type));
 
     oc = object_class_by_name(typename);
@@ -46,8 +45,7 @@ tpm_driver_find_by_type(enum TpmType type)
         return NULL;
     }
 
-    bc = TPM_BACKEND_CLASS(oc);
-    return bc->ops;
+    return TPM_BACKEND_CLASS(oc);
 }
 
 /*
@@ -61,11 +59,11 @@ static void tpm_display_backend_drivers(void)
     fprintf(stderr, "Supported TPM types (choose only one):\n");
 
     for (i = 0; i < TPM_TYPE__MAX; i++) {
-        const TPMDriverOps *ops = tpm_driver_find_by_type(i);
-        if (!ops) {
+        const TPMBackendClass *bc = tpm_be_find_by_type(i);
+        if (!bc) {
             continue;
         }
-        fprintf(stderr, "%12s   %s\n", TpmType_str(i), ops->desc);
+        fprintf(stderr, "%12s   %s\n", TpmType_str(i), bc->desc);
     }
     fprintf(stderr, "\n");
 }
@@ -92,7 +90,7 @@ static int configure_tpm(QemuOpts *opts)
 {
     const char *value;
     const char *id;
-    const TPMDriverOps *be;
+    const TPMBackendClass *be;
     TPMBackend *drv;
     Error *local_err = NULL;
     int i;
@@ -116,7 +114,7 @@ static int configure_tpm(QemuOpts *opts)
     }
 
     i = qapi_enum_parse(&TpmType_lookup, value, -1, NULL);
-    be = i >= 0 ? tpm_driver_find_by_type(i) : NULL;
+    be = i >= 0 ? tpm_be_find_by_type(i) : NULL;
     if (be == NULL) {
         error_report(QERR_INVALID_PARAMETER_VALUE,
                      "type", "a TPM backend type");
@@ -234,7 +232,7 @@ TpmTypeList *qmp_query_tpm_types(Error **errp)
     TpmTypeList *head = NULL, *prev = NULL, *cur_item;
 
     for (i = 0; i < TPM_TYPE__MAX; i++) {
-        if (!tpm_driver_find_by_type(i)) {
+        if (!tpm_be_find_by_type(i)) {
             continue;
         }
         cur_item = g_new0(TpmTypeList, 1);
diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 0c41f1212f..c9529df67f 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -2602,7 +2602,6 @@ sub process {
 				SCSIBusInfo|
 				SCSIReqOps|
 				Spice[A-Z][a-zA-Z0-9]*Interface|
-				TPMDriverOps|
 				USBDesc[A-Z][a-zA-Z0-9]*|
 				VhostOps|
 				VMStateDescription|
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 09/42] tpm: remove init() class method

[Marc-André Lureau]

No backend use it.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 include/sysemu/tpm_backend.h | 2 --
 backends/tpm.c               | 4 +---
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index a4288df038..b08f985500 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -66,8 +66,6 @@ struct TPMBackendClass {
 
     TPMBackend *(*create)(QemuOpts *opts, const char *id);
 
-    /* initialize the backend */
-    int (*init)(TPMBackend *t);
     /* start up the TPM on the backend */
     int (*startup_tpm)(TPMBackend *t);
 
diff --git a/backends/tpm.c b/backends/tpm.c
index ca3a78eea8..dc750d48c9 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -47,13 +47,11 @@ enum TpmType tpm_backend_get_type(TPMBackend *s)
 int tpm_backend_init(TPMBackend *s, TPMState *state,
                      TPMRecvDataCB *datacb)
 {
-    TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
-
     s->tpm_state = state;
     s->recv_data_callback = datacb;
     s->had_startup_error = false;
 
-    return k->init ? k->init(s) : 0;
+    return 0;
 }
 
 int tpm_backend_startup_tpm(TPMBackend *s)
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 10/42] tpm: remove configure_tpm() hop

[Marc-André Lureau]

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 tpm.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/tpm.c b/tpm.c
index 4882501bd7..45520f555d 100644
--- a/tpm.c
+++ b/tpm.c
@@ -86,7 +86,7 @@ TPMBackend *qemu_find_tpm(const char *id)
     return NULL;
 }
 
-static int configure_tpm(QemuOpts *opts)
+static int tpm_init_tpmdev(void *dummy, QemuOpts *opts, Error **errp)
 {
     const char *value;
     const char *id;
@@ -145,11 +145,6 @@ static int configure_tpm(QemuOpts *opts)
     return 0;
 }
 
-static int tpm_init_tpmdev(void *dummy, QemuOpts *opts, Error **errp)
-{
-    return configure_tpm(opts);
-}
-
 /*
  * Walk the list of TPM backend drivers that are in use and call their
  * destroy function to have them cleaned up.
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 11/42] tpm: remove unused TPMBackendCmd

[Marc-André Lureau]

There is only handling of request so far in both backends.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 include/sysemu/tpm_backend.h |  9 +--------
 backends/tpm.c               |  7 ++-----
 hw/tpm/tpm_emulator.c        | 42 ++++++++++++++++--------------------------
 hw/tpm/tpm_passthrough.c     | 29 ++++++++++-------------------
 4 files changed, 29 insertions(+), 58 deletions(-)

diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index b08f985500..7d7ebfc21d 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -32,13 +32,6 @@ typedef struct TPMBackend TPMBackend;
 
 typedef void (TPMRecvDataCB)(TPMState *, uint8_t locty, bool selftest_done);
 
-typedef enum TPMBackendCmd {
-    TPM_BACKEND_CMD_INIT = 1,
-    TPM_BACKEND_CMD_PROCESS_CMD,
-    TPM_BACKEND_CMD_END,
-    TPM_BACKEND_CMD_TPM_RESET,
-} TPMBackendCmd;
-
 struct TPMBackend {
     Object parent;
 
@@ -83,7 +76,7 @@ struct TPMBackendClass {
 
     void (*opened)(TPMBackend *s, Error **errp);
 
-    void (*handle_request)(TPMBackend *s, TPMBackendCmd cmd);
+    void (*handle_request)(TPMBackend *s);
 };
 
 /**
diff --git a/backends/tpm.c b/backends/tpm.c
index dc750d48c9..34e82085ec 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -25,13 +25,12 @@ static void tpm_backend_worker_thread(gpointer data, gpointer user_data)
     TPMBackendClass *k  = TPM_BACKEND_GET_CLASS(s);
 
     assert(k->handle_request != NULL);
-    k->handle_request(s, (TPMBackendCmd)data);
+    k->handle_request(s);
 }
 
 static void tpm_backend_thread_end(TPMBackend *s)
 {
     if (s->thread_pool) {
-        g_thread_pool_push(s->thread_pool, (gpointer)TPM_BACKEND_CMD_END, NULL);
         g_thread_pool_free(s->thread_pool, FALSE, TRUE);
         s->thread_pool = NULL;
     }
@@ -64,7 +63,6 @@ int tpm_backend_startup_tpm(TPMBackend *s)
 
     s->thread_pool = g_thread_pool_new(tpm_backend_worker_thread, s, 1, TRUE,
                                        NULL);
-    g_thread_pool_push(s->thread_pool, (gpointer)TPM_BACKEND_CMD_INIT, NULL);
 
     res = k->startup_tpm ? k->startup_tpm(s) : 0;
 
@@ -80,8 +78,7 @@ bool tpm_backend_had_startup_error(TPMBackend *s)
 
 void tpm_backend_deliver_request(TPMBackend *s)
 {
-    g_thread_pool_push(s->thread_pool, (gpointer)TPM_BACKEND_CMD_PROCESS_CMD,
-                       NULL);
+    g_thread_pool_push(s->thread_pool, NULL, NULL);
 }
 
 void tpm_backend_reset(TPMBackend *s)
diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index bb5a65b492..dadc264182 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -172,39 +172,29 @@ static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number)
     return 0;
 }
 
-static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd cmd)
+static void tpm_emulator_handle_request(TPMBackend *tb)
 {
     TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
     TPMLocality *locty = NULL;
     bool selftest_done = false;
     Error *err = NULL;
 
-    DPRINTF("processing command type %d", cmd);
-
-    switch (cmd) {
-    case TPM_BACKEND_CMD_PROCESS_CMD:
-        locty = tb->tpm_state->locty_data;
-        if (tpm_emulator_set_locality(tpm_emu,
-                                      tb->tpm_state->locty_number) < 0 ||
-            tpm_emulator_unix_tx_bufs(tpm_emu, locty->w_buffer.buffer,
-                                      locty->w_offset, locty->r_buffer.buffer,
-                                      locty->r_buffer.size, &selftest_done,
-                                      &err) < 0) {
-            tpm_util_write_fatal_error_response(locty->r_buffer.buffer,
-                                                locty->r_buffer.size);
-            error_report_err(err);
-        }
-
-        tb->recv_data_callback(tb->tpm_state, tb->tpm_state->locty_number,
-                               selftest_done);
-
-        break;
-    case TPM_BACKEND_CMD_INIT:
-    case TPM_BACKEND_CMD_END:
-    case TPM_BACKEND_CMD_TPM_RESET:
-        /* nothing to do */
-        break;
+    DPRINTF("processing TPM command");
+
+    locty = tb->tpm_state->locty_data;
+    if (tpm_emulator_set_locality(tpm_emu,
+                                  tb->tpm_state->locty_number) < 0 ||
+        tpm_emulator_unix_tx_bufs(tpm_emu, locty->w_buffer.buffer,
+                                  locty->w_offset, locty->r_buffer.buffer,
+                                  locty->r_buffer.size, &selftest_done,
+                                  &err) < 0) {
+        tpm_util_write_fatal_error_response(locty->r_buffer.buffer,
+                                            locty->r_buffer.size);
+        error_report_err(err);
     }
+
+    tb->recv_data_callback(tb->tpm_state, tb->tpm_state->locty_number,
+                           selftest_done);
 }
 
 static int tpm_emulator_probe_caps(TPMEmulator *tpm_emu)
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index d9da99bc8e..5cd988e8a4 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -149,29 +149,20 @@ static int tpm_passthrough_unix_transfer(TPMPassthruState *tpm_pt,
                                         selftest_done);
 }
 
-static void tpm_passthrough_handle_request(TPMBackend *tb, TPMBackendCmd cmd)
+static void tpm_passthrough_handle_request(TPMBackend *tb)
 {
     TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
     bool selftest_done = false;
 
-    DPRINTF("tpm_passthrough: processing command type %d\n", cmd);
-
-    switch (cmd) {
-    case TPM_BACKEND_CMD_PROCESS_CMD:
-        tpm_passthrough_unix_transfer(tpm_pt,
-                                      tb->tpm_state->locty_data,
-                                      &selftest_done);
-
-        tb->recv_data_callback(tb->tpm_state,
-                               tb->tpm_state->locty_number,
-                               selftest_done);
-        break;
-    case TPM_BACKEND_CMD_INIT:
-    case TPM_BACKEND_CMD_END:
-    case TPM_BACKEND_CMD_TPM_RESET:
-        /* nothing to do */
-        break;
-    }
+    DPRINTF("tpm_passthrough: processing command\n");
+
+    tpm_passthrough_unix_transfer(tpm_pt,
+                                  tb->tpm_state->locty_data,
+                                  &selftest_done);
+
+    tb->recv_data_callback(tb->tpm_state,
+                           tb->tpm_state->locty_number,
+                           selftest_done);
 }
 
 static void tpm_passthrough_reset(TPMBackend *tb)
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 12/42] tpm: remove needless cast

[Marc-André Lureau]

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_passthrough.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index 5cd988e8a4..fed3d69799 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -96,7 +96,7 @@ static int tpm_passthrough_unix_tx_bufs(TPMPassthruState *tpm_pt,
 
     is_selftest = tpm_util_is_selftest(in, in_len);
 
-    ret = qemu_write_full(tpm_pt->tpm_fd, (const void *)in, (size_t)in_len);
+    ret = qemu_write_full(tpm_pt->tpm_fd, in, in_len);
     if (ret != in_len) {
         if (!tpm_pt->tpm_op_canceled || errno != ECANCELED) {
             error_report("tpm_passthrough: error while transmitting data "
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 13/42] tpm: remove locty argument from receive_cb

[Marc-André Lureau]

The tpm_state is passed as argument, the assert() is pointless since
we give it the value of tpm_state->locty_number already.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 include/sysemu/tpm_backend.h | 2 +-
 hw/tpm/tpm_emulator.c        | 3 +--
 hw/tpm/tpm_passthrough.c     | 4 +---
 hw/tpm/tpm_tis.c             | 5 ++---
 4 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index 7d7ebfc21d..9c83a512e1 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -30,7 +30,7 @@
 typedef struct TPMBackendClass TPMBackendClass;
 typedef struct TPMBackend TPMBackend;
 
-typedef void (TPMRecvDataCB)(TPMState *, uint8_t locty, bool selftest_done);
+typedef void (TPMRecvDataCB)(TPMState *, bool selftest_done);
 
 struct TPMBackend {
     Object parent;
diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index dadc264182..4fe405353a 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -193,8 +193,7 @@ static void tpm_emulator_handle_request(TPMBackend *tb)
         error_report_err(err);
     }
 
-    tb->recv_data_callback(tb->tpm_state, tb->tpm_state->locty_number,
-                           selftest_done);
+    tb->recv_data_callback(tb->tpm_state, selftest_done);
 }
 
 static int tpm_emulator_probe_caps(TPMEmulator *tpm_emu)
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index fed3d69799..0ae4596932 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -160,9 +160,7 @@ static void tpm_passthrough_handle_request(TPMBackend *tb)
                                   tb->tpm_state->locty_data,
                                   &selftest_done);
 
-    tb->recv_data_callback(tb->tpm_state,
-                           tb->tpm_state->locty_number,
-                           selftest_done);
+    tb->recv_data_callback(tb->tpm_state, selftest_done);
 }
 
 static void tpm_passthrough_reset(TPMBackend *tb)
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index c54dac32de..345a4fbee5 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -371,14 +371,13 @@ static void tpm_tis_receive_bh(void *opaque)
 /*
  * Callback from the TPM to indicate that the response was received.
  */
-static void tpm_tis_receive_cb(TPMState *s, uint8_t locty,
+static void tpm_tis_receive_cb(TPMState *s,
                                bool is_selftest_done)
 {
     TPMTISEmuState *tis = &s->s.tis;
+    uint8_t locty = s->locty_number;
     uint8_t l;
 
-    assert(s->locty_number == locty);
-
     if (is_selftest_done) {
         for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
             tis->loc[locty].sts |= TPM_TIS_STS_SELFTEST_DONE;
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 14/42] tpm: add TPMBackendCmd to hold the request state

[Marc-André Lureau]

This simplifies a bit locality handling, and argument passing, and
could pave the way to queuing requests (if that makes sense).

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_int.h             |  1 +
 include/sysemu/tpm_backend.h | 16 +++++++++++++---
 backends/tpm.c               |  6 +++---
 hw/tpm/tpm_emulator.c        | 29 +++++++++++++++--------------
 hw/tpm/tpm_passthrough.c     | 24 +++++-------------------
 hw/tpm/tpm_tis.c             | 18 +++++++++++++-----
 6 files changed, 50 insertions(+), 44 deletions(-)

diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
index f2f285b3cc..6d7b3dc850 100644
--- a/hw/tpm/tpm_int.h
+++ b/hw/tpm/tpm_int.h
@@ -26,6 +26,7 @@ struct TPMState {
 
     uint8_t     locty_number;
     TPMLocality *locty_data;
+    TPMBackendCmd cmd;
 
     char *backend;
     TPMBackend *be_driver;
diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index 9c83a512e1..3bb90be3de 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -30,7 +30,16 @@
 typedef struct TPMBackendClass TPMBackendClass;
 typedef struct TPMBackend TPMBackend;
 
-typedef void (TPMRecvDataCB)(TPMState *, bool selftest_done);
+typedef void (TPMRecvDataCB)(TPMState *);
+
+typedef struct TPMBackendCmd {
+    uint8_t locty;
+    const uint8_t *in;
+    uint32_t in_len;
+    uint8_t *out;
+    uint32_t out_len;
+    bool selftest_done;
+} TPMBackendCmd;
 
 struct TPMBackend {
     Object parent;
@@ -76,7 +85,7 @@ struct TPMBackendClass {
 
     void (*opened)(TPMBackend *s, Error **errp);
 
-    void (*handle_request)(TPMBackend *s);
+    void (*handle_request)(TPMBackend *s, TPMBackendCmd *cmd);
 };
 
 /**
@@ -121,11 +130,12 @@ bool tpm_backend_had_startup_error(TPMBackend *s);
 /**
  * tpm_backend_deliver_request:
  * @s: the backend to send the request to
+ * @cmd: the command to deliver
  *
  * Send a request to the backend. The backend will then send the request
  * to the TPM implementation.
  */
-void tpm_backend_deliver_request(TPMBackend *s);
+void tpm_backend_deliver_request(TPMBackend *s, TPMBackendCmd *cmd);
 
 /**
  * tpm_backend_reset:
diff --git a/backends/tpm.c b/backends/tpm.c
index 34e82085ec..dc7c831ff8 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -25,7 +25,7 @@ static void tpm_backend_worker_thread(gpointer data, gpointer user_data)
     TPMBackendClass *k  = TPM_BACKEND_GET_CLASS(s);
 
     assert(k->handle_request != NULL);
-    k->handle_request(s);
+    k->handle_request(s, (TPMBackendCmd *)data);
 }
 
 static void tpm_backend_thread_end(TPMBackend *s)
@@ -76,9 +76,9 @@ bool tpm_backend_had_startup_error(TPMBackend *s)
     return s->had_startup_error;
 }
 
-void tpm_backend_deliver_request(TPMBackend *s)
+void tpm_backend_deliver_request(TPMBackend *s, TPMBackendCmd *cmd)
 {
-    g_thread_pool_push(s->thread_pool, NULL, NULL);
+    g_thread_pool_push(s->thread_pool, cmd, NULL);
 }
 
 void tpm_backend_reset(TPMBackend *s)
diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 4fe405353a..788ab9876d 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -172,28 +172,29 @@ static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number)
     return 0;
 }
 
-static void tpm_emulator_handle_request(TPMBackend *tb)
+static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
 {
     TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
-    TPMLocality *locty = NULL;
-    bool selftest_done = false;
     Error *err = NULL;
 
     DPRINTF("processing TPM command");
 
-    locty = tb->tpm_state->locty_data;
-    if (tpm_emulator_set_locality(tpm_emu,
-                                  tb->tpm_state->locty_number) < 0 ||
-        tpm_emulator_unix_tx_bufs(tpm_emu, locty->w_buffer.buffer,
-                                  locty->w_offset, locty->r_buffer.buffer,
-                                  locty->r_buffer.size, &selftest_done,
-                                  &err) < 0) {
-        tpm_util_write_fatal_error_response(locty->r_buffer.buffer,
-                                            locty->r_buffer.size);
-        error_report_err(err);
+    if (tpm_emulator_set_locality(tpm_emu, tb->tpm_state->locty_number) < 0) {
+        goto error;
+    }
+
+    if (tpm_emulator_unix_tx_bufs(tpm_emu, cmd->in, cmd->in_len,
+                                  cmd->out, cmd->out_len,
+                                  &cmd->selftest_done, &err) < 0) {
+        goto error;
     }
 
-    tb->recv_data_callback(tb->tpm_state, selftest_done);
+    tb->recv_data_callback(tb->tpm_state);
+    return;
+
+error:
+    tpm_util_write_fatal_error_response(cmd->out, cmd->out_len);
+    error_report_err(err);
 }
 
 static int tpm_emulator_probe_caps(TPMEmulator *tpm_emu)
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index 0ae4596932..93d72b8e9e 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -137,30 +137,16 @@ err_exit:
     return ret;
 }
 
-static int tpm_passthrough_unix_transfer(TPMPassthruState *tpm_pt,
-                                         const TPMLocality *locty_data,
-                                         bool *selftest_done)
-{
-    return tpm_passthrough_unix_tx_bufs(tpm_pt,
-                                        locty_data->w_buffer.buffer,
-                                        locty_data->w_offset,
-                                        locty_data->r_buffer.buffer,
-                                        locty_data->r_buffer.size,
-                                        selftest_done);
-}
-
-static void tpm_passthrough_handle_request(TPMBackend *tb)
+static void tpm_passthrough_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
 {
     TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
-    bool selftest_done = false;
 
-    DPRINTF("tpm_passthrough: processing command\n");
+    DPRINTF("tpm_passthrough: processing command %p\n", cmd);
 
-    tpm_passthrough_unix_transfer(tpm_pt,
-                                  tb->tpm_state->locty_data,
-                                  &selftest_done);
+    tpm_passthrough_unix_tx_bufs(tpm_pt, cmd->in, cmd->in_len,
+                                 cmd->out, cmd->out_len, &cmd->selftest_done);
 
-    tb->recv_data_callback(tb->tpm_state, selftest_done);
+    tb->recv_data_callback(tb->tpm_state);
 }
 
 static void tpm_passthrough_reset(TPMBackend *tb)
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index 345a4fbee5..ffed7bfaf9 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -215,7 +215,15 @@ static void tpm_tis_tpm_send(TPMState *s, uint8_t locty)
      */
     tis->loc[locty].state = TPM_TIS_STATE_EXECUTION;
 
-    tpm_backend_deliver_request(s->be_driver);
+    s->cmd = (TPMBackendCmd) {
+        .locty = locty,
+        .in = s->locty_data->w_buffer.buffer,
+        .in_len = s->locty_data->w_offset,
+        .out = s->locty_data->r_buffer.buffer,
+        .out_len = s->locty_data->r_buffer.size
+    };
+
+    tpm_backend_deliver_request(s->be_driver, &s->cmd);
 }
 
 /* raise an interrupt if allowed */
@@ -352,7 +360,7 @@ static void tpm_tis_receive_bh(void *opaque)
 {
     TPMState *s = opaque;
     TPMTISEmuState *tis = &s->s.tis;
-    uint8_t locty = s->locty_number;
+    uint8_t locty = s->cmd.locty;
 
     tpm_tis_sts_set(&tis->loc[locty],
                     TPM_TIS_STS_VALID | TPM_TIS_STS_DATA_AVAILABLE);
@@ -371,11 +379,11 @@ static void tpm_tis_receive_bh(void *opaque)
 /*
  * Callback from the TPM to indicate that the response was received.
  */
-static void tpm_tis_receive_cb(TPMState *s,
-                               bool is_selftest_done)
+static void tpm_tis_receive_cb(TPMState *s)
 {
     TPMTISEmuState *tis = &s->s.tis;
-    uint8_t locty = s->locty_number;
+    bool is_selftest_done = s->cmd.selftest_done;
+    uint8_t locty = s->cmd.locty;
     uint8_t l;
 
     if (is_selftest_done) {
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 15/42] tpm-emulator: fix error handling

[Marc-André Lureau]

The previous patch cleaned up a bit error handling, and exposed an
existing bug: error_report_err() could be called with a NULL error.
Instead, make tpm_emulator_set_locality() set the error.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_emulator.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 788ab9876d..25a6258c10 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -141,7 +141,8 @@ static int tpm_emulator_unix_tx_bufs(TPMEmulator *tpm_emu,
     return 0;
 }
 
-static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number)
+static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number,
+                                     Error **errp)
 {
     ptm_loc loc;
 
@@ -155,15 +156,15 @@ static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number)
     loc.u.req.loc = locty_number;
     if (tpm_emulator_ctrlcmd(&tpm_emu->ctrl_chr, CMD_SET_LOCALITY, &loc,
                              sizeof(loc), sizeof(loc)) < 0) {
-        error_report("tpm-emulator: could not set locality : %s",
-                     strerror(errno));
+        error_setg(errp, "tpm-emulator: could not set locality : %s",
+                   strerror(errno));
         return -1;
     }
 
     loc.u.resp.tpm_result = be32_to_cpu(loc.u.resp.tpm_result);
     if (loc.u.resp.tpm_result != 0) {
-        error_report("tpm-emulator: TPM result for set locality : 0x%x",
-                     loc.u.resp.tpm_result);
+        error_setg(errp, "tpm-emulator: TPM result for set locality : 0x%x",
+                   loc.u.resp.tpm_result);
         return -1;
     }
 
@@ -179,7 +180,8 @@ static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
 
     DPRINTF("processing TPM command");
 
-    if (tpm_emulator_set_locality(tpm_emu, tb->tpm_state->locty_number) < 0) {
+    if (tpm_emulator_set_locality(tpm_emu,
+                                  tb->tpm_state->locty_number, &err) < 0) {
         goto error;
     }
 
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 16/42] tpm: remove locty_data from TPMState

[Marc-André Lureau]

Keep it internal to tpm-tis instead.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_int.h      |  2 --
 hw/tpm/tpm_emulator.c |  3 +--
 hw/tpm/tpm_tis.c      | 12 +++++-------
 3 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
index 6d7b3dc850..252c4082ef 100644
--- a/hw/tpm/tpm_int.h
+++ b/hw/tpm/tpm_int.h
@@ -24,8 +24,6 @@ struct TPMState {
         TPMTISEmuState tis;
     } s;
 
-    uint8_t     locty_number;
-    TPMLocality *locty_data;
     TPMBackendCmd cmd;
 
     char *backend;
diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 25a6258c10..407ac97651 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -180,8 +180,7 @@ static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
 
     DPRINTF("processing TPM command");
 
-    if (tpm_emulator_set_locality(tpm_emu,
-                                  tb->tpm_state->locty_number, &err) < 0) {
+    if (tpm_emulator_set_locality(tpm_emu, cmd->locty, &err) < 0) {
         goto error;
     }
 
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index ffed7bfaf9..ad2845622e 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -203,12 +203,10 @@ static void tpm_tis_sts_set(TPMLocality *l, uint32_t flags)
 static void tpm_tis_tpm_send(TPMState *s, uint8_t locty)
 {
     TPMTISEmuState *tis = &s->s.tis;
+    TPMLocality *locty_data = &tis->loc[locty];
 
     tpm_tis_show_buffer(&tis->loc[locty].w_buffer, "tpm_tis: To TPM");
 
-    s->locty_number = locty;
-    s->locty_data = &tis->loc[locty];
-
     /*
      * w_offset serves as length indicator for length of data;
      * it's reset when the response comes back
@@ -217,10 +215,10 @@ static void tpm_tis_tpm_send(TPMState *s, uint8_t locty)
 
     s->cmd = (TPMBackendCmd) {
         .locty = locty,
-        .in = s->locty_data->w_buffer.buffer,
-        .in_len = s->locty_data->w_offset,
-        .out = s->locty_data->r_buffer.buffer,
-        .out_len = s->locty_data->r_buffer.size
+        .in = locty_data->w_buffer.buffer,
+        .in_len = locty_data->w_offset,
+        .out = locty_data->r_buffer.buffer,
+        .out_len = locty_data->r_buffer.size
     };
 
     tpm_backend_deliver_request(s->be_driver, &s->cmd);
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 17/42] tpm-tis: move TPMState to TIS header

[Marc-André Lureau]

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_int.h  | 23 ++---------------------
 hw/tpm/tpm_tis.h  | 19 +++++++++++++++++++
 hw/tpm/tpm_util.c |  1 +
 3 files changed, 22 insertions(+), 21 deletions(-)

diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
index 252c4082ef..e231d0eb4f 100644
--- a/hw/tpm/tpm_int.h
+++ b/hw/tpm/tpm_int.h
@@ -12,28 +12,9 @@
 #ifndef TPM_TPM_INT_H
 #define TPM_TPM_INT_H
 
-#include "exec/memory.h"
-#include "tpm_tis.h"
+#include "qemu/osdep.h"
 
-/* overall state of the TPM interface */
-struct TPMState {
-    ISADevice busdev;
-    MemoryRegion mmio;
-
-    union {
-        TPMTISEmuState tis;
-    } s;
-
-    TPMBackendCmd cmd;
-
-    char *backend;
-    TPMBackend *be_driver;
-    TPMVersion be_tpm_version;
-};
-
-#define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS)
-
-#define TPM_STANDARD_CMDLINE_OPTS \
+#define TPM_STANDARD_CMDLINE_OPTS               \
     { \
         .name = "type", \
         .type = QEMU_OPT_STRING, \
diff --git a/hw/tpm/tpm_tis.h b/hw/tpm/tpm_tis.h
index 31e612a7f4..30e35eef64 100644
--- a/hw/tpm/tpm_tis.h
+++ b/hw/tpm/tpm_tis.h
@@ -72,4 +72,23 @@ typedef struct TPMTISEmuState {
     uint32_t irq_num;
 } TPMTISEmuState;
 
+/* overall state of the TPM interface */
+struct TPMState {
+    ISADevice busdev;
+    MemoryRegion mmio;
+
+    union {
+        TPMTISEmuState tis;
+    } s;
+
+    uint8_t     locty_number;
+    TPMBackendCmd cmd;
+
+    char *backend;
+    TPMBackend *be_driver;
+    TPMVersion be_tpm_version;
+};
+
+#define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS)
+
 #endif /* TPM_TPM_TIS_H */
diff --git a/hw/tpm/tpm_util.c b/hw/tpm/tpm_util.c
index fb929f6e92..7dc5b08824 100644
--- a/hw/tpm/tpm_util.c
+++ b/hw/tpm/tpm_util.c
@@ -22,6 +22,7 @@
 #include "qemu/osdep.h"
 #include "tpm_util.h"
 #include "tpm_int.h"
+#include "exec/memory.h"
 
 /*
  * Write an error message in the given output buffer.
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 18/42] tpm-tis: remove tpm_tis.h header

[Marc-André Lureau]

The definitions are now private to TIS implementation.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_tis.h         | 94 ------------------------------------------------
 hw/tpm/tpm_passthrough.c |  1 -
 hw/tpm/tpm_tis.c         | 72 ++++++++++++++++++++++++++++++++++++-
 3 files changed, 71 insertions(+), 96 deletions(-)
 delete mode 100644 hw/tpm/tpm_tis.h

diff --git a/hw/tpm/tpm_tis.h b/hw/tpm/tpm_tis.h
deleted file mode 100644
index 30e35eef64..0000000000
--- a/hw/tpm/tpm_tis.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * tpm_tis.h - QEMU's TPM TIS interface emulator
- *
- * Copyright (C) 2006, 2010-2013 IBM Corporation
- *
- * Authors:
- *  Stefan Berger <stefanb@us.ibm.com>
- *  David Safford <safford@us.ibm.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- *
- * Implementation of the TIS interface according to specs found at
- * http://www.trustedcomputinggroup.org
- *
- */
-#ifndef TPM_TPM_TIS_H
-#define TPM_TPM_TIS_H
-
-#include "hw/isa/isa.h"
-#include "hw/acpi/tpm.h"
-#include "qemu-common.h"
-
-#define TPM_TIS_NUM_LOCALITIES      5     /* per spec */
-#define TPM_TIS_LOCALITY_SHIFT      12
-#define TPM_TIS_NO_LOCALITY         0xff
-
-#define TPM_TIS_IS_VALID_LOCTY(x)   ((x) < TPM_TIS_NUM_LOCALITIES)
-
-#define TPM_TIS_BUFFER_MAX          4096
-
-typedef enum {
-    TPM_TIS_STATE_IDLE = 0,
-    TPM_TIS_STATE_READY,
-    TPM_TIS_STATE_COMPLETION,
-    TPM_TIS_STATE_EXECUTION,
-    TPM_TIS_STATE_RECEPTION,
-} TPMTISState;
-
-typedef struct TPMSizedBuffer {
-    uint32_t size;
-    uint8_t  *buffer;
-} TPMSizedBuffer;
-
-/* locality data  -- all fields are persisted */
-typedef struct TPMLocality {
-    TPMTISState state;
-    uint8_t access;
-    uint32_t sts;
-    uint32_t iface_id;
-    uint32_t inte;
-    uint32_t ints;
-
-    uint16_t w_offset;
-    uint16_t r_offset;
-    TPMSizedBuffer w_buffer;
-    TPMSizedBuffer r_buffer;
-} TPMLocality;
-
-typedef struct TPMTISEmuState {
-    QEMUBH *bh;
-    uint32_t offset;
-    uint8_t buf[TPM_TIS_BUFFER_MAX];
-
-    uint8_t active_locty;
-    uint8_t aborting_locty;
-    uint8_t next_locty;
-
-    TPMLocality loc[TPM_TIS_NUM_LOCALITIES];
-
-    qemu_irq irq;
-    uint32_t irq_num;
-} TPMTISEmuState;
-
-/* overall state of the TPM interface */
-struct TPMState {
-    ISADevice busdev;
-    MemoryRegion mmio;
-
-    union {
-        TPMTISEmuState tis;
-    } s;
-
-    uint8_t     locty_number;
-    TPMBackendCmd cmd;
-
-    char *backend;
-    TPMBackend *be_driver;
-    TPMVersion be_tpm_version;
-};
-
-#define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS)
-
-#endif /* TPM_TPM_TIS_H */
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index 93d72b8e9e..4274164a61 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -31,7 +31,6 @@
 #include "hw/hw.h"
 #include "hw/i386/pc.h"
 #include "qapi/clone-visitor.h"
-#include "tpm_tis.h"
 #include "tpm_util.h"
 
 #define DEBUG_TPM 0
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index ad2845622e..73cda41dc6 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -23,6 +23,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "hw/isa/isa.h"
 #include "sysemu/tpm_backend.h"
 #include "tpm_int.h"
 #include "sysemu/block-backend.h"
@@ -30,10 +31,79 @@
 #include "hw/hw.h"
 #include "hw/i386/pc.h"
 #include "hw/pci/pci_ids.h"
-#include "tpm_tis.h"
 #include "qapi/error.h"
 #include "qemu-common.h"
 #include "qemu/main-loop.h"
+#include "hw/acpi/tpm.h"
+
+#define TPM_TIS_NUM_LOCALITIES      5     /* per spec */
+#define TPM_TIS_LOCALITY_SHIFT      12
+#define TPM_TIS_NO_LOCALITY         0xff
+
+#define TPM_TIS_IS_VALID_LOCTY(x)   ((x) < TPM_TIS_NUM_LOCALITIES)
+
+#define TPM_TIS_BUFFER_MAX          4096
+
+typedef enum {
+    TPM_TIS_STATE_IDLE = 0,
+    TPM_TIS_STATE_READY,
+    TPM_TIS_STATE_COMPLETION,
+    TPM_TIS_STATE_EXECUTION,
+    TPM_TIS_STATE_RECEPTION,
+} TPMTISState;
+
+typedef struct TPMSizedBuffer {
+    uint32_t size;
+    uint8_t  *buffer;
+} TPMSizedBuffer;
+
+/* locality data  -- all fields are persisted */
+typedef struct TPMLocality {
+    TPMTISState state;
+    uint8_t access;
+    uint32_t sts;
+    uint32_t iface_id;
+    uint32_t inte;
+    uint32_t ints;
+
+    uint16_t w_offset;
+    uint16_t r_offset;
+    TPMSizedBuffer w_buffer;
+    TPMSizedBuffer r_buffer;
+} TPMLocality;
+
+typedef struct TPMTISEmuState {
+    QEMUBH *bh;
+    uint32_t offset;
+    uint8_t buf[TPM_TIS_BUFFER_MAX];
+
+    uint8_t active_locty;
+    uint8_t aborting_locty;
+    uint8_t next_locty;
+
+    TPMLocality loc[TPM_TIS_NUM_LOCALITIES];
+
+    qemu_irq irq;
+    uint32_t irq_num;
+} TPMTISEmuState;
+
+struct TPMState {
+    ISADevice busdev;
+    MemoryRegion mmio;
+
+    union {
+        TPMTISEmuState tis;
+    } s;
+
+    uint8_t     locty_number;
+    TPMBackendCmd cmd;
+
+    char *backend;
+    TPMBackend *be_driver;
+    TPMVersion be_tpm_version;
+};
+
+#define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS)
 
 #define DEBUG_TIS 0
 
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 19/42] tpm-tis: fold TPMTISEmuState in TPMState

[Marc-André Lureau]

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_tis.c | 336 ++++++++++++++++++++++++++-----------------------------
 1 file changed, 157 insertions(+), 179 deletions(-)

diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index 73cda41dc6..d84eec48b4 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -72,7 +72,10 @@ typedef struct TPMLocality {
     TPMSizedBuffer r_buffer;
 } TPMLocality;
 
-typedef struct TPMTISEmuState {
+struct TPMState {
+    ISADevice busdev;
+    MemoryRegion mmio;
+
     QEMUBH *bh;
     uint32_t offset;
     uint8_t buf[TPM_TIS_BUFFER_MAX];
@@ -85,15 +88,6 @@ typedef struct TPMTISEmuState {
 
     qemu_irq irq;
     uint32_t irq_num;
-} TPMTISEmuState;
-
-struct TPMState {
-    ISADevice busdev;
-    MemoryRegion mmio;
-
-    union {
-        TPMTISEmuState tis;
-    } s;
 
     uint8_t     locty_number;
     TPMBackendCmd cmd;
@@ -272,16 +266,15 @@ static void tpm_tis_sts_set(TPMLocality *l, uint32_t flags)
  */
 static void tpm_tis_tpm_send(TPMState *s, uint8_t locty)
 {
-    TPMTISEmuState *tis = &s->s.tis;
-    TPMLocality *locty_data = &tis->loc[locty];
+    TPMLocality *locty_data = &s->loc[locty];
 
-    tpm_tis_show_buffer(&tis->loc[locty].w_buffer, "tpm_tis: To TPM");
+    tpm_tis_show_buffer(&s->loc[locty].w_buffer, "tpm_tis: To TPM");
 
     /*
      * w_offset serves as length indicator for length of data;
      * it's reset when the response comes back
      */
-    tis->loc[locty].state = TPM_TIS_STATE_EXECUTION;
+    s->loc[locty].state = TPM_TIS_STATE_EXECUTION;
 
     s->cmd = (TPMBackendCmd) {
         .locty = locty,
@@ -297,17 +290,15 @@ static void tpm_tis_tpm_send(TPMState *s, uint8_t locty)
 /* raise an interrupt if allowed */
 static void tpm_tis_raise_irq(TPMState *s, uint8_t locty, uint32_t irqmask)
 {
-    TPMTISEmuState *tis = &s->s.tis;
-
     if (!TPM_TIS_IS_VALID_LOCTY(locty)) {
         return;
     }
 
-    if ((tis->loc[locty].inte & TPM_TIS_INT_ENABLED) &&
-        (tis->loc[locty].inte & irqmask)) {
+    if ((s->loc[locty].inte & TPM_TIS_INT_ENABLED) &&
+        (s->loc[locty].inte & irqmask)) {
         DPRINTF("tpm_tis: Raising IRQ for flag %08x\n", irqmask);
-        qemu_irq_raise(s->s.tis.irq);
-        tis->loc[locty].ints |= irqmask;
+        qemu_irq_raise(s->irq);
+        s->loc[locty].ints |= irqmask;
     }
 }
 
@@ -319,7 +310,7 @@ static uint32_t tpm_tis_check_request_use_except(TPMState *s, uint8_t locty)
         if (l == locty) {
             continue;
         }
-        if ((s->s.tis.loc[l].access & TPM_TIS_ACCESS_REQUEST_USE)) {
+        if ((s->loc[l].access & TPM_TIS_ACCESS_REQUEST_USE)) {
             return 1;
         }
     }
@@ -329,14 +320,13 @@ static uint32_t tpm_tis_check_request_use_except(TPMState *s, uint8_t locty)
 
 static void tpm_tis_new_active_locality(TPMState *s, uint8_t new_active_locty)
 {
-    TPMTISEmuState *tis = &s->s.tis;
-    bool change = (s->s.tis.active_locty != new_active_locty);
+    bool change = (s->active_locty != new_active_locty);
     bool is_seize;
     uint8_t mask;
 
-    if (change && TPM_TIS_IS_VALID_LOCTY(s->s.tis.active_locty)) {
+    if (change && TPM_TIS_IS_VALID_LOCTY(s->active_locty)) {
         is_seize = TPM_TIS_IS_VALID_LOCTY(new_active_locty) &&
-                   tis->loc[new_active_locty].access & TPM_TIS_ACCESS_SEIZE;
+                   s->loc[new_active_locty].access & TPM_TIS_ACCESS_SEIZE;
 
         if (is_seize) {
             mask = ~(TPM_TIS_ACCESS_ACTIVE_LOCALITY);
@@ -345,73 +335,70 @@ static void tpm_tis_new_active_locality(TPMState *s, uint8_t new_active_locty)
                      TPM_TIS_ACCESS_REQUEST_USE);
         }
         /* reset flags on the old active locality */
-        tis->loc[s->s.tis.active_locty].access &= mask;
+        s->loc[s->active_locty].access &= mask;
 
         if (is_seize) {
-            tis->loc[tis->active_locty].access |= TPM_TIS_ACCESS_BEEN_SEIZED;
+            s->loc[s->active_locty].access |= TPM_TIS_ACCESS_BEEN_SEIZED;
         }
     }
 
-    tis->active_locty = new_active_locty;
+    s->active_locty = new_active_locty;
 
-    DPRINTF("tpm_tis: Active locality is now %d\n", s->s.tis.active_locty);
+    DPRINTF("tpm_tis: Active locality is now %d\n", s->active_locty);
 
     if (TPM_TIS_IS_VALID_LOCTY(new_active_locty)) {
         /* set flags on the new active locality */
-        tis->loc[new_active_locty].access |= TPM_TIS_ACCESS_ACTIVE_LOCALITY;
-        tis->loc[new_active_locty].access &= ~(TPM_TIS_ACCESS_REQUEST_USE |
+        s->loc[new_active_locty].access |= TPM_TIS_ACCESS_ACTIVE_LOCALITY;
+        s->loc[new_active_locty].access &= ~(TPM_TIS_ACCESS_REQUEST_USE |
                                                TPM_TIS_ACCESS_SEIZE);
     }
 
     if (change) {
-        tpm_tis_raise_irq(s, tis->active_locty, TPM_TIS_INT_LOCALITY_CHANGED);
+        tpm_tis_raise_irq(s, s->active_locty, TPM_TIS_INT_LOCALITY_CHANGED);
     }
 }
 
 /* abort -- this function switches the locality */
 static void tpm_tis_abort(TPMState *s, uint8_t locty)
 {
-    TPMTISEmuState *tis = &s->s.tis;
-
-    tis->loc[locty].r_offset = 0;
-    tis->loc[locty].w_offset = 0;
+    s->loc[locty].r_offset = 0;
+    s->loc[locty].w_offset = 0;
 
-    DPRINTF("tpm_tis: tis_abort: new active locality is %d\n", tis->next_locty);
+    DPRINTF("tpm_tis: tis_abort: new active locality is %d\n", s->next_locty);
 
     /*
      * Need to react differently depending on who's aborting now and
      * which locality will become active afterwards.
      */
-    if (tis->aborting_locty == tis->next_locty) {
-        tis->loc[tis->aborting_locty].state = TPM_TIS_STATE_READY;
-        tpm_tis_sts_set(&tis->loc[tis->aborting_locty],
+    if (s->aborting_locty == s->next_locty) {
+        s->loc[s->aborting_locty].state = TPM_TIS_STATE_READY;
+        tpm_tis_sts_set(&s->loc[s->aborting_locty],
                         TPM_TIS_STS_COMMAND_READY);
-        tpm_tis_raise_irq(s, tis->aborting_locty, TPM_TIS_INT_COMMAND_READY);
+        tpm_tis_raise_irq(s, s->aborting_locty, TPM_TIS_INT_COMMAND_READY);
     }
 
     /* locality after abort is another one than the current one */
-    tpm_tis_new_active_locality(s, tis->next_locty);
+    tpm_tis_new_active_locality(s, s->next_locty);
 
-    tis->next_locty = TPM_TIS_NO_LOCALITY;
+    s->next_locty = TPM_TIS_NO_LOCALITY;
     /* nobody's aborting a command anymore */
-    tis->aborting_locty = TPM_TIS_NO_LOCALITY;
+    s->aborting_locty = TPM_TIS_NO_LOCALITY;
 }
 
 /* prepare aborting current command */
 static void tpm_tis_prep_abort(TPMState *s, uint8_t locty, uint8_t newlocty)
 {
-    TPMTISEmuState *tis = &s->s.tis;
     uint8_t busy_locty;
 
-    tis->aborting_locty = locty;
-    tis->next_locty = newlocty;  /* locality after successful abort */
+    s->aborting_locty = locty;
+    s->next_locty = newlocty;  /* locality after successful abort */
 
     /*
      * only abort a command using an interrupt if currently executing
      * a command AND if there's a valid connection to the vTPM.
      */
     for (busy_locty = 0; busy_locty < TPM_TIS_NUM_LOCALITIES; busy_locty++) {
-        if (tis->loc[busy_locty].state == TPM_TIS_STATE_EXECUTION) {
+        if (s->loc[busy_locty].state == TPM_TIS_STATE_EXECUTION) {
             /*
              * request the backend to cancel. Some backends may not
              * support it
@@ -427,16 +414,15 @@ static void tpm_tis_prep_abort(TPMState *s, uint8_t locty, uint8_t newlocty)
 static void tpm_tis_receive_bh(void *opaque)
 {
     TPMState *s = opaque;
-    TPMTISEmuState *tis = &s->s.tis;
     uint8_t locty = s->cmd.locty;
 
-    tpm_tis_sts_set(&tis->loc[locty],
+    tpm_tis_sts_set(&s->loc[locty],
                     TPM_TIS_STS_VALID | TPM_TIS_STS_DATA_AVAILABLE);
-    tis->loc[locty].state = TPM_TIS_STATE_COMPLETION;
-    tis->loc[locty].r_offset = 0;
-    tis->loc[locty].w_offset = 0;
+    s->loc[locty].state = TPM_TIS_STATE_COMPLETION;
+    s->loc[locty].r_offset = 0;
+    s->loc[locty].w_offset = 0;
 
-    if (TPM_TIS_IS_VALID_LOCTY(tis->next_locty)) {
+    if (TPM_TIS_IS_VALID_LOCTY(s->next_locty)) {
         tpm_tis_abort(s, locty);
     }
 
@@ -449,18 +435,17 @@ static void tpm_tis_receive_bh(void *opaque)
  */
 static void tpm_tis_receive_cb(TPMState *s)
 {
-    TPMTISEmuState *tis = &s->s.tis;
     bool is_selftest_done = s->cmd.selftest_done;
     uint8_t locty = s->cmd.locty;
     uint8_t l;
 
     if (is_selftest_done) {
         for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
-            tis->loc[locty].sts |= TPM_TIS_STS_SELFTEST_DONE;
+            s->loc[locty].sts |= TPM_TIS_STS_SELFTEST_DONE;
         }
     }
 
-    qemu_bh_schedule(tis->bh);
+    qemu_bh_schedule(s->bh);
 }
 
 /*
@@ -468,21 +453,20 @@ static void tpm_tis_receive_cb(TPMState *s)
  */
 static uint32_t tpm_tis_data_read(TPMState *s, uint8_t locty)
 {
-    TPMTISEmuState *tis = &s->s.tis;
     uint32_t ret = TPM_TIS_NO_DATA_BYTE;
     uint16_t len;
 
-    if ((tis->loc[locty].sts & TPM_TIS_STS_DATA_AVAILABLE)) {
-        len = tpm_tis_get_size_from_buffer(&tis->loc[locty].r_buffer);
+    if ((s->loc[locty].sts & TPM_TIS_STS_DATA_AVAILABLE)) {
+        len = tpm_tis_get_size_from_buffer(&s->loc[locty].r_buffer);
 
-        ret = tis->loc[locty].r_buffer.buffer[tis->loc[locty].r_offset++];
-        if (tis->loc[locty].r_offset >= len) {
+        ret = s->loc[locty].r_buffer.buffer[s->loc[locty].r_offset++];
+        if (s->loc[locty].r_offset >= len) {
             /* got last byte */
-            tpm_tis_sts_set(&tis->loc[locty], TPM_TIS_STS_VALID);
+            tpm_tis_sts_set(&s->loc[locty], TPM_TIS_STS_VALID);
             tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID);
         }
         DPRINTF("tpm_tis: tpm_tis_data_read byte 0x%02x   [%d]\n",
-                ret, tis->loc[locty].r_offset-1);
+                ret, s->loc[locty].r_offset - 1);
     }
 
     return ret;
@@ -505,13 +489,12 @@ static void tpm_tis_dump_state(void *opaque, hwaddr addr)
     uint8_t locty = tpm_tis_locality_from_addr(addr);
     hwaddr base = addr & ~0xfff;
     TPMState *s = opaque;
-    TPMTISEmuState *tis = &s->s.tis;
 
     DPRINTF("tpm_tis: active locality      : %d\n"
             "tpm_tis: state of locality %d : %d\n"
             "tpm_tis: register dump:\n",
-            tis->active_locty,
-            locty, tis->loc[locty].state);
+            s->active_locty,
+            locty, s->loc[locty].state);
 
     for (idx = 0; regs[idx] != 0xfff; idx++) {
         DPRINTF("tpm_tis: 0x%04x : 0x%08x\n", regs[idx],
@@ -520,25 +503,25 @@ static void tpm_tis_dump_state(void *opaque, hwaddr addr)
 
     DPRINTF("tpm_tis: read offset   : %d\n"
             "tpm_tis: result buffer : ",
-            tis->loc[locty].r_offset);
+            s->loc[locty].r_offset);
     for (idx = 0;
-         idx < tpm_tis_get_size_from_buffer(&tis->loc[locty].r_buffer);
+         idx < tpm_tis_get_size_from_buffer(&s->loc[locty].r_buffer);
          idx++) {
         DPRINTF("%c%02x%s",
-                tis->loc[locty].r_offset == idx ? '>' : ' ',
-                tis->loc[locty].r_buffer.buffer[idx],
+                s->loc[locty].r_offset == idx ? '>' : ' ',
+                s->loc[locty].r_buffer.buffer[idx],
                 ((idx & 0xf) == 0xf) ? "\ntpm_tis:                 " : "");
     }
     DPRINTF("\n"
             "tpm_tis: write offset  : %d\n"
             "tpm_tis: request buffer: ",
-            tis->loc[locty].w_offset);
+            s->loc[locty].w_offset);
     for (idx = 0;
-         idx < tpm_tis_get_size_from_buffer(&tis->loc[locty].w_buffer);
+         idx < tpm_tis_get_size_from_buffer(&s->loc[locty].w_buffer);
          idx++) {
         DPRINTF("%c%02x%s",
-                tis->loc[locty].w_offset == idx ? '>' : ' ',
-                tis->loc[locty].w_buffer.buffer[idx],
+                s->loc[locty].w_offset == idx ? '>' : ' ',
+                s->loc[locty].w_buffer.buffer[idx],
                 ((idx & 0xf) == 0xf) ? "\ntpm_tis:                 " : "");
     }
     DPRINTF("\n");
@@ -553,7 +536,6 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
                                   unsigned size)
 {
     TPMState *s = opaque;
-    TPMTISEmuState *tis = &s->s.tis;
     uint16_t offset = addr & 0xffc;
     uint8_t shift = (addr & 0x3) * 8;
     uint32_t val = 0xffffffff;
@@ -568,7 +550,7 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
     switch (offset) {
     case TPM_TIS_REG_ACCESS:
         /* never show the SEIZE flag even though we use it internally */
-        val = tis->loc[locty].access & ~TPM_TIS_ACCESS_SEIZE;
+        val = s->loc[locty].access & ~TPM_TIS_ACCESS_SEIZE;
         /* the pending flag is always calculated */
         if (tpm_tis_check_request_use_except(s, locty)) {
             val |= TPM_TIS_ACCESS_PENDING_REQUEST;
@@ -576,13 +558,13 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
         val |= !tpm_backend_get_tpm_established_flag(s->be_driver);
         break;
     case TPM_TIS_REG_INT_ENABLE:
-        val = tis->loc[locty].inte;
+        val = s->loc[locty].inte;
         break;
     case TPM_TIS_REG_INT_VECTOR:
-        val = tis->irq_num;
+        val = s->irq_num;
         break;
     case TPM_TIS_REG_INT_STATUS:
-        val = tis->loc[locty].ints;
+        val = s->loc[locty].ints;
         break;
     case TPM_TIS_REG_INTF_CAPABILITY:
         switch (s->be_tpm_version) {
@@ -598,14 +580,14 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
         }
         break;
     case TPM_TIS_REG_STS:
-        if (tis->active_locty == locty) {
-            if ((tis->loc[locty].sts & TPM_TIS_STS_DATA_AVAILABLE)) {
+        if (s->active_locty == locty) {
+            if ((s->loc[locty].sts & TPM_TIS_STS_DATA_AVAILABLE)) {
                 val = TPM_TIS_BURST_COUNT(
-                       tpm_tis_get_size_from_buffer(&tis->loc[locty].r_buffer)
-                       - tis->loc[locty].r_offset) | tis->loc[locty].sts;
+                       tpm_tis_get_size_from_buffer(&s->loc[locty].r_buffer)
+                       - s->loc[locty].r_offset) | s->loc[locty].sts;
             } else {
-                avail = tis->loc[locty].w_buffer.size
-                        - tis->loc[locty].w_offset;
+                avail = s->loc[locty].w_buffer.size
+                        - s->loc[locty].w_offset;
                 /*
                  * byte-sized reads should not return 0x00 for 0x100
                  * available bytes.
@@ -613,13 +595,13 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
                 if (size == 1 && avail > 0xff) {
                     avail = 0xff;
                 }
-                val = TPM_TIS_BURST_COUNT(avail) | tis->loc[locty].sts;
+                val = TPM_TIS_BURST_COUNT(avail) | s->loc[locty].sts;
             }
         }
         break;
     case TPM_TIS_REG_DATA_FIFO:
     case TPM_TIS_REG_DATA_XFIFO ... TPM_TIS_REG_DATA_XFIFO_END:
-        if (tis->active_locty == locty) {
+        if (s->active_locty == locty) {
             if (size > 4 - (addr & 0x3)) {
                 /* prevent access beyond FIFO */
                 size = 4 - (addr & 0x3);
@@ -627,7 +609,7 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
             val = 0;
             shift = 0;
             while (size > 0) {
-                switch (tis->loc[locty].state) {
+                switch (s->loc[locty].state) {
                 case TPM_TIS_STATE_COMPLETION:
                     v = tpm_tis_data_read(s, locty);
                     break;
@@ -643,7 +625,7 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
         }
         break;
     case TPM_TIS_REG_INTERFACE_ID:
-        val = tis->loc[locty].iface_id;
+        val = s->loc[locty].iface_id;
         break;
     case TPM_TIS_REG_DID_VID:
         val = (TPM_TIS_TPM_DID << 16) | TPM_TIS_TPM_VID;
@@ -675,7 +657,6 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
                                uint64_t val, unsigned size)
 {
     TPMState *s = opaque;
-    TPMTISEmuState *tis = &s->s.tis;
     uint16_t off = addr & 0xffc;
     uint8_t shift = (addr & 0x3) * 8;
     uint8_t locty = tpm_tis_locality_from_addr(addr);
@@ -712,17 +693,17 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
                      TPM_TIS_ACCESS_ACTIVE_LOCALITY);
         }
 
-        active_locty = tis->active_locty;
+        active_locty = s->active_locty;
 
         if ((val & TPM_TIS_ACCESS_ACTIVE_LOCALITY)) {
             /* give up locality if currently owned */
-            if (tis->active_locty == locty) {
+            if (s->active_locty == locty) {
                 DPRINTF("tpm_tis: Releasing locality %d\n", locty);
 
                 uint8_t newlocty = TPM_TIS_NO_LOCALITY;
                 /* anybody wants the locality ? */
                 for (c = TPM_TIS_NUM_LOCALITIES - 1; c >= 0; c--) {
-                    if ((tis->loc[c].access & TPM_TIS_ACCESS_REQUEST_USE)) {
+                    if ((s->loc[c].access & TPM_TIS_ACCESS_REQUEST_USE)) {
                         DPRINTF("tpm_tis: Locality %d requests use.\n", c);
                         newlocty = c;
                         break;
@@ -740,12 +721,12 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
                 }
             } else {
                 /* not currently the owner; clear a pending request */
-                tis->loc[locty].access &= ~TPM_TIS_ACCESS_REQUEST_USE;
+                s->loc[locty].access &= ~TPM_TIS_ACCESS_REQUEST_USE;
             }
         }
 
         if ((val & TPM_TIS_ACCESS_BEEN_SEIZED)) {
-            tis->loc[locty].access &= ~TPM_TIS_ACCESS_BEEN_SEIZED;
+            s->loc[locty].access &= ~TPM_TIS_ACCESS_BEEN_SEIZED;
         }
 
         if ((val & TPM_TIS_ACCESS_SEIZE)) {
@@ -756,19 +737,19 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
              * allow seize for requesting locality if no locality is
              * active
              */
-            while ((TPM_TIS_IS_VALID_LOCTY(tis->active_locty) &&
-                    locty > tis->active_locty) ||
-                    !TPM_TIS_IS_VALID_LOCTY(tis->active_locty)) {
+            while ((TPM_TIS_IS_VALID_LOCTY(s->active_locty) &&
+                    locty > s->active_locty) ||
+                    !TPM_TIS_IS_VALID_LOCTY(s->active_locty)) {
                 bool higher_seize = FALSE;
 
                 /* already a pending SEIZE ? */
-                if ((tis->loc[locty].access & TPM_TIS_ACCESS_SEIZE)) {
+                if ((s->loc[locty].access & TPM_TIS_ACCESS_SEIZE)) {
                     break;
                 }
 
                 /* check for ongoing seize by a higher locality */
                 for (l = locty + 1; l < TPM_TIS_NUM_LOCALITIES; l++) {
-                    if ((tis->loc[l].access & TPM_TIS_ACCESS_SEIZE)) {
+                    if ((s->loc[l].access & TPM_TIS_ACCESS_SEIZE)) {
                         higher_seize = TRUE;
                         break;
                     }
@@ -780,24 +761,24 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
 
                 /* cancel any seize by a lower locality */
                 for (l = 0; l < locty - 1; l++) {
-                    tis->loc[l].access &= ~TPM_TIS_ACCESS_SEIZE;
+                    s->loc[l].access &= ~TPM_TIS_ACCESS_SEIZE;
                 }
 
-                tis->loc[locty].access |= TPM_TIS_ACCESS_SEIZE;
+                s->loc[locty].access |= TPM_TIS_ACCESS_SEIZE;
                 DPRINTF("tpm_tis: TPM_TIS_ACCESS_SEIZE: "
                         "Locality %d seized from locality %d\n",
-                        locty, tis->active_locty);
+                        locty, s->active_locty);
                 DPRINTF("tpm_tis: TPM_TIS_ACCESS_SEIZE: Initiating abort.\n");
                 set_new_locty = 0;
-                tpm_tis_prep_abort(s, tis->active_locty, locty);
+                tpm_tis_prep_abort(s, s->active_locty, locty);
                 break;
             }
         }
 
         if ((val & TPM_TIS_ACCESS_REQUEST_USE)) {
-            if (tis->active_locty != locty) {
-                if (TPM_TIS_IS_VALID_LOCTY(tis->active_locty)) {
-                    tis->loc[locty].access |= TPM_TIS_ACCESS_REQUEST_USE;
+            if (s->active_locty != locty) {
+                if (TPM_TIS_IS_VALID_LOCTY(s->active_locty)) {
+                    s->loc[locty].access |= TPM_TIS_ACCESS_REQUEST_USE;
                 } else {
                     /* no locality active -> make this one active now */
                     active_locty = locty;
@@ -811,12 +792,12 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
 
         break;
     case TPM_TIS_REG_INT_ENABLE:
-        if (tis->active_locty != locty) {
+        if (s->active_locty != locty) {
             break;
         }
 
-        tis->loc[locty].inte &= mask;
-        tis->loc[locty].inte |= (val & (TPM_TIS_INT_ENABLED |
+        s->loc[locty].inte &= mask;
+        s->loc[locty].inte |= (val & (TPM_TIS_INT_ENABLED |
                                         TPM_TIS_INT_POLARITY_MASK |
                                         TPM_TIS_INTERRUPTS_SUPPORTED));
         break;
@@ -824,30 +805,30 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
         /* hard wired -- ignore */
         break;
     case TPM_TIS_REG_INT_STATUS:
-        if (tis->active_locty != locty) {
+        if (s->active_locty != locty) {
             break;
         }
 
         /* clearing of interrupt flags */
         if (((val & TPM_TIS_INTERRUPTS_SUPPORTED)) &&
-            (tis->loc[locty].ints & TPM_TIS_INTERRUPTS_SUPPORTED)) {
-            tis->loc[locty].ints &= ~val;
-            if (tis->loc[locty].ints == 0) {
-                qemu_irq_lower(tis->irq);
+            (s->loc[locty].ints & TPM_TIS_INTERRUPTS_SUPPORTED)) {
+            s->loc[locty].ints &= ~val;
+            if (s->loc[locty].ints == 0) {
+                qemu_irq_lower(s->irq);
                 DPRINTF("tpm_tis: Lowering IRQ\n");
             }
         }
-        tis->loc[locty].ints &= ~(val & TPM_TIS_INTERRUPTS_SUPPORTED);
+        s->loc[locty].ints &= ~(val & TPM_TIS_INTERRUPTS_SUPPORTED);
         break;
     case TPM_TIS_REG_STS:
-        if (tis->active_locty != locty) {
+        if (s->active_locty != locty) {
             break;
         }
 
         if (s->be_tpm_version == TPM_VERSION_2_0) {
             /* some flags that are only supported for TPM 2 */
             if (val & TPM_TIS_STS_COMMAND_CANCEL) {
-                if (tis->loc[locty].state == TPM_TIS_STATE_EXECUTION) {
+                if (s->loc[locty].state == TPM_TIS_STATE_EXECUTION) {
                     /*
                      * request the backend to cancel. Some backends may not
                      * support it
@@ -867,16 +848,16 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
                 TPM_TIS_STS_RESPONSE_RETRY);
 
         if (val == TPM_TIS_STS_COMMAND_READY) {
-            switch (tis->loc[locty].state) {
+            switch (s->loc[locty].state) {
 
             case TPM_TIS_STATE_READY:
-                tis->loc[locty].w_offset = 0;
-                tis->loc[locty].r_offset = 0;
+                s->loc[locty].w_offset = 0;
+                s->loc[locty].r_offset = 0;
             break;
 
             case TPM_TIS_STATE_IDLE:
-                tpm_tis_sts_set(&tis->loc[locty], TPM_TIS_STS_COMMAND_READY);
-                tis->loc[locty].state = TPM_TIS_STATE_READY;
+                tpm_tis_sts_set(&s->loc[locty], TPM_TIS_STS_COMMAND_READY);
+                s->loc[locty].state = TPM_TIS_STATE_READY;
                 tpm_tis_raise_irq(s, locty, TPM_TIS_INT_COMMAND_READY);
             break;
 
@@ -889,23 +870,23 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
             break;
 
             case TPM_TIS_STATE_COMPLETION:
-                tis->loc[locty].w_offset = 0;
-                tis->loc[locty].r_offset = 0;
+                s->loc[locty].w_offset = 0;
+                s->loc[locty].r_offset = 0;
                 /* shortcut to ready state with C/R set */
-                tis->loc[locty].state = TPM_TIS_STATE_READY;
-                if (!(tis->loc[locty].sts & TPM_TIS_STS_COMMAND_READY)) {
-                    tpm_tis_sts_set(&tis->loc[locty],
+                s->loc[locty].state = TPM_TIS_STATE_READY;
+                if (!(s->loc[locty].sts & TPM_TIS_STS_COMMAND_READY)) {
+                    tpm_tis_sts_set(&s->loc[locty],
                                     TPM_TIS_STS_COMMAND_READY);
                     tpm_tis_raise_irq(s, locty, TPM_TIS_INT_COMMAND_READY);
                 }
-                tis->loc[locty].sts &= ~(TPM_TIS_STS_DATA_AVAILABLE);
+                s->loc[locty].sts &= ~(TPM_TIS_STS_DATA_AVAILABLE);
             break;
 
             }
         } else if (val == TPM_TIS_STS_TPM_GO) {
-            switch (tis->loc[locty].state) {
+            switch (s->loc[locty].state) {
             case TPM_TIS_STATE_RECEPTION:
-                if ((tis->loc[locty].sts & TPM_TIS_STS_EXPECT) == 0) {
+                if ((s->loc[locty].sts & TPM_TIS_STS_EXPECT) == 0) {
                     tpm_tis_tpm_send(s, locty);
                 }
                 break;
@@ -914,10 +895,10 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
                 break;
             }
         } else if (val == TPM_TIS_STS_RESPONSE_RETRY) {
-            switch (tis->loc[locty].state) {
+            switch (s->loc[locty].state) {
             case TPM_TIS_STATE_COMPLETION:
-                tis->loc[locty].r_offset = 0;
-                tpm_tis_sts_set(&tis->loc[locty],
+                s->loc[locty].r_offset = 0;
+                tpm_tis_sts_set(&s->loc[locty],
                                 TPM_TIS_STS_VALID|
                                 TPM_TIS_STS_DATA_AVAILABLE);
                 break;
@@ -930,20 +911,20 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
     case TPM_TIS_REG_DATA_FIFO:
     case TPM_TIS_REG_DATA_XFIFO ... TPM_TIS_REG_DATA_XFIFO_END:
         /* data fifo */
-        if (tis->active_locty != locty) {
+        if (s->active_locty != locty) {
             break;
         }
 
-        if (tis->loc[locty].state == TPM_TIS_STATE_IDLE ||
-            tis->loc[locty].state == TPM_TIS_STATE_EXECUTION ||
-            tis->loc[locty].state == TPM_TIS_STATE_COMPLETION) {
+        if (s->loc[locty].state == TPM_TIS_STATE_IDLE ||
+            s->loc[locty].state == TPM_TIS_STATE_EXECUTION ||
+            s->loc[locty].state == TPM_TIS_STATE_COMPLETION) {
             /* drop the byte */
         } else {
             DPRINTF("tpm_tis: Data to send to TPM: %08x (size=%d)\n",
                     (int)val, size);
-            if (tis->loc[locty].state == TPM_TIS_STATE_READY) {
-                tis->loc[locty].state = TPM_TIS_STATE_RECEPTION;
-                tpm_tis_sts_set(&tis->loc[locty],
+            if (s->loc[locty].state == TPM_TIS_STATE_READY) {
+                s->loc[locty].state = TPM_TIS_STATE_RECEPTION;
+                tpm_tis_sts_set(&s->loc[locty],
                                 TPM_TIS_STS_EXPECT | TPM_TIS_STS_VALID);
             }
 
@@ -953,30 +934,30 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
                 size = 4 - (addr & 0x3);
             }
 
-            while ((tis->loc[locty].sts & TPM_TIS_STS_EXPECT) && size > 0) {
-                if (tis->loc[locty].w_offset < tis->loc[locty].w_buffer.size) {
-                    tis->loc[locty].w_buffer.
-                        buffer[tis->loc[locty].w_offset++] = (uint8_t)val;
+            while ((s->loc[locty].sts & TPM_TIS_STS_EXPECT) && size > 0) {
+                if (s->loc[locty].w_offset < s->loc[locty].w_buffer.size) {
+                    s->loc[locty].w_buffer.
+                        buffer[s->loc[locty].w_offset++] = (uint8_t)val;
                     val >>= 8;
                     size--;
                 } else {
-                    tpm_tis_sts_set(&tis->loc[locty], TPM_TIS_STS_VALID);
+                    tpm_tis_sts_set(&s->loc[locty], TPM_TIS_STS_VALID);
                 }
             }
 
             /* check for complete packet */
-            if (tis->loc[locty].w_offset > 5 &&
-                (tis->loc[locty].sts & TPM_TIS_STS_EXPECT)) {
+            if (s->loc[locty].w_offset > 5 &&
+                (s->loc[locty].sts & TPM_TIS_STS_EXPECT)) {
                 /* we have a packet length - see if we have all of it */
-                bool need_irq = !(tis->loc[locty].sts & TPM_TIS_STS_VALID);
+                bool need_irq = !(s->loc[locty].sts & TPM_TIS_STS_VALID);
 
-                len = tpm_tis_get_size_from_buffer(&tis->loc[locty].w_buffer);
-                if (len > tis->loc[locty].w_offset) {
-                    tpm_tis_sts_set(&tis->loc[locty],
+                len = tpm_tis_get_size_from_buffer(&s->loc[locty].w_buffer);
+                if (len > s->loc[locty].w_offset) {
+                    tpm_tis_sts_set(&s->loc[locty],
                                     TPM_TIS_STS_EXPECT | TPM_TIS_STS_VALID);
                 } else {
                     /* packet complete */
-                    tpm_tis_sts_set(&tis->loc[locty], TPM_TIS_STS_VALID);
+                    tpm_tis_sts_set(&s->loc[locty], TPM_TIS_STS_VALID);
                 }
                 if (need_irq) {
                     tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID);
@@ -987,7 +968,7 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
     case TPM_TIS_REG_INTERFACE_ID:
         if (val & TPM_TIS_IFACE_ID_INT_SEL_LOCK) {
             for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
-                tis->loc[l].iface_id |= TPM_TIS_IFACE_ID_INT_SEL_LOCK;
+                s->loc[l].iface_id |= TPM_TIS_IFACE_ID_INT_SEL_LOCK;
             }
         }
         break;
@@ -1036,39 +1017,38 @@ TPMVersion tpm_tis_get_tpm_version(Object *obj)
 static void tpm_tis_reset(DeviceState *dev)
 {
     TPMState *s = TPM(dev);
-    TPMTISEmuState *tis = &s->s.tis;
     int c;
 
     s->be_tpm_version = tpm_backend_get_tpm_version(s->be_driver);
 
     tpm_backend_reset(s->be_driver);
 
-    tis->active_locty = TPM_TIS_NO_LOCALITY;
-    tis->next_locty = TPM_TIS_NO_LOCALITY;
-    tis->aborting_locty = TPM_TIS_NO_LOCALITY;
+    s->active_locty = TPM_TIS_NO_LOCALITY;
+    s->next_locty = TPM_TIS_NO_LOCALITY;
+    s->aborting_locty = TPM_TIS_NO_LOCALITY;
 
     for (c = 0; c < TPM_TIS_NUM_LOCALITIES; c++) {
-        tis->loc[c].access = TPM_TIS_ACCESS_TPM_REG_VALID_STS;
+        s->loc[c].access = TPM_TIS_ACCESS_TPM_REG_VALID_STS;
         switch (s->be_tpm_version) {
         case TPM_VERSION_UNSPEC:
             break;
         case TPM_VERSION_1_2:
-            tis->loc[c].sts = TPM_TIS_STS_TPM_FAMILY1_2;
-            tis->loc[c].iface_id = TPM_TIS_IFACE_ID_SUPPORTED_FLAGS1_3;
+            s->loc[c].sts = TPM_TIS_STS_TPM_FAMILY1_2;
+            s->loc[c].iface_id = TPM_TIS_IFACE_ID_SUPPORTED_FLAGS1_3;
             break;
         case TPM_VERSION_2_0:
-            tis->loc[c].sts = TPM_TIS_STS_TPM_FAMILY2_0;
-            tis->loc[c].iface_id = TPM_TIS_IFACE_ID_SUPPORTED_FLAGS2_0;
+            s->loc[c].sts = TPM_TIS_STS_TPM_FAMILY2_0;
+            s->loc[c].iface_id = TPM_TIS_IFACE_ID_SUPPORTED_FLAGS2_0;
             break;
         }
-        tis->loc[c].inte = TPM_TIS_INT_POLARITY_LOW_LEVEL;
-        tis->loc[c].ints = 0;
-        tis->loc[c].state = TPM_TIS_STATE_IDLE;
-
-        tis->loc[c].w_offset = 0;
-        tpm_tis_realloc_buffer(&tis->loc[c].w_buffer);
-        tis->loc[c].r_offset = 0;
-        tpm_tis_realloc_buffer(&tis->loc[c].r_buffer);
+        s->loc[c].inte = TPM_TIS_INT_POLARITY_LOW_LEVEL;
+        s->loc[c].ints = 0;
+        s->loc[c].state = TPM_TIS_STATE_IDLE;
+
+        s->loc[c].w_offset = 0;
+        tpm_tis_realloc_buffer(&s->loc[c].w_buffer);
+        s->loc[c].r_offset = 0;
+        tpm_tis_realloc_buffer(&s->loc[c].r_buffer);
     }
 
     tpm_tis_do_startup_tpm(s);
@@ -1080,8 +1060,7 @@ static const VMStateDescription vmstate_tpm_tis = {
 };
 
 static Property tpm_tis_properties[] = {
-    DEFINE_PROP_UINT32("irq", TPMState,
-                       s.tis.irq_num, TPM_TIS_IRQ),
+    DEFINE_PROP_UINT32("irq", TPMState, irq_num, TPM_TIS_IRQ),
     DEFINE_PROP_STRING("tpmdev", TPMState, backend),
     DEFINE_PROP_END_OF_LIST(),
 };
@@ -1089,7 +1068,6 @@ static Property tpm_tis_properties[] = {
 static void tpm_tis_realizefn(DeviceState *dev, Error **errp)
 {
     TPMState *s = TPM(dev);
-    TPMTISEmuState *tis = &s->s.tis;
 
     s->be_driver = qemu_find_tpm(s->backend);
     if (!s->be_driver) {
@@ -1106,15 +1084,15 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp)
         return;
     }
 
-    if (tis->irq_num > 15) {
+    if (s->irq_num > 15) {
         error_setg(errp, "tpm_tis: IRQ %d for TPM TIS is outside valid range "
-                   "of 0 to 15", tis->irq_num);
+                   "of 0 to 15", s->irq_num);
         return;
     }
 
-    tis->bh = qemu_bh_new(tpm_tis_receive_bh, s);
+    s->bh = qemu_bh_new(tpm_tis_receive_bh, s);
 
-    isa_init_irq(&s->busdev, &tis->irq, tis->irq_num);
+    isa_init_irq(&s->busdev, &s->irq, s->irq_num);
 
     memory_region_add_subregion(isa_address_space(ISA_DEVICE(dev)),
                                 TPM_TIS_ADDR_BASE, &s->mmio);
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 20/42] tpm: add a QOM TPM interface

[Marc-André Lureau]

This will simplify backend / interface objects relationship, so the
frontend interface will simply have to implement the TPM QOM interface.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_int.h | 17 +++++++++++++++++
 backends/tpm.c   |  8 ++++++++
 hw/tpm/tpm_tis.c |  4 ++++
 3 files changed, 29 insertions(+)

diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
index e231d0eb4f..eb02e7760c 100644
--- a/hw/tpm/tpm_int.h
+++ b/hw/tpm/tpm_int.h
@@ -13,6 +13,23 @@
 #define TPM_TPM_INT_H
 
 #include "qemu/osdep.h"
+#include "qom/object.h"
+
+#define TYPE_TPM_IF "tpm-if"
+#define TPM_IF_CLASS(klass) \
+    OBJECT_CLASS_CHECK(TPMIfClass, (klass), TYPE_TPM_IF)
+#define TPM_IF_GET_CLASS(obj) \
+    OBJECT_GET_CLASS(TPMIfClass, (obj), TYPE_TPM_IF)
+#define TPM_IF(obj) \
+    INTERFACE_CHECK(TPMIf, (obj), TYPE_TPM_IF)
+
+typedef struct TPMIf {
+    Object parent_obj;
+} TPMIf;
+
+typedef struct TPMIfClass {
+    InterfaceClass parent_class;
+} TPMIfClass;
 
 #define TPM_STANDARD_CMDLINE_OPTS               \
     { \
diff --git a/backends/tpm.c b/backends/tpm.c
index dc7c831ff8..87c5c09179 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -17,6 +17,7 @@
 #include "qapi/error.h"
 #include "qapi/qmp/qerror.h"
 #include "sysemu/tpm.h"
+#include "hw/tpm/tpm_int.h"
 #include "qemu/thread.h"
 
 static void tpm_backend_worker_thread(gpointer data, gpointer user_data)
@@ -209,9 +210,16 @@ static const TypeInfo tpm_backend_info = {
     .abstract = true,
 };
 
+static const TypeInfo tpm_if_info = {
+    .name = TYPE_TPM_IF,
+    .parent = TYPE_INTERFACE,
+    .class_size = sizeof(TPMIfClass),
+};
+
 static void register_types(void)
 {
     type_register_static(&tpm_backend_info);
+    type_register_static(&tpm_if_info);
 }
 
 type_init(register_types);
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index d84eec48b4..dbb50043ac 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -1123,6 +1123,10 @@ static const TypeInfo tpm_tis_info = {
     .instance_size = sizeof(TPMState),
     .instance_init = tpm_tis_initfn,
     .class_init  = tpm_tis_class_init,
+    .interfaces = (InterfaceInfo[]) {
+        { TYPE_TPM_IF },
+        { }
+    }
 };
 
 static void tpm_tis_register(void)
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 21/42] tpm: move recv_data_callback to TPM interface

[Marc-André Lureau]

Simplify the TPM backend setup, move callback to TPM interface.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_int.h             |  3 +++
 include/sysemu/tpm_backend.h |  6 +-----
 backends/tpm.c               |  4 +---
 hw/tpm/tpm_emulator.c        |  3 ++-
 hw/tpm/tpm_passthrough.c     |  3 ++-
 hw/tpm/tpm_tis.c             | 11 ++++++-----
 6 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
index eb02e7760c..9c045b6691 100644
--- a/hw/tpm/tpm_int.h
+++ b/hw/tpm/tpm_int.h
@@ -29,6 +29,9 @@ typedef struct TPMIf {
 
 typedef struct TPMIfClass {
     InterfaceClass parent_class;
+
+    /* run in thread pool by backend */
+    void (*request_completed)(TPMIf *obj);
 } TPMIfClass;
 
 #define TPM_STANDARD_CMDLINE_OPTS               \
diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index 3bb90be3de..03ea5a3400 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -30,8 +30,6 @@
 typedef struct TPMBackendClass TPMBackendClass;
 typedef struct TPMBackend TPMBackend;
 
-typedef void (TPMRecvDataCB)(TPMState *);
-
 typedef struct TPMBackendCmd {
     uint8_t locty;
     const uint8_t *in;
@@ -48,7 +46,6 @@ struct TPMBackend {
     bool opened;
     TPMState *tpm_state;
     GThreadPool *thread_pool;
-    TPMRecvDataCB *recv_data_callback;
     bool had_startup_error;
 
     /* <public> */
@@ -106,8 +103,7 @@ enum TpmType tpm_backend_get_type(TPMBackend *s);
  *
  * Returns 0 on success.
  */
-int tpm_backend_init(TPMBackend *s, TPMState *state,
-                     TPMRecvDataCB *datacb);
+int tpm_backend_init(TPMBackend *s, TPMState *state);
 
 /**
  * tpm_backend_startup_tpm:
diff --git a/backends/tpm.c b/backends/tpm.c
index 87c5c09179..5763f6f369 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -44,11 +44,9 @@ enum TpmType tpm_backend_get_type(TPMBackend *s)
     return k->type;
 }
 
-int tpm_backend_init(TPMBackend *s, TPMState *state,
-                     TPMRecvDataCB *datacb)
+int tpm_backend_init(TPMBackend *s, TPMState *state)
 {
     s->tpm_state = state;
-    s->recv_data_callback = datacb;
     s->had_startup_error = false;
 
     return 0;
diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 407ac97651..f04f4e0830 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -176,6 +176,7 @@ static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number,
 static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
 {
     TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
+    TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpm_state);
     Error *err = NULL;
 
     DPRINTF("processing TPM command");
@@ -190,7 +191,7 @@ static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
         goto error;
     }
 
-    tb->recv_data_callback(tb->tpm_state);
+    tic->request_completed(TPM_IF(tb->tpm_state));
     return;
 
 error:
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index 4274164a61..c440aff4b2 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -139,13 +139,14 @@ err_exit:
 static void tpm_passthrough_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
 {
     TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
+    TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpm_state);
 
     DPRINTF("tpm_passthrough: processing command %p\n", cmd);
 
     tpm_passthrough_unix_tx_bufs(tpm_pt, cmd->in, cmd->in_len,
                                  cmd->out, cmd->out_len, &cmd->selftest_done);
 
-    tb->recv_data_callback(tb->tpm_state);
+    tic->request_completed(TPM_IF(tb->tpm_state));
 }
 
 static void tpm_passthrough_reset(TPMBackend *tb)
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index dbb50043ac..8c5cac5fa5 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -430,11 +430,10 @@ static void tpm_tis_receive_bh(void *opaque)
                       TPM_TIS_INT_DATA_AVAILABLE | TPM_TIS_INT_STS_VALID);
 }
 
-/*
- * Callback from the TPM to indicate that the response was received.
- */
-static void tpm_tis_receive_cb(TPMState *s)
+static void tpm_tis_request_completed(TPMIf *ti)
 {
+    TPMState *s = TPM(ti);
+
     bool is_selftest_done = s->cmd.selftest_done;
     uint8_t locty = s->cmd.locty;
     uint8_t l;
@@ -1078,7 +1077,7 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp)
 
     s->be_driver->fe_model = TPM_MODEL_TPM_TIS;
 
-    if (tpm_backend_init(s->be_driver, s, tpm_tis_receive_cb)) {
+    if (tpm_backend_init(s->be_driver, s)) {
         error_setg(errp, "tpm_tis: backend driver with id %s could not be "
                    "initialized", s->backend);
         return;
@@ -1110,11 +1109,13 @@ static void tpm_tis_initfn(Object *obj)
 static void tpm_tis_class_init(ObjectClass *klass, void *data)
 {
     DeviceClass *dc = DEVICE_CLASS(klass);
+    TPMIfClass *tc = TPM_IF_CLASS(klass);
 
     dc->realize = tpm_tis_realizefn;
     dc->props = tpm_tis_properties;
     dc->reset = tpm_tis_reset;
     dc->vmsd  = &vmstate_tpm_tis;
+    tc->request_completed = tpm_tis_request_completed;
 }
 
 static const TypeInfo tpm_tis_info = {
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 22/42] tpm-backend: store TPMIf interface, improve backend_init()

[Marc-André Lureau]

Store the TPM interface, the actual object may be different from
TPMState. Keep a reference on the interface, and check the backend
wasn't already initialized.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 include/sysemu/tpm_backend.h |  7 ++++---
 backends/tpm.c               | 12 +++++++++---
 hw/tpm/tpm_emulator.c        |  4 ++--
 hw/tpm/tpm_passthrough.c     |  4 ++--
 hw/tpm/tpm_tis.c             |  2 +-
 5 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index 03ea5a3400..8d08765b3c 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -18,6 +18,7 @@
 #include "qapi-types.h"
 #include "qemu/option.h"
 #include "sysemu/tpm.h"
+#include "hw/tpm/tpm_int.h"
 
 #define TYPE_TPM_BACKEND "tpm-backend"
 #define TPM_BACKEND(obj) \
@@ -43,8 +44,8 @@ struct TPMBackend {
     Object parent;
 
     /*< protected >*/
+    TPMIf *tpmif;
     bool opened;
-    TPMState *tpm_state;
     GThreadPool *thread_pool;
     bool had_startup_error;
 
@@ -96,14 +97,14 @@ enum TpmType tpm_backend_get_type(TPMBackend *s);
 /**
  * tpm_backend_init:
  * @s: the backend to initialized
- * @state: TPMState
+ * @tpmif: TPM interface
  * @datacb: callback for sending data to frontend
  *
  * Initialize the backend with the given variables.
  *
  * Returns 0 on success.
  */
-int tpm_backend_init(TPMBackend *s, TPMState *state);
+int tpm_backend_init(TPMBackend *s, TPMIf *tpmif);
 
 /**
  * tpm_backend_startup_tpm:
diff --git a/backends/tpm.c b/backends/tpm.c
index 5763f6f369..86f0e7e915 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -17,7 +17,6 @@
 #include "qapi/error.h"
 #include "qapi/qmp/qerror.h"
 #include "sysemu/tpm.h"
-#include "hw/tpm/tpm_int.h"
 #include "qemu/thread.h"
 
 static void tpm_backend_worker_thread(gpointer data, gpointer user_data)
@@ -44,9 +43,15 @@ enum TpmType tpm_backend_get_type(TPMBackend *s)
     return k->type;
 }
 
-int tpm_backend_init(TPMBackend *s, TPMState *state)
+int tpm_backend_init(TPMBackend *s, TPMIf *tpmif)
 {
-    s->tpm_state = state;
+    if (s->tpmif) {
+        return -1;
+    }
+
+    s->tpmif = tpmif;
+    object_ref(OBJECT(tpmif));
+
     s->had_startup_error = false;
 
     return 0;
@@ -194,6 +199,7 @@ static void tpm_backend_instance_finalize(Object *obj)
 {
     TPMBackend *s = TPM_BACKEND(obj);
 
+    object_unref(OBJECT(s->tpmif));
     g_free(s->id);
     tpm_backend_thread_end(s);
 }
diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index f04f4e0830..07e7aa4abc 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -176,7 +176,7 @@ static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number,
 static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
 {
     TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
-    TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpm_state);
+    TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpmif);
     Error *err = NULL;
 
     DPRINTF("processing TPM command");
@@ -191,7 +191,7 @@ static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
         goto error;
     }
 
-    tic->request_completed(TPM_IF(tb->tpm_state));
+    tic->request_completed(tb->tpmif);
     return;
 
 error:
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index c440aff4b2..2ad74badca 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -139,14 +139,14 @@ err_exit:
 static void tpm_passthrough_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
 {
     TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
-    TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpm_state);
+    TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpmif);
 
     DPRINTF("tpm_passthrough: processing command %p\n", cmd);
 
     tpm_passthrough_unix_tx_bufs(tpm_pt, cmd->in, cmd->in_len,
                                  cmd->out, cmd->out_len, &cmd->selftest_done);
 
-    tic->request_completed(TPM_IF(tb->tpm_state));
+    tic->request_completed(tb->tpmif);
 }
 
 static void tpm_passthrough_reset(TPMBackend *tb)
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index 8c5cac5fa5..c24be57136 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -1077,7 +1077,7 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp)
 
     s->be_driver->fe_model = TPM_MODEL_TPM_TIS;
 
-    if (tpm_backend_init(s->be_driver, s)) {
+    if (tpm_backend_init(s->be_driver, TPM_IF(s))) {
         error_setg(errp, "tpm_tis: backend driver with id %s could not be "
                    "initialized", s->backend);
         return;
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 23/42] tpm-tis: no longer expose TPMState

[Marc-André Lureau]

Now that there is an interface instead.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 include/sysemu/tpm.h | 2 --
 hw/tpm/tpm_tis.c     | 4 ++--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h
index c8afa179e5..62b073beeb 100644
--- a/include/sysemu/tpm.h
+++ b/include/sysemu/tpm.h
@@ -14,8 +14,6 @@
 
 #include "qemu/option.h"
 
-typedef struct TPMState TPMState;
-
 int tpm_config_parse(QemuOptsList *opts_list, const char *optarg);
 int tpm_init(void);
 void tpm_cleanup(void);
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index c24be57136..b3757bfbda 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -72,7 +72,7 @@ typedef struct TPMLocality {
     TPMSizedBuffer r_buffer;
 } TPMLocality;
 
-struct TPMState {
+typedef struct TPMState {
     ISADevice busdev;
     MemoryRegion mmio;
 
@@ -95,7 +95,7 @@ struct TPMState {
     char *backend;
     TPMBackend *be_driver;
     TPMVersion be_tpm_version;
-};
+} TPMState;
 
 #define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS)
 
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 24/42] tpm-be: call request_completed() out of thread

[Marc-André Lureau]

Lift from the backend implementation the responsability to call the
request_completed() callback outside of thread context. This also
simplify frontend/interface work, as they no longer need to care
whether the callback is called from a different thread.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_int.h             |  1 -
 include/sysemu/tpm_backend.h |  1 +
 backends/tpm.c               | 15 ++++++++++++++-
 hw/tpm/tpm_emulator.c        |  2 --
 hw/tpm/tpm_passthrough.c     |  3 ---
 hw/tpm/tpm_tis.c             | 36 +++++++++++++-----------------------
 6 files changed, 28 insertions(+), 30 deletions(-)

diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
index 9c045b6691..9c49325f03 100644
--- a/hw/tpm/tpm_int.h
+++ b/hw/tpm/tpm_int.h
@@ -30,7 +30,6 @@ typedef struct TPMIf {
 typedef struct TPMIfClass {
     InterfaceClass parent_class;
 
-    /* run in thread pool by backend */
     void (*request_completed)(TPMIf *obj);
 } TPMIfClass;
 
diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index 8d08765b3c..dd4fb288ea 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -48,6 +48,7 @@ struct TPMBackend {
     bool opened;
     GThreadPool *thread_pool;
     bool had_startup_error;
+    QEMUBH *bh;
 
     /* <public> */
     char *id;
diff --git a/backends/tpm.c b/backends/tpm.c
index 86f0e7e915..58f823d54c 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -18,14 +18,25 @@
 #include "qapi/qmp/qerror.h"
 #include "sysemu/tpm.h"
 #include "qemu/thread.h"
+#include "qemu/main-loop.h"
+
+static void tpm_backend_request_completed_bh(void *opaque)
+{
+    TPMBackend *s = TPM_BACKEND(opaque);
+    TPMIfClass *tic = TPM_IF_GET_CLASS(s->tpmif);
+
+    tic->request_completed(s->tpmif);
+}
 
 static void tpm_backend_worker_thread(gpointer data, gpointer user_data)
 {
     TPMBackend *s = TPM_BACKEND(user_data);
-    TPMBackendClass *k  = TPM_BACKEND_GET_CLASS(s);
+    TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
 
     assert(k->handle_request != NULL);
     k->handle_request(s, (TPMBackendCmd *)data);
+
+    qemu_bh_schedule(s->bh);
 }
 
 static void tpm_backend_thread_end(TPMBackend *s)
@@ -193,6 +204,7 @@ static void tpm_backend_instance_init(Object *obj)
                              tpm_backend_prop_set_opened,
                              NULL);
     s->fe_model = -1;
+    s->bh = qemu_bh_new(tpm_backend_request_completed_bh, s);
 }
 
 static void tpm_backend_instance_finalize(Object *obj)
@@ -202,6 +214,7 @@ static void tpm_backend_instance_finalize(Object *obj)
     object_unref(OBJECT(s->tpmif));
     g_free(s->id);
     tpm_backend_thread_end(s);
+    qemu_bh_delete(s->bh);
 }
 
 static const TypeInfo tpm_backend_info = {
diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 07e7aa4abc..36454837b3 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -176,7 +176,6 @@ static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number,
 static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
 {
     TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
-    TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpmif);
     Error *err = NULL;
 
     DPRINTF("processing TPM command");
@@ -191,7 +190,6 @@ static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
         goto error;
     }
 
-    tic->request_completed(tb->tpmif);
     return;
 
 error:
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index 2ad74badca..8c002e4da6 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -139,14 +139,11 @@ err_exit:
 static void tpm_passthrough_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
 {
     TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
-    TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpmif);
 
     DPRINTF("tpm_passthrough: processing command %p\n", cmd);
 
     tpm_passthrough_unix_tx_bufs(tpm_pt, cmd->in, cmd->in_len,
                                  cmd->out, cmd->out_len, &cmd->selftest_done);
-
-    tic->request_completed(tb->tpmif);
 }
 
 static void tpm_passthrough_reset(TPMBackend *tb)
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index b3757bfbda..355427ab29 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -76,7 +76,6 @@ typedef struct TPMState {
     ISADevice busdev;
     MemoryRegion mmio;
 
-    QEMUBH *bh;
     uint32_t offset;
     uint8_t buf[TPM_TIS_BUFFER_MAX];
 
@@ -411,10 +410,20 @@ static void tpm_tis_prep_abort(TPMState *s, uint8_t locty, uint8_t newlocty)
     tpm_tis_abort(s, locty);
 }
 
-static void tpm_tis_receive_bh(void *opaque)
+/*
+ * Callback from the TPM to indicate that the response was received.
+ */
+static void tpm_tis_request_completed(TPMIf *ti)
 {
-    TPMState *s = opaque;
-    uint8_t locty = s->cmd.locty;
+    TPMState *s = TPM(ti);
+    uint8_t locty = s->locty_number;
+    uint8_t l;
+
+    if (s->cmd.selftest_done) {
+        for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
+            s->loc[locty].sts |= TPM_TIS_STS_SELFTEST_DONE;
+        }
+    }
 
     tpm_tis_sts_set(&s->loc[locty],
                     TPM_TIS_STS_VALID | TPM_TIS_STS_DATA_AVAILABLE);
@@ -430,23 +439,6 @@ static void tpm_tis_receive_bh(void *opaque)
                       TPM_TIS_INT_DATA_AVAILABLE | TPM_TIS_INT_STS_VALID);
 }
 
-static void tpm_tis_request_completed(TPMIf *ti)
-{
-    TPMState *s = TPM(ti);
-
-    bool is_selftest_done = s->cmd.selftest_done;
-    uint8_t locty = s->cmd.locty;
-    uint8_t l;
-
-    if (is_selftest_done) {
-        for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
-            s->loc[locty].sts |= TPM_TIS_STS_SELFTEST_DONE;
-        }
-    }
-
-    qemu_bh_schedule(s->bh);
-}
-
 /*
  * Read a byte of response data
  */
@@ -1089,8 +1081,6 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp)
         return;
     }
 
-    s->bh = qemu_bh_new(tpm_tis_receive_bh, s);
-
     isa_init_irq(&s->busdev, &s->irq, s->irq_num);
 
     memory_region_add_subregion(isa_address_space(ISA_DEVICE(dev)),
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 25/42] tpm-be: report error instead of front-end

[Marc-André Lureau]

Backend can give more accurate error description, and lift out the job
from the frontend.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 include/sysemu/tpm_backend.h | 3 ++-
 backends/tpm.c               | 3 ++-
 hw/tpm/tpm_tis.c             | 4 +---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index dd4fb288ea..51dfc0de9c 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -100,12 +100,13 @@ enum TpmType tpm_backend_get_type(TPMBackend *s);
  * @s: the backend to initialized
  * @tpmif: TPM interface
  * @datacb: callback for sending data to frontend
+ * @errp: a pointer to return the #Error object if an error occurs.
  *
  * Initialize the backend with the given variables.
  *
  * Returns 0 on success.
  */
-int tpm_backend_init(TPMBackend *s, TPMIf *tpmif);
+int tpm_backend_init(TPMBackend *s, TPMIf *tpmif, Error **errp);
 
 /**
  * tpm_backend_startup_tpm:
diff --git a/backends/tpm.c b/backends/tpm.c
index 58f823d54c..7b108bd5d8 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -54,9 +54,10 @@ enum TpmType tpm_backend_get_type(TPMBackend *s)
     return k->type;
 }
 
-int tpm_backend_init(TPMBackend *s, TPMIf *tpmif)
+int tpm_backend_init(TPMBackend *s, TPMIf *tpmif, Error **errp)
 {
     if (s->tpmif) {
+        error_setg(errp, "TPM backend '%s' is already initialized", s->id);
         return -1;
     }
 
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index 355427ab29..2fbc760730 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -1069,9 +1069,7 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp)
 
     s->be_driver->fe_model = TPM_MODEL_TPM_TIS;
 
-    if (tpm_backend_init(s->be_driver, TPM_IF(s))) {
-        error_setg(errp, "tpm_tis: backend driver with id %s could not be "
-                   "initialized", s->backend);
+    if (tpm_backend_init(s->be_driver, TPM_IF(s), errp)) {
         return;
     }
 
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 26/42] tpm-be: ask model to the TPM interface

[Marc-André Lureau]

No need to store the mode in the backend, or to let the frontend set
it itself.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_int.h             | 1 +
 include/sysemu/tpm_backend.h | 1 -
 backends/tpm.c               | 4 ++--
 hw/tpm/tpm_tis.c             | 3 +--
 tpm.c                        | 3 ++-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
index 9c49325f03..90e97b9170 100644
--- a/hw/tpm/tpm_int.h
+++ b/hw/tpm/tpm_int.h
@@ -30,6 +30,7 @@ typedef struct TPMIf {
 typedef struct TPMIfClass {
     InterfaceClass parent_class;
 
+    enum TpmModel model;
     void (*request_completed)(TPMIf *obj);
 } TPMIfClass;
 
diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index 51dfc0de9c..b12ae5b625 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -52,7 +52,6 @@ struct TPMBackend {
 
     /* <public> */
     char *id;
-    enum TpmModel fe_model;
 
     QLIST_ENTRY(TPMBackend) list;
 };
diff --git a/backends/tpm.c b/backends/tpm.c
index 7b108bd5d8..0c48d18775 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -148,9 +148,10 @@ TPMInfo *tpm_backend_query_tpm(TPMBackend *s)
 {
     TPMInfo *info = g_new0(TPMInfo, 1);
     TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
+    TPMIfClass *tic = TPM_IF_GET_CLASS(s->tpmif);
 
     info->id = g_strdup(s->id);
-    info->model = s->fe_model;
+    info->model = tic->model;
     if (k->get_tpm_options) {
         info->options = k->get_tpm_options(s);
     }
@@ -204,7 +205,6 @@ static void tpm_backend_instance_init(Object *obj)
                              tpm_backend_prop_get_opened,
                              tpm_backend_prop_set_opened,
                              NULL);
-    s->fe_model = -1;
     s->bh = qemu_bh_new(tpm_backend_request_completed_bh, s);
 }
 
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index 2fbc760730..3c8d246ac8 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -1067,8 +1067,6 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp)
         return;
     }
 
-    s->be_driver->fe_model = TPM_MODEL_TPM_TIS;
-
     if (tpm_backend_init(s->be_driver, TPM_IF(s), errp)) {
         return;
     }
@@ -1103,6 +1101,7 @@ static void tpm_tis_class_init(ObjectClass *klass, void *data)
     dc->props = tpm_tis_properties;
     dc->reset = tpm_tis_reset;
     dc->vmsd  = &vmstate_tpm_tis;
+    tc->model = TPM_MODEL_TPM_TIS;
     tc->request_completed = tpm_tis_request_completed;
 }
 
diff --git a/tpm.c b/tpm.c
index 45520f555d..ce1543fcb4 100644
--- a/tpm.c
+++ b/tpm.c
@@ -204,9 +204,10 @@ TPMInfoList *qmp_query_tpm(Error **errp)
     TPMInfoList *info, *head = NULL, *cur_item = NULL;
 
     QLIST_FOREACH(drv, &tpm_backends, list) {
-        if (!tpm_models[drv->fe_model]) {
+        if (!drv->tpmif) {
             continue;
         }
+
         info = g_new0(TPMInfoList, 1);
         info->value = tpm_backend_query_tpm(drv);
 
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 27/42] tpm: remove unused opened code

[Marc-André Lureau]

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 include/sysemu/tpm_backend.h | 12 ------------
 backends/tpm.c               | 42 ------------------------------------------
 tpm.c                        |  6 ------
 3 files changed, 60 deletions(-)

diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index b12ae5b625..a893e586ae 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -81,8 +81,6 @@ struct TPMBackendClass {
 
     TpmTypeOptions *(*get_tpm_options)(TPMBackend *t);
 
-    void (*opened)(TPMBackend *s, Error **errp);
-
     void (*handle_request)(TPMBackend *s, TPMBackendCmd *cmd);
 };
 
@@ -172,16 +170,6 @@ bool tpm_backend_get_tpm_established_flag(TPMBackend *s);
  */
 int tpm_backend_reset_tpm_established_flag(TPMBackend *s, uint8_t locty);
 
-/**
- * tpm_backend_open:
- * @s: the backend to open
- * @errp: a pointer to return the #Error object if an error occurs.
- *
- * This function will open the backend if it is not already open.  Calling this
- * function on an already opened backend will not result in an error.
- */
-void tpm_backend_open(TPMBackend *s, Error **errp);
-
 /**
  * tpm_backend_get_tpm_version:
  * @s: the backend to call into
diff --git a/backends/tpm.c b/backends/tpm.c
index 0c48d18775..7e636fbc7a 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -159,52 +159,10 @@ TPMInfo *tpm_backend_query_tpm(TPMBackend *s)
     return info;
 }
 
-static bool tpm_backend_prop_get_opened(Object *obj, Error **errp)
-{
-    TPMBackend *s = TPM_BACKEND(obj);
-
-    return s->opened;
-}
-
-void tpm_backend_open(TPMBackend *s, Error **errp)
-{
-    object_property_set_bool(OBJECT(s), true, "opened", errp);
-}
-
-static void tpm_backend_prop_set_opened(Object *obj, bool value, Error **errp)
-{
-    TPMBackend *s = TPM_BACKEND(obj);
-    TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
-    Error *local_err = NULL;
-
-    if (value == s->opened) {
-        return;
-    }
-
-    if (!value && s->opened) {
-        error_setg(errp, QERR_PERMISSION_DENIED);
-        return;
-    }
-
-    if (k->opened) {
-        k->opened(s, &local_err);
-        if (local_err) {
-            error_propagate(errp, local_err);
-            return;
-        }
-    }
-
-    s->opened = true;
-}
-
 static void tpm_backend_instance_init(Object *obj)
 {
     TPMBackend *s = TPM_BACKEND(obj);
 
-    object_property_add_bool(obj, "opened",
-                             tpm_backend_prop_get_opened,
-                             tpm_backend_prop_set_opened,
-                             NULL);
     s->bh = qemu_bh_new(tpm_backend_request_completed_bh, s);
 }
 
diff --git a/tpm.c b/tpm.c
index ce1543fcb4..a46ee5f144 100644
--- a/tpm.c
+++ b/tpm.c
@@ -134,12 +134,6 @@ static int tpm_init_tpmdev(void *dummy, QemuOpts *opts, Error **errp)
         return 1;
     }
 
-    tpm_backend_open(drv, &local_err);
-    if (local_err) {
-        error_report_err(local_err);
-        return 1;
-    }
-
     QLIST_INSERT_HEAD(&tpm_backends, drv, list);
 
     return 0;
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 28/42] tpm-passthrough: don't save guessed cancel_path in options

[Marc-André Lureau]

The value is later unneeded, and may leak if the free visitor doesn't
consider it since has_cancel_path is false. And for consistency with
"path" it shouldn't be returned in get_tpm_options().

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_passthrough.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index 8c002e4da6..048edb1a1a 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -226,9 +226,7 @@ static int tpm_passthrough_open_sysfs_cancel(TPMPassthruState *tpm_pt)
         if (snprintf(path, sizeof(path), "/sys/class/misc/%s/device/cancel",
                      dev) < sizeof(path)) {
             fd = qemu_open(path, O_WRONLY);
-            if (fd >= 0) {
-                tpm_pt->options->cancel_path = g_strdup(path);
-            } else {
+            if (fd < 0) {
                 error_report("tpm_passthrough: Could not open TPM cancel "
                              "path %s : %s", path, strerror(errno));
             }
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 29/42] tpm-be: update optional function pointers

[Marc-André Lureau]

QEMU code doesn't generally have assert() for mandatory
callbacks/function pointers, probably because the crash is pretty
obvious. Document the methods instead of going into the code.

Make get_tpm_options() mandatory to implement (since all
backend implementation have it).

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 include/sysemu/tpm_backend.h | 5 ++++-
 backends/tpm.c               | 9 +--------
 2 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index a893e586ae..594bb50782 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -66,15 +66,18 @@ struct TPMBackendClass {
 
     TPMBackend *(*create)(QemuOpts *opts, const char *id);
 
-    /* start up the TPM on the backend */
+    /* start up the TPM on the backend - optional */
     int (*startup_tpm)(TPMBackend *t);
 
+    /* optional */
     void (*reset)(TPMBackend *t);
 
     void (*cancel_cmd)(TPMBackend *t);
 
+    /* optional */
     bool (*get_tpm_established_flag)(TPMBackend *t);
 
+    /* optional */
     int (*reset_tpm_established_flag)(TPMBackend *t, uint8_t locty);
 
     TPMVersion (*get_tpm_version)(TPMBackend *t);
diff --git a/backends/tpm.c b/backends/tpm.c
index 7e636fbc7a..7777467c44 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -33,7 +33,6 @@ static void tpm_backend_worker_thread(gpointer data, gpointer user_data)
     TPMBackend *s = TPM_BACKEND(user_data);
     TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
 
-    assert(k->handle_request != NULL);
     k->handle_request(s, (TPMBackendCmd *)data);
 
     qemu_bh_schedule(s->bh);
@@ -114,8 +113,6 @@ void tpm_backend_cancel_cmd(TPMBackend *s)
 {
     TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
 
-    assert(k->cancel_cmd);
-
     k->cancel_cmd(s);
 }
 
@@ -139,8 +136,6 @@ TPMVersion tpm_backend_get_tpm_version(TPMBackend *s)
 {
     TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
 
-    assert(k->get_tpm_version);
-
     return k->get_tpm_version(s);
 }
 
@@ -152,9 +147,7 @@ TPMInfo *tpm_backend_query_tpm(TPMBackend *s)
 
     info->id = g_strdup(s->id);
     info->model = tic->model;
-    if (k->get_tpm_options) {
-        info->options = k->get_tpm_options(s);
-    }
+    info->options = k->get_tpm_options(s);
 
     return info;
 }
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 30/42] tpm-passthrough: pass TPMPassthruState to handle_device_opts

[Marc-André Lureau]

It doesn't need TPMBackend. Also reorder arguments for consistency.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_passthrough.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index 048edb1a1a..9326cbfdc9 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -239,9 +239,9 @@ static int tpm_passthrough_open_sysfs_cancel(TPMPassthruState *tpm_pt)
     return fd;
 }
 
-static int tpm_passthrough_handle_device_opts(QemuOpts *opts, TPMBackend *tb)
+static int
+tpm_passthrough_handle_device_opts(TPMPassthruState *tpm_pt, QemuOpts *opts)
 {
-    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
     const char *value;
 
     value = qemu_opt_get(opts, "cancel-path");
@@ -292,7 +292,7 @@ static TPMBackend *tpm_passthrough_create(QemuOpts *opts, const char *id)
 
     tb->id = g_strdup(id);
 
-    if (tpm_passthrough_handle_device_opts(opts, tb)) {
+    if (tpm_passthrough_handle_device_opts(tpm_pt, opts)) {
         goto err_exit;
     }
 
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 31/42] tpm-backend: move set 'id' to common code

[Marc-André Lureau]

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 include/sysemu/tpm_backend.h |  2 +-
 hw/tpm/tpm_emulator.c        | 12 +++---------
 hw/tpm/tpm_passthrough.c     |  9 +++------
 tpm.c                        |  3 ++-
 4 files changed, 9 insertions(+), 17 deletions(-)

diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index 594bb50782..881be97ee3 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -64,7 +64,7 @@ struct TPMBackendClass {
     /* get a descriptive text of the backend to display to the user */
     const char *desc;
 
-    TPMBackend *(*create)(QemuOpts *opts, const char *id);
+    TPMBackend *(*create)(QemuOpts *opts);
 
     /* start up the TPM on the backend - optional */
     int (*startup_tpm)(TPMBackend *t);
diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 36454837b3..315819329b 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -453,22 +453,16 @@ err:
     return -1;
 }
 
-static TPMBackend *tpm_emulator_create(QemuOpts *opts, const char *id)
+static TPMBackend *tpm_emulator_create(QemuOpts *opts)
 {
     TPMBackend *tb = TPM_BACKEND(object_new(TYPE_TPM_EMULATOR));
 
-    tb->id = g_strdup(id);
-
     if (tpm_emulator_handle_device_opts(TPM_EMULATOR(tb), opts)) {
-        goto err_exit;
+        object_unref(OBJECT(tb));
+        return NULL;
     }
 
     return tb;
-
-err_exit:
-    object_unref(OBJECT(tb));
-
-    return NULL;
 }
 
 static TpmTypeOptions *tpm_emulator_get_tpm_options(TPMBackend *tb)
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index 9326cbfdc9..7371d50739 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -284,13 +284,10 @@ tpm_passthrough_handle_device_opts(TPMPassthruState *tpm_pt, QemuOpts *opts)
     return 1;
 }
 
-static TPMBackend *tpm_passthrough_create(QemuOpts *opts, const char *id)
+static TPMBackend *tpm_passthrough_create(QemuOpts *opts)
 {
     Object *obj = object_new(TYPE_TPM_PASSTHROUGH);
-    TPMBackend *tb = TPM_BACKEND(obj);
-    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
-
-    tb->id = g_strdup(id);
+    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(obj);
 
     if (tpm_passthrough_handle_device_opts(tpm_pt, opts)) {
         goto err_exit;
@@ -301,7 +298,7 @@ static TPMBackend *tpm_passthrough_create(QemuOpts *opts, const char *id)
         goto err_exit;
     }
 
-    return tb;
+    return TPM_BACKEND(obj);
 
 err_exit:
     object_unref(obj);
diff --git a/tpm.c b/tpm.c
index a46ee5f144..37298f3f03 100644
--- a/tpm.c
+++ b/tpm.c
@@ -129,11 +129,12 @@ static int tpm_init_tpmdev(void *dummy, QemuOpts *opts, Error **errp)
         return 1;
     }
 
-    drv = be->create(opts, id);
+    drv = be->create(opts);
     if (!drv) {
         return 1;
     }
 
+    drv->id = g_strdup(id);
     QLIST_INSERT_HEAD(&tpm_backends, drv, list);
 
     return 0;
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 32/42] tpm-passthrough: make it safer to destroy after creation

[Marc-André Lureau]

Check fds values before closing, to avoid close(-1).

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_passthrough.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index 7371d50739..aa9167e3c6 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -347,8 +347,12 @@ static void tpm_passthrough_inst_finalize(Object *obj)
 
     tpm_passthrough_cancel_cmd(TPM_BACKEND(obj));
 
-    qemu_close(tpm_pt->tpm_fd);
-    qemu_close(tpm_pt->cancel_fd);
+    if (tpm_pt->tpm_fd >= 0) {
+        qemu_close(tpm_pt->tpm_fd);
+    }
+    if (tpm_pt->cancel_fd >= 0) {
+        qemu_close(tpm_pt->cancel_fd);
+    }
     qapi_free_TPMPassthroughOptions(tpm_pt->options);
 }
 
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 33/42] tpm-passthrough: remove error cleanup from handle_device_opts

[Marc-André Lureau]

Clean-up is handled by the create() function.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_passthrough.c | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index aa9167e3c6..0806cf86af 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -261,27 +261,16 @@ tpm_passthrough_handle_device_opts(TPMPassthruState *tpm_pt, QemuOpts *opts)
     if (tpm_pt->tpm_fd < 0) {
         error_report("Cannot access TPM device using '%s': %s",
                      tpm_pt->tpm_dev, strerror(errno));
-        goto err_free_parameters;
+        return -1;
     }
 
     if (tpm_util_test_tpmdev(tpm_pt->tpm_fd, &tpm_pt->tpm_version)) {
         error_report("'%s' is not a TPM device.",
                      tpm_pt->tpm_dev);
-        goto err_close_tpmdev;
+        return -1;
     }
 
     return 0;
-
- err_close_tpmdev:
-    qemu_close(tpm_pt->tpm_fd);
-    tpm_pt->tpm_fd = -1;
-
- err_free_parameters:
-    qapi_free_TPMPassthroughOptions(tpm_pt->options);
-    tpm_pt->options = NULL;
-    tpm_pt->tpm_dev = NULL;
-
-    return 1;
 }
 
 static TPMBackend *tpm_passthrough_create(QemuOpts *opts)
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 34/42] tpm-passthrough: workaround a possible race

[Marc-André Lureau]

The TPM backend processing thread has common shared variable race
issues. (they should not be so easy to reach since guest interaction
with the device is slow compared to host emulation)

An obvious one is setting op_cancelled from device thread after
calling write(cancel_fd). The backend thread may return before the
device thread has set the variable. Instead set it before
cancellation. Even if the write() failed, the end result is command
get possibly cancelled (even if cancellation came from external
sources it doesn't matter much).

It's worth to consider removing the backend processing thread for now.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_passthrough.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index 0806cf86af..d71d64e8aa 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -89,6 +89,7 @@ static int tpm_passthrough_unix_tx_bufs(TPMPassthruState *tpm_pt,
     bool is_selftest;
     const struct tpm_resp_hdr *hdr;
 
+    /* FIXME: protect shared variables or use other sync mechanism */
     tpm_pt->tpm_op_canceled = false;
     tpm_pt->tpm_executing = true;
     *selftest_done = false;
@@ -178,12 +179,11 @@ static void tpm_passthrough_cancel_cmd(TPMBackend *tb)
      */
     if (tpm_pt->tpm_executing) {
         if (tpm_pt->cancel_fd >= 0) {
+            tpm_pt->tpm_op_canceled = true;
             n = write(tpm_pt->cancel_fd, "-", 1);
             if (n != 1) {
                 error_report("Canceling TPM command failed: %s",
                              strerror(errno));
-            } else {
-                tpm_pt->tpm_op_canceled = true;
             }
         } else {
             error_report("Cannot cancel TPM command due to missing "
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 35/42] tpm-tis: simplify header inclusion

[Marc-André Lureau]

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_tis.c | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index 3c8d246ac8..e7e8b112e8 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -24,17 +24,12 @@
 
 #include "qemu/osdep.h"
 #include "hw/isa/isa.h"
-#include "sysemu/tpm_backend.h"
-#include "tpm_int.h"
-#include "sysemu/block-backend.h"
-#include "exec/address-spaces.h"
-#include "hw/hw.h"
-#include "hw/i386/pc.h"
-#include "hw/pci/pci_ids.h"
 #include "qapi/error.h"
-#include "qemu-common.h"
-#include "qemu/main-loop.h"
+
 #include "hw/acpi/tpm.h"
+#include "hw/pci/pci_ids.h"
+#include "sysemu/tpm_backend.h"
+#include "tpm_int.h"
 
 #define TPM_TIS_NUM_LOCALITIES      5     /* per spec */
 #define TPM_TIS_LOCALITY_SHIFT      12
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 36/42] tpm: rename qemu_find_tpm() -> qemu_find_tpm_be()

[Marc-André Lureau]

find_tpm() will be introduced to lookup the TPM device.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 include/sysemu/tpm_backend.h | 2 +-
 hw/tpm/tpm_tis.c             | 2 +-
 tpm.c                        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index 881be97ee3..d02067e631 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -193,7 +193,7 @@ TPMVersion tpm_backend_get_tpm_version(TPMBackend *s);
  */
 TPMInfo *tpm_backend_query_tpm(TPMBackend *s);
 
-TPMBackend *qemu_find_tpm(const char *id);
+TPMBackend *qemu_find_tpm_be(const char *id);
 
 void tpm_register_model(enum TpmModel model);
 
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index e7e8b112e8..954b7b0e5d 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -1055,7 +1055,7 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp)
 {
     TPMState *s = TPM(dev);
 
-    s->be_driver = qemu_find_tpm(s->backend);
+    s->be_driver = qemu_find_tpm_be(s->backend);
     if (!s->be_driver) {
         error_setg(errp, "tpm_tis: backend driver with id %s could not be "
                    "found", s->backend);
diff --git a/tpm.c b/tpm.c
index 37298f3f03..4d6c45a4f2 100644
--- a/tpm.c
+++ b/tpm.c
@@ -71,7 +71,7 @@ static void tpm_display_backend_drivers(void)
 /*
  * Find the TPM with the given Id
  */
-TPMBackend *qemu_find_tpm(const char *id)
+TPMBackend *qemu_find_tpm_be(const char *id)
 {
     TPMBackend *drv;
 
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 37/42] tpm: lookup the the TPM interface instead of TIS device

[Marc-André Lureau]

This will allow to introduce new devices implementing TPM.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_int.h     | 19 -------------------
 include/sysemu/tpm.h | 52 ++++++++++++++++++++++++++++++++++++++--------------
 hw/i386/acpi-build.c |  2 +-
 3 files changed, 39 insertions(+), 34 deletions(-)

diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
index 90e97b9170..86fadc16d3 100644
--- a/hw/tpm/tpm_int.h
+++ b/hw/tpm/tpm_int.h
@@ -15,25 +15,6 @@
 #include "qemu/osdep.h"
 #include "qom/object.h"
 
-#define TYPE_TPM_IF "tpm-if"
-#define TPM_IF_CLASS(klass) \
-    OBJECT_CLASS_CHECK(TPMIfClass, (klass), TYPE_TPM_IF)
-#define TPM_IF_GET_CLASS(obj) \
-    OBJECT_GET_CLASS(TPMIfClass, (obj), TYPE_TPM_IF)
-#define TPM_IF(obj) \
-    INTERFACE_CHECK(TPMIf, (obj), TYPE_TPM_IF)
-
-typedef struct TPMIf {
-    Object parent_obj;
-} TPMIf;
-
-typedef struct TPMIfClass {
-    InterfaceClass parent_class;
-
-    enum TpmModel model;
-    void (*request_completed)(TPMIf *obj);
-} TPMIfClass;
-
 #define TPM_STANDARD_CMDLINE_OPTS               \
     { \
         .name = "type", \
diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h
index 62b073beeb..dbd2b0cc7a 100644
--- a/include/sysemu/tpm.h
+++ b/include/sysemu/tpm.h
@@ -12,32 +12,56 @@
 #ifndef QEMU_TPM_H
 #define QEMU_TPM_H
 
-#include "qemu/option.h"
+#include "qom/object.h"
+#include "qapi-types.h"
 
-int tpm_config_parse(QemuOptsList *opts_list, const char *optarg);
-int tpm_init(void);
-void tpm_cleanup(void);
-
-typedef enum  TPMVersion {
+typedef enum TPMVersion {
     TPM_VERSION_UNSPEC = 0,
     TPM_VERSION_1_2 = 1,
     TPM_VERSION_2_0 = 2,
 } TPMVersion;
 
-TPMVersion tpm_tis_get_tpm_version(Object *obj);
+#define TYPE_TPM_IF "tpm-if"
+#define TPM_IF_CLASS(klass)                                 \
+    OBJECT_CLASS_CHECK(TPMIfClass, (klass), TYPE_TPM_IF)
+#define TPM_IF_GET_CLASS(obj)                           \
+    OBJECT_GET_CLASS(TPMIfClass, (obj), TYPE_TPM_IF)
+#define TPM_IF(obj)                             \
+    INTERFACE_CHECK(TPMIf, (obj), TYPE_TPM_IF)
+
+typedef struct TPMIf {
+    Object parent_obj;
+} TPMIf;
+
+typedef struct TPMIfClass {
+    InterfaceClass parent_class;
+
+    enum TpmModel model;
+    void (*request_completed)(TPMIf *obj);
+} TPMIfClass;
+
+int tpm_config_parse(QemuOptsList *opts_list, const char *optarg);
+int tpm_init(void);
+void tpm_cleanup(void);
 
 #define TYPE_TPM_TIS                "tpm-tis"
 
-static inline TPMVersion tpm_get_version(void)
+static inline TPMIf *tpm_find(void)
 {
-#ifdef CONFIG_TPM
-    Object *obj = object_resolve_path_type("", TYPE_TPM_TIS, NULL);
+    Object *obj = object_resolve_path_type("", TYPE_TPM_IF, NULL);
+
+    return TPM_IF(obj);
+}
 
-    if (obj) {
-        return tpm_tis_get_tpm_version(obj);
+TPMVersion tpm_tis_get_tpm_version(Object *obj);
+
+static inline TPMVersion tpm_get_version(TPMIf *ti)
+{
+    if (!ti) {
+        return TPM_VERSION_UNSPEC;
     }
-#endif
-    return TPM_VERSION_UNSPEC;
+
+    return tpm_tis_get_tpm_version(OBJECT(ti));
 }
 
 #endif /* QEMU_TPM_H */
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 2af37a9129..40371b6f75 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -208,7 +208,7 @@ static void acpi_get_misc_info(AcpiMiscInfo *info)
     }
 
     info->has_hpet = hpet_find();
-    info->tpm_version = tpm_get_version();
+    info->tpm_version = tpm_get_version(tpm_find());
     info->pvpanic_port = pvpanic_port();
     info->applesmc_io_base = applesmc_port();
 }
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 38/42] tpm: add TPM interface to lookup TPM version

[Marc-André Lureau]

Do not hardcode TPM device model to lookup version, use an interface
instead.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 include/sysemu/tpm.h | 5 ++---
 hw/tpm/tpm_tis.c     | 5 +++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h
index dbd2b0cc7a..9439330cf1 100644
--- a/include/sysemu/tpm.h
+++ b/include/sysemu/tpm.h
@@ -38,6 +38,7 @@ typedef struct TPMIfClass {
 
     enum TpmModel model;
     void (*request_completed)(TPMIf *obj);
+    enum TPMVersion (*get_version)(TPMIf *obj);
 } TPMIfClass;
 
 int tpm_config_parse(QemuOptsList *opts_list, const char *optarg);
@@ -53,15 +54,13 @@ static inline TPMIf *tpm_find(void)
     return TPM_IF(obj);
 }
 
-TPMVersion tpm_tis_get_tpm_version(Object *obj);
-
 static inline TPMVersion tpm_get_version(TPMIf *ti)
 {
     if (!ti) {
         return TPM_VERSION_UNSPEC;
     }
 
-    return tpm_tis_get_tpm_version(OBJECT(ti));
+    return TPM_IF_GET_CLASS(ti)->get_version(ti);
 }
 
 #endif /* QEMU_TPM_H */
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index 954b7b0e5d..6aac9bfe6b 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -989,9 +989,9 @@ static void tpm_tis_realloc_buffer(TPMSizedBuffer *sb)
 /*
  * Get the TPMVersion of the backend device being used
  */
-TPMVersion tpm_tis_get_tpm_version(Object *obj)
+static enum TPMVersion tpm_tis_get_tpm_version(TPMIf *ti)
 {
-    TPMState *s = TPM(obj);
+    TPMState *s = TPM(ti);
 
     return tpm_backend_get_tpm_version(s->be_driver);
 }
@@ -1097,6 +1097,7 @@ static void tpm_tis_class_init(ObjectClass *klass, void *data)
     dc->reset = tpm_tis_reset;
     dc->vmsd  = &vmstate_tpm_tis;
     tc->model = TPM_MODEL_TPM_TIS;
+    tc->get_version = tpm_tis_get_tpm_version;
     tc->request_completed = tpm_tis_request_completed;
 }
 
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 39/42] tpm: add tpm_cmd_get_size() to tpm_util

[Marc-André Lureau]

The function is generally useful and used in the following patches.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_util.h | 8 +++++++-
 hw/tpm/tpm_tis.c  | 3 ++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/hw/tpm/tpm_util.h b/hw/tpm/tpm_util.h
index 2f7c96146d..aca10c97bf 100644
--- a/hw/tpm/tpm_util.h
+++ b/hw/tpm/tpm_util.h
@@ -22,7 +22,8 @@
 #ifndef TPM_TPM_UTIL_H
 #define TPM_TPM_UTIL_H
 
-#include "sysemu/tpm_backend.h"
+#include "sysemu/tpm.h"
+#include "qemu/bswap.h"
 
 void tpm_util_write_fatal_error_response(uint8_t *out, uint32_t out_len);
 
@@ -30,4 +31,9 @@ bool tpm_util_is_selftest(const uint8_t *in, uint32_t in_len);
 
 int tpm_util_test_tpmdev(int tpm_fd, TPMVersion *tpm_version);
 
+static inline uint32_t tpm_cmd_get_size(const void *b)
+{
+    return be32_to_cpu(*(const uint32_t *)(b + 2));
+}
+
 #endif /* TPM_TPM_UTIL_H */
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index 6aac9bfe6b..d0e1aac247 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -30,6 +30,7 @@
 #include "hw/pci/pci_ids.h"
 #include "sysemu/tpm_backend.h"
 #include "tpm_int.h"
+#include "tpm_util.h"
 
 #define TPM_TIS_NUM_LOCALITIES      5     /* per spec */
 #define TPM_TIS_LOCALITY_SHIFT      12
@@ -216,7 +217,7 @@ static uint8_t tpm_tis_locality_from_addr(hwaddr addr)
 
 static uint32_t tpm_tis_get_size_from_buffer(const TPMSizedBuffer *sb)
 {
-    return be32_to_cpu(*(uint32_t *)&sb->buffer[2]);
+    return tpm_cmd_get_size(sb->buffer);
 }
 
 static void tpm_tis_show_buffer(const TPMSizedBuffer *sb, const char *string)
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 40/42] acpi: change TPM TIS data conditions

[Marc-André Lureau]

The device should be exposed if present. It shouldn't have an
undefined version (or else backend init failed, and device should fail
too). Finally, make the fields specific to TIS device model.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 include/sysemu/tpm.h |  3 +++
 hw/i386/acpi-build.c | 12 ++++++++----
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h
index 9439330cf1..8223ec621c 100644
--- a/include/sysemu/tpm.h
+++ b/include/sysemu/tpm.h
@@ -47,6 +47,9 @@ void tpm_cleanup(void);
 
 #define TYPE_TPM_TIS                "tpm-tis"
 
+#define TPM_IS_TIS(chr)                             \
+    object_dynamic_cast(OBJECT(chr), TYPE_TPM_TIS)
+
 static inline TPMIf *tpm_find(void)
 {
     Object *obj = object_resolve_path_type("", TYPE_TPM_IF, NULL);
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 40371b6f75..ee38b00e31 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2038,7 +2038,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
         }
     }
 
-    if (misc->tpm_version != TPM_VERSION_UNSPEC) {
+    if (TPM_IS_TIS(tpm_find())) {
         aml_append(crs, aml_memory32_fixed(TPM_TIS_ADDR_BASE,
                    TPM_TIS_ADDR_SIZE, AML_READ_WRITE));
     }
@@ -2204,7 +2204,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
             /* Scan all PCI buses. Generate tables to support hotplug. */
             build_append_pci_bus_devices(scope, bus, pm->pcihp_bridge_en);
 
-            if (misc->tpm_version != TPM_VERSION_UNSPEC) {
+            if (TPM_IS_TIS(tpm_find())) {
                 dev = aml_device("ISA.TPM");
                 aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0C31")));
                 aml_append(dev, aml_name_decl("_STA", aml_int(0xF)));
@@ -2281,8 +2281,12 @@ build_tpm2(GArray *table_data, BIOSLinker *linker)
     tpm2_ptr = acpi_data_push(table_data, sizeof *tpm2_ptr);
 
     tpm2_ptr->platform_class = cpu_to_le16(TPM2_ACPI_CLASS_CLIENT);
-    tpm2_ptr->control_area_address = cpu_to_le64(0);
-    tpm2_ptr->start_method = cpu_to_le32(TPM2_START_METHOD_MMIO);
+    if (TPM_IS_TIS(tpm_find())) {
+        tpm2_ptr->control_area_address = cpu_to_le64(0);
+        tpm2_ptr->start_method = cpu_to_le32(TPM2_START_METHOD_MMIO);
+    } else {
+        g_warn_if_reached();
+    }
 
     build_header(linker, table_data,
                  (void *)tpm2_ptr, "TPM2", sizeof(*tpm2_ptr), 4, NULL, NULL);
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 41/42] tpm-emulator: add a FIXME comment about blocking cancel

[Marc-André Lureau]

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 hw/tpm/tpm_emulator.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 315819329b..091d7ea147 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -328,6 +328,7 @@ static void tpm_emulator_cancel_cmd(TPMBackend *tb)
         return;
     }
 
+    /* FIXME: make the function non-blocking, or it may block a VCPU */
     if (tpm_emulator_ctrlcmd(&tpm_emu->ctrl_chr, CMD_CANCEL_TPM_CMD, &res, 0,
                              sizeof(res)) < 0) {
         error_report("tpm-emulator: Could not cancel command: %s",
-- 
2.14.1.146.gd35faa819

[Qemu-devel] [PATCH 42/42] WIP: add TPM CRB device

[Marc-André Lureau]

tpm_crb is a device for TPM 2.0 Command Response Buffer (CRB)
Interface as defined in TCG PC Client Platform TPM Profile (PTP)
Specification Family “2.0” Level 00 Revision 01.03 v22.

The PTP allows device implementation to switch between TIS and CRB
model at run time, but given that CRB is a simpler device to
implement, I chose to implement it as a different device.

The device doesn't implement other locality than 0 for now (my laptop
TPM doesn't either, so I assume this isn't so bad)

The command/reply memory region is statically allocated after the CRB
registers address TPM_CRB_ADDR_BASE + sizeof(struct crb_regs). I
wonder if the BIOS could or should allocate it instead, or what size
to use.

The PTP doesn't specify a particular bus to put the device. I chose to
add it on the system bus directly, so it could hopefully be used
easily on a different platform. However, I am not sure this is easily
done or a smart approach. It fails to init on piix, because
error_on_sysbus_device() check. Removing this check, the device is
still functional... We may want to put it on ISA bus instead for now.

Tested with some success with Linux upstream and Windows 10. The
device is recognized and correctly transmit command/response with
passthrough/emu, but the swtpm emulator has some issues I need to
investigate further.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 qapi/tpm.json                      |   7 +-
 include/hw/acpi/tpm.h              |  65 ++++++++
 include/sysemu/tpm.h               |   3 +
 hw/i386/acpi-build.c               |  19 +++
 hw/tpm/tpm_crb.c                   | 320 +++++++++++++++++++++++++++++++++++++
 default-configs/i386-softmmu.mak   |   1 +
 default-configs/x86_64-softmmu.mak |   1 +
 hw/tpm/Makefile.objs               |   1 +
 8 files changed, 414 insertions(+), 3 deletions(-)
 create mode 100644 hw/tpm/tpm_crb.c

diff --git a/qapi/tpm.json b/qapi/tpm.json
index 7093f268fb..12a4509ad6 100644
--- a/qapi/tpm.json
+++ b/qapi/tpm.json
@@ -10,11 +10,12 @@
 #
 # An enumeration of TPM models
 #
-# @tpm-tis: TPM TIS model
+# @tpm-tis: TPM TIS model (since 1.5)
+# @tpm-crb: TPM CRB model (since 2.11)
 #
 # Since: 1.5
 ##
-{ 'enum': 'TpmModel', 'data': [ 'tpm-tis' ] }
+{ 'enum': 'TpmModel', 'data': [ 'tpm-tis', 'tpm-crb' ] }
 
 ##
 # @query-tpm-models:
@@ -28,7 +29,7 @@
 # Example:
 #
 # -> { "execute": "query-tpm-models" }
-# <- { "return": [ "tpm-tis" ] }
+# <- { "return": [ "tpm-tis", "tpm-crb" ] }
 #
 ##
 { 'command': 'query-tpm-models', 'returns': ['TpmModel'] }
diff --git a/include/hw/acpi/tpm.h b/include/hw/acpi/tpm.h
index 6d516c6a7f..c0b9a0ca6e 100644
--- a/include/hw/acpi/tpm.h
+++ b/include/hw/acpi/tpm.h
@@ -16,11 +16,75 @@
 #ifndef HW_ACPI_TPM_H
 #define HW_ACPI_TPM_H
 
+#include "qemu/osdep.h"
+
 #define TPM_TIS_ADDR_BASE           0xFED40000
 #define TPM_TIS_ADDR_SIZE           0x5000
 
 #define TPM_TIS_IRQ                 5
 
+struct crb_regs {
+    union {
+        uint32_t loc_state;
+        struct {
+            unsigned tpm_established:1;
+            unsigned loc_assigned:1;
+            unsigned active_locality:3;
+            unsigned reserved:2;
+            unsigned tpm_reg_valid_sts:1;
+        } loc_state_bits;
+    };
+    uint32_t reserved1;
+    uint32_t loc_ctrl;
+    uint32_t loc_sts;
+    uint8_t reserved2[32];
+    union {
+        uint64_t intf_id;
+        struct {
+            unsigned type:4;
+            unsigned version:4;
+            unsigned cap_locality:1;
+            unsigned cap_crb_idle_bypass:1;
+            unsigned reserved1:1;
+            unsigned cap_data_xfer_size_support:2;
+            unsigned cap_fifo:1;
+            unsigned cap_crb:1;
+            unsigned cap_if_res:2;
+            unsigned if_selector:2;
+            unsigned if_selector_lock:1;
+            unsigned reserved2:4;
+            unsigned rid:8;
+            unsigned vid:16;
+            unsigned did:16;
+        } intf_id_bits;
+    };
+    uint64_t ctrl_ext;
+
+    uint32_t ctrl_req;
+    union {
+        uint32_t ctrl_sts;
+        struct {
+            unsigned tpm_sts:1;
+            unsigned tpm_idle:1;
+            unsigned reserved:30;
+        } ctrl_sts_bits;
+    };
+    uint32_t ctrl_cancel;
+    uint32_t ctrl_start;
+    uint32_t ctrl_int_enable;
+    uint32_t ctrl_int_sts;
+    uint32_t ctrl_cmd_size;
+    uint32_t ctrl_cmd_pa_low;
+    uint32_t ctrl_cmd_pa_high;
+    uint32_t ctrl_rsp_size;
+    uint64_t ctrl_rsp_pa;
+} QEMU_PACKED;
+
+#define TPM_CRB_ADDR_BASE           0xFED40000
+#define TPM_CRB_ADDR_SIZE           0x1000
+#define TPM_CRB_ADDR_CTRL \
+    (TPM_CRB_ADDR_BASE + offsetof(struct crb_regs, ctrl_req))
+
 #define TPM_LOG_AREA_MINIMUM_SIZE   (64 * 1024)
 
 #define TPM_TCPA_ACPI_CLASS_CLIENT  0
@@ -30,5 +94,6 @@
 #define TPM2_ACPI_CLASS_SERVER      1
 
 #define TPM2_START_METHOD_MMIO      6
+#define TPM2_START_METHOD_CRB       7
 
 #endif /* HW_ACPI_TPM_H */
diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h
index 8223ec621c..bdc6bde109 100644
--- a/include/sysemu/tpm.h
+++ b/include/sysemu/tpm.h
@@ -46,9 +46,12 @@ int tpm_init(void);
 void tpm_cleanup(void);
 
 #define TYPE_TPM_TIS                "tpm-tis"
+#define TYPE_TPM_CRB                "tpm-crb"
 
 #define TPM_IS_TIS(chr)                             \
     object_dynamic_cast(OBJECT(chr), TYPE_TPM_TIS)
+#define TPM_IS_CRB(chr)                             \
+    object_dynamic_cast(OBJECT(chr), TYPE_TPM_CRB)
 
 static inline TPMIf *tpm_find(void)
 {
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index ee38b00e31..f9345c75e6 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2224,6 +2224,22 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
             aml_append(sb_scope, scope);
         }
     }
+
+    if (TPM_IS_CRB(tpm_find())) {
+        dev = aml_device("TPM");
+        aml_append(dev, aml_name_decl("_HID", aml_string("MSFT0101")));
+        crs = aml_resource_template();
+        aml_append(crs, aml_memory32_fixed(TPM_CRB_ADDR_BASE,
+                                           TPM_CRB_ADDR_SIZE, AML_READ_WRITE));
+        aml_append(dev, aml_name_decl("_CRS", crs));
+
+        method = aml_method("_STA", 0, AML_NOTSERIALIZED);
+        aml_append(method, aml_return(aml_int(0x0f)));
+        aml_append(dev, method);
+
+        aml_append(sb_scope, dev);
+    }
+
     aml_append(dsdt, sb_scope);
 
     /* copy AML table into ACPI tables blob and patch header there */
@@ -2284,6 +2300,9 @@ build_tpm2(GArray *table_data, BIOSLinker *linker)
     if (TPM_IS_TIS(tpm_find())) {
         tpm2_ptr->control_area_address = cpu_to_le64(0);
         tpm2_ptr->start_method = cpu_to_le32(TPM2_START_METHOD_MMIO);
+    } else if (TPM_IS_CRB(tpm_find())) {
+        tpm2_ptr->control_area_address = cpu_to_le32(TPM_CRB_ADDR_CTRL);
+        tpm2_ptr->start_method = cpu_to_le32(TPM2_START_METHOD_CRB);
     } else {
         g_warn_if_reached();
     }
diff --git a/hw/tpm/tpm_crb.c b/hw/tpm/tpm_crb.c
new file mode 100644
index 0000000000..64039ebc8e
--- /dev/null
+++ b/hw/tpm/tpm_crb.c
@@ -0,0 +1,320 @@
+/*
+ * tpm_crb.c - QEMU's TPM CRB interface emulator
+ *
+ * Copyright (c) 2017 Red Hat, Inc.
+ *
+ * Authors:
+ *   Marc-André Lureau <marcandre.lureau@redhat.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ * tpm_crb is a device for TPM 2.0 Command Response Buffer (CRB) Interface
+ * as defined in TCG PC Client Platform TPM Profile (PTP) Specification
+ * Family “2.0” Level 00 Revision 01.03 v22
+ */
+
+#include "qemu/osdep.h"
+
+#include "qemu-common.h"
+#include "qapi/error.h"
+#include "hw/sysbus.h"
+#include "exec/address-spaces.h"
+
+#include "hw/pci/pci_ids.h"
+#include "hw/acpi/tpm.h"
+#include "sysemu/tpm_backend.h"
+#include "tpm_int.h"
+#include "tpm_util.h"
+
+typedef struct CRBState {
+    SysBusDevice parent_obj;
+
+    MemoryRegion mmio;
+    MemoryRegion cmdmem;
+    char *backend;
+    TPMBackend *tpmbe;
+    TPMBackendCmd cmd;
+    struct crb_regs regs;
+} CRBState;
+
+#define CRB(obj) OBJECT_CHECK(CRBState, (obj), TYPE_TPM_CRB)
+
+#define DEBUG_CRB 0
+
+#define DPRINTF(fmt, ...) do {                  \
+        if (DEBUG_CRB) {                        \
+            printf(fmt, ## __VA_ARGS__);        \
+        }                                       \
+    } while (0);
+
+#define CRB_ADDR_LOC_STATE offsetof(struct crb_regs, loc_state)
+#define CRB_ADDR_LOC_CTRL offsetof(struct crb_regs, loc_ctrl)
+#define CRB_ADDR_CTRL_REQ offsetof(struct crb_regs, ctrl_req)
+#define CRB_ADDR_CTRL_CANCEL offsetof(struct crb_regs, ctrl_cancel)
+#define CRB_ADDR_CTRL_START offsetof(struct crb_regs, ctrl_start)
+
+#define CRB_INTF_TYPE_CRB_ACTIVE 0b1
+#define CRB_INTF_VERSION_CRB 0b1
+#define CRB_INTF_CAP_LOCALITY_0_ONLY 0b0
+#define CRB_INTF_CAP_IDLE_FAST 0b0
+#define CRB_INTF_CAP_XFER_SIZE_64 0b11
+#define CRB_INTF_CAP_FIFO_NOT_SUPPORTED 0b0
+#define CRB_INTF_CAP_CRB_SUPPORTED 0b1
+#define CRB_INTF_IF_SELECTOR_CRB 0b1
+#define CRB_INTF_IF_SELECTOR_UNLOCKED 0b0
+
+#define CRB_CTRL_CMD_SIZE (TPM_CRB_ADDR_SIZE - sizeof(struct crb_regs))
+
+enum crb_loc_ctrl {
+    CRB_LOC_CTRL_REQUEST_ACCESS = BIT(0),
+    CRB_LOC_CTRL_RELINQUISH = BIT(1),
+    CRB_LOC_CTRL_SEIZE = BIT(2),
+    CRB_LOC_CTRL_RESET_ESTABLISHMENT_BIT = BIT(3),
+};
+
+enum crb_ctrl_req {
+    CRB_CTRL_REQ_CMD_READY = BIT(0),
+    CRB_CTRL_REQ_GO_IDLE = BIT(1),
+};
+
+enum crb_ctrl_sts {
+    CRB_CTRL_STS_ERROR = BIT(0),
+    CRB_CTRL_STS_TPM_IDLE = BIT(1),
+};
+
+enum crb_start {
+    CRB_START_INVOKE = BIT(0),
+};
+
+enum crb_cancel {
+    CRB_CANCEL_INVOKE = BIT(0),
+};
+
+static const char *addr_desc(unsigned off)
+{
+    switch (off) {
+#define CASE(off)                               \
+    case offsetof(struct crb_regs, off):        \
+        return G_STRINGIFY(off)
+        CASE(loc_state);
+        CASE(reserved1);
+        CASE(loc_ctrl);
+        CASE(loc_sts);
+        CASE(reserved2);
+        CASE(intf_id);
+        CASE(ctrl_ext);
+        CASE(ctrl_req);
+        CASE(ctrl_sts);
+        CASE(ctrl_cancel);
+        CASE(ctrl_start);
+        CASE(ctrl_int_enable);
+        CASE(ctrl_int_sts);
+        CASE(ctrl_cmd_size);
+        CASE(ctrl_cmd_pa_low);
+        CASE(ctrl_cmd_pa_high);
+        CASE(ctrl_rsp_size);
+        CASE(ctrl_rsp_pa);
+#undef CASE
+    }
+    return NULL;
+}
+
+static uint64_t tpm_crb_mmio_read(void *opaque, hwaddr addr,
+                                  unsigned size)
+{
+    CRBState *s = CRB(opaque);
+    DPRINTF("CRB read %lx:%s %u\n", addr, addr_desc(addr), size);
+
+    /* all registers are 32-bit aligned */
+    if (addr % 4) {
+        return G_MAXUINT64;
+    }
+    return ((uint32_t *)&s->regs)[addr / 4];
+}
+
+static void tpm_crb_mmio_write(void *opaque, hwaddr addr,
+                               uint64_t val, unsigned size)
+{
+    CRBState *s = CRB(opaque);
+    DPRINTF("CRB write %lx:%s %lu %u\n", addr, addr_desc(addr), val, size);
+
+    switch (addr) {
+    case CRB_ADDR_CTRL_REQ:
+        switch (val) {
+        case CRB_CTRL_REQ_CMD_READY:
+            s->regs.ctrl_sts_bits.tpm_idle = 0;
+            break;
+        case CRB_CTRL_REQ_GO_IDLE:
+            s->regs.ctrl_sts_bits.tpm_idle = 1;
+            break;
+        }
+        break;
+    case CRB_ADDR_CTRL_CANCEL:
+        if (val == CRB_CANCEL_INVOKE && s->regs.ctrl_start & CRB_START_INVOKE) {
+            tpm_backend_cancel_cmd(s->tpmbe);
+        }
+        break;
+    case CRB_ADDR_CTRL_START:
+        if (val == CRB_START_INVOKE &&
+            !(s->regs.ctrl_start & CRB_START_INVOKE)) {
+            void *mem = memory_region_get_ram_ptr(&s->cmdmem);
+
+            s->regs.ctrl_start |= CRB_START_INVOKE;
+            s->cmd = (TPMBackendCmd) {
+                .in = mem,
+                .in_len = MIN(tpm_cmd_get_size(mem), CRB_CTRL_CMD_SIZE),
+                .out = mem,
+                .out_len = CRB_CTRL_CMD_SIZE,
+            };
+
+            tpm_backend_deliver_request(s->tpmbe, &s->cmd);
+        }
+        break;
+    case CRB_ADDR_LOC_CTRL:
+        switch (val) {
+        case CRB_LOC_CTRL_RESET_ESTABLISHMENT_BIT:
+            /* not loc 3 or 4 */
+            break;
+        case CRB_LOC_CTRL_RELINQUISH:
+            break;
+        case CRB_LOC_CTRL_REQUEST_ACCESS:
+            s->regs.loc_state_bits.loc_assigned = 1;
+            s->regs.loc_state_bits.tpm_reg_valid_sts = 1;
+            break;
+        }
+        break;
+    }
+}
+
+static const MemoryRegionOps tpm_crb_memory_ops = {
+    .read = tpm_crb_mmio_read,
+    .write = tpm_crb_mmio_write,
+    .endianness = DEVICE_LITTLE_ENDIAN,
+    .valid = {
+        .min_access_size = 1,
+        .max_access_size = 4,
+    },
+};
+
+static void tpm_crb_reset(DeviceState *dev)
+{
+    CRBState *s = CRB(dev);
+
+    s->regs = (struct crb_regs) {
+        .intf_id_bits = {
+            .type = CRB_INTF_TYPE_CRB_ACTIVE,
+            .version = CRB_INTF_VERSION_CRB,
+            .cap_locality = CRB_INTF_CAP_LOCALITY_0_ONLY,
+            .cap_crb_idle_bypass = CRB_INTF_CAP_IDLE_FAST,
+            .cap_data_xfer_size_support = CRB_INTF_CAP_XFER_SIZE_64,
+            .cap_fifo = CRB_INTF_CAP_FIFO_NOT_SUPPORTED,
+            .cap_crb = CRB_INTF_CAP_CRB_SUPPORTED,
+            .cap_if_res = 0b0,
+            .if_selector = CRB_INTF_IF_SELECTOR_CRB,
+            .if_selector_lock = CRB_INTF_IF_SELECTOR_UNLOCKED,
+            .rid = 0b0001,
+            .vid = PCI_VENDOR_ID_IBM,
+            .did = 0b0001,
+        },
+        .ctrl_cmd_size = CRB_CTRL_CMD_SIZE,
+        .ctrl_cmd_pa_low = TPM_CRB_ADDR_BASE + sizeof(struct crb_regs),
+        .ctrl_rsp_size = CRB_CTRL_CMD_SIZE,
+        .ctrl_rsp_pa = TPM_CRB_ADDR_BASE + sizeof(struct crb_regs),
+    };
+
+    tpm_backend_reset(s->tpmbe);
+    tpm_backend_startup_tpm(s->tpmbe);
+}
+
+static void tpm_crb_request_completed(TPMIf *ti)
+{
+    CRBState *s = CRB(ti);
+
+    s->regs.ctrl_start &= ~CRB_START_INVOKE;
+    /* TODO, in case of error: s->regs.ctrl_sts = CRB_CTRL_STS_ERROR */
+}
+
+static enum TPMVersion tpm_crb_get_version(TPMIf *ti)
+{
+    CRBState *s = CRB(ti);
+
+    return tpm_backend_get_tpm_version(s->tpmbe);
+}
+
+static const VMStateDescription vmstate_tpm_crb = {
+    .name = "tpm-crb",
+    .unmigratable = 1,
+};
+
+static Property tpm_crb_properties[] = {
+    DEFINE_PROP_STRING("tpmdev", CRBState, backend),
+    DEFINE_PROP_END_OF_LIST(),
+};
+
+static void tpm_crb_realizefn(DeviceState *dev, Error **errp)
+{
+    CRBState *s = CRB(dev);
+    SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+
+    if (!tpm_find()) {
+        error_setg(errp, "at most one TPM device is permitted");
+        return;
+    }
+
+    s->tpmbe = qemu_find_tpm_be(s->backend);
+    if (!s->tpmbe) {
+        error_setg(errp, "tpm-crb: backend driver with id '%s' could not be "
+                   "found", s->backend);
+        return;
+    }
+
+    if (tpm_backend_init(s->tpmbe, TPM_IF(s), errp)) {
+        return;
+    }
+
+    memory_region_init_io(&s->mmio, OBJECT(s), &tpm_crb_memory_ops, s,
+        "tpm-crb-mmio", sizeof(struct crb_regs));
+    memory_region_init_ram(&s->cmdmem, OBJECT(s),
+        "tpm-crb-cmd", CRB_CTRL_CMD_SIZE, errp);
+
+    sysbus_init_mmio(sbd, &s->mmio);
+    sysbus_mmio_map(sbd, 0, TPM_CRB_ADDR_BASE);
+    /* allocate ram in bios instead? */
+    memory_region_add_subregion(get_system_memory(),
+        TPM_CRB_ADDR_BASE + sizeof(struct crb_regs), &s->cmdmem);
+}
+
+static void tpm_crb_class_init(ObjectClass *klass, void *data)
+{
+    DeviceClass *dc = DEVICE_CLASS(klass);
+    TPMIfClass *tc = TPM_IF_CLASS(klass);
+
+    dc->realize = tpm_crb_realizefn;
+    dc->props = tpm_crb_properties;
+    dc->reset = tpm_crb_reset;
+    dc->vmsd  = &vmstate_tpm_crb;
+    dc->user_creatable = true;
+    tc->model = TPM_MODEL_TPM_CRB;
+    tc->get_version = tpm_crb_get_version;
+    tc->request_completed = tpm_crb_request_completed;
+}
+
+static const TypeInfo tpm_crb_info = {
+    .name = TYPE_TPM_CRB,
+    .parent = TYPE_SYS_BUS_DEVICE,
+    .instance_size = sizeof(CRBState),
+    .class_init  = tpm_crb_class_init,
+    .interfaces = (InterfaceInfo[]) {
+        { TYPE_TPM_IF },
+        { }
+    }
+};
+
+static void tpm_crb_register(void)
+{
+    type_register_static(&tpm_crb_info);
+    tpm_register_model(TPM_MODEL_TPM_CRB);
+}
+
+type_init(tpm_crb_register)
diff --git a/default-configs/i386-softmmu.mak b/default-configs/i386-softmmu.mak
index d2ab2f6655..c10afe953a 100644
--- a/default-configs/i386-softmmu.mak
+++ b/default-configs/i386-softmmu.mak
@@ -36,6 +36,7 @@ CONFIG_APPLESMC=y
 CONFIG_I8259=y
 CONFIG_PFLASH_CFI01=y
 CONFIG_TPM_TIS=$(CONFIG_TPM)
+CONFIG_TPM_CRB=$(CONFIG_TPM)
 CONFIG_MC146818RTC=y
 CONFIG_PCI_PIIX=y
 CONFIG_WDT_IB700=y
diff --git a/default-configs/x86_64-softmmu.mak b/default-configs/x86_64-softmmu.mak
index 9bde2f1c4b..1a6004f3f8 100644
--- a/default-configs/x86_64-softmmu.mak
+++ b/default-configs/x86_64-softmmu.mak
@@ -36,6 +36,7 @@ CONFIG_APPLESMC=y
 CONFIG_I8259=y
 CONFIG_PFLASH_CFI01=y
 CONFIG_TPM_TIS=$(CONFIG_TPM)
+CONFIG_TPM_CRB=$(CONFIG_TPM)
 CONFIG_MC146818RTC=y
 CONFIG_PCI_PIIX=y
 CONFIG_WDT_IB700=y
diff --git a/hw/tpm/Makefile.objs b/hw/tpm/Makefile.objs
index 41f0b7a590..5c98af0de4 100644
--- a/hw/tpm/Makefile.objs
+++ b/hw/tpm/Makefile.objs
@@ -1,3 +1,4 @@
 common-obj-$(CONFIG_TPM_TIS) += tpm_tis.o
+common-obj-$(CONFIG_TPM_CRB) += tpm_crb.o
 common-obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o tpm_util.o
 common-obj-$(CONFIG_TPM_EMULATOR) += tpm_emulator.o tpm_util.o
-- 
2.14.1.146.gd35faa819

Re: [Qemu-devel] [PATCH 00/42] TPM: code cleanup & CRB device

[no-reply]

Hi,

This series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 20171009225623.29232-1-marcandre.lureau@redhat.com
Subject: [Qemu-devel] [PATCH 00/42] TPM: code cleanup & CRB device

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=8
time make docker-test-quick@centos6
time make docker-test-build@min-glib
time make docker-test-mingw@fedora
time make docker-test-block@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]               patchew/20171009225623.29232-1-marcandre.lureau@redhat.com -> patchew/20171009225623.29232-1-marcandre.lureau@redhat.com
Switched to a new branch 'test'
1dce39db4e WIP: add TPM CRB device
481a3ff9a1 tpm-emulator: add a FIXME comment about blocking cancel
92b718f0bc acpi: change TPM TIS data conditions
7a5b3c7e34 tpm: add tpm_cmd_get_size() to tpm_util
c86a6c13fe tpm: add TPM interface to lookup TPM version
cb6c286a51 tpm: lookup the the TPM interface instead of TIS device
0a9cb16319 tpm: rename qemu_find_tpm() -> qemu_find_tpm_be()
3d466eac2e tpm-tis: simplify header inclusion
051ab09e7f tpm-passthrough: workaround a possible race
e71b0dfd67 tpm-passthrough: remove error cleanup from handle_device_opts
61a0c63b00 tpm-passthrough: make it safer to destroy after creation
97eff12f27 tpm-backend: move set 'id' to common code
e27125f135 tpm-passthrough: pass TPMPassthruState to handle_device_opts
ecc5e62220 tpm-be: update optional function pointers
89c2da5c03 tpm-passthrough: don't save guessed cancel_path in options
3b407217ac tpm: remove unused opened code
3c2d81a760 tpm-be: ask model to the TPM interface
e17d2a2182 tpm-be: report error instead of front-end
f6ef06e45a tpm-be: call request_completed() out of thread
66e88599a8 tpm-tis: no longer expose TPMState
2c1dd01ce2 tpm-backend: store TPMIf interface, improve backend_init()
ab75259a6a tpm: move recv_data_callback to TPM interface
ed74316259 tpm: add a QOM TPM interface
f337bf38c4 tpm-tis: fold TPMTISEmuState in TPMState
ea1ab75a79 tpm-tis: remove tpm_tis.h header
9e5a008957 tpm-tis: move TPMState to TIS header
d3876cfd87 tpm: remove locty_data from TPMState
fa98b71832 tpm-emulator: fix error handling
615d6665cf tpm: add TPMBackendCmd to hold the request state
efcbfbf394 tpm: remove locty argument from receive_cb
275316a7ec tpm: remove needless cast
31f46d602f tpm: remove unused TPMBackendCmd
6f3a9189fa tpm: remove configure_tpm() hop
caffb9d70e tpm: remove init() class method
e409f33d71 tpm: remove TPMDriverOps
469aa44016 tpm: move TPMSizedBuffer to tpm_tis.h
3ab076999f tpm: remove tpm_register_driver()
989a4ad6b3 tpm: replace tpm_get_backend_driver() to drop be_drivers
c2f5ab0c8a tpm: lookup tpm backend class in tpm_driver_find_by_type()
b6b7b04801 tpm: make tpm_get_backend_driver() static
c20e4a8a99 tpm-tis: remove RAISE_STS_IRQ
4cb2372572 tpm-tis: remove unused hw_access argument

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into '/var/tmp/patchew-tester-tmp-0efrn1fp/src/dtc'...
Submodule path 'dtc': checked out '558cd81bdd432769b59bff01240c44f82cfb1a9d'
  BUILD   centos6
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-0efrn1fp/src'
  GEN     docker-src.2017-10-09-19.30.27.26521/qemu.tar
  COPY    RUNNER
    RUN test-quick in qemu:centos6 
Packages installed:
SDL-devel-1.2.14-7.el6_7.1.x86_64
bison-2.4.1-5.el6.x86_64
bzip2-devel-1.0.5-7.el6_0.x86_64
ccache-3.1.6-2.el6.x86_64
csnappy-devel-0-6.20150729gitd7bc683.el6.x86_64
flex-2.5.35-9.el6.x86_64
gcc-4.4.7-18.el6.x86_64
gettext-0.17-18.el6.x86_64
git-1.7.1-9.el6_9.x86_64
glib2-devel-2.28.8-9.el6.x86_64
libepoxy-devel-1.2-3.el6.x86_64
libfdt-devel-1.4.0-1.el6.x86_64
librdmacm-devel-1.0.21-0.el6.x86_64
lzo-devel-2.03-3.1.el6_5.1.x86_64
make-3.81-23.el6.x86_64
mesa-libEGL-devel-11.0.7-4.el6.x86_64
mesa-libgbm-devel-11.0.7-4.el6.x86_64
package g++ is not installed
pixman-devel-0.32.8-1.el6.x86_64
spice-glib-devel-0.26-8.el6.x86_64
spice-server-devel-0.12.4-16.el6.x86_64
tar-1.23-15.el6_8.x86_64
vte-devel-0.25.1-9.el6.x86_64
xen-devel-4.6.6-2.el6.x86_64
zlib-devel-1.2.3-29.el6.x86_64

Environment variables:
PACKAGES=bison     bzip2-devel     ccache     csnappy-devel     flex     g++     gcc     gettext     git     glib2-devel     libepoxy-devel     libfdt-devel     librdmacm-devel     lzo-devel     make     mesa-libEGL-devel     mesa-libgbm-devel     pixman-devel     SDL-devel     spice-glib-devel     spice-server-devel     tar     vte-devel     xen-devel     zlib-devel
HOSTNAME=6bc53d17e441
TERM=xterm
MAKEFLAGS= -j8
J=8
CCACHE_DIR=/var/tmp/ccache
EXTRA_CONFIGURE_OPTS=
V=
SHOW_ENV=1
PATH=/usr/lib/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
TARGET_LIST=
SHLVL=1
HOME=/root
TEST_DIR=/tmp/qemu-test
FEATURES= dtc
DEBUG=
_=/usr/bin/env

Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu --prefix=/tmp/qemu-test/install
No C++ compiler available; disabling C++ specific optional code
Install prefix    /tmp/qemu-test/install
BIOS directory    /tmp/qemu-test/install/share/qemu
firmware path     /tmp/qemu-test/install/share/qemu-firmware
binary directory  /tmp/qemu-test/install/bin
library directory /tmp/qemu-test/install/lib
module directory  /tmp/qemu-test/install/lib/qemu
libexec directory /tmp/qemu-test/install/libexec
include directory /tmp/qemu-test/install/include
config directory  /tmp/qemu-test/install/etc
local state directory   /tmp/qemu-test/install/var
Manual directory  /tmp/qemu-test/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path       /tmp/qemu-test/src
C compiler        cc
Host C compiler   cc
C++ compiler      
Objective-C compiler cc
ARFLAGS           rv
CFLAGS            -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -g 
QEMU_CFLAGS       -I/usr/include/pixman-1   -I$(SRC_PATH)/dtc/libfdt -pthread -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include   -DNCURSES_WIDECHAR   -fPIE -DPIE -m64 -mcx16 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv  -Wendif-labels -Wno-missing-include-dirs -Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wold-style-declaration -Wold-style-definition -Wtype-limits -fstack-protector-all  -I/usr/include/libpng12   -I/usr/include/libdrm     -I/usr/include/spice-server -I/usr/include/cacard -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/pixman-1 -I/usr/include/nss3 -I/usr/include/nspr4 -I/usr/include/spice-1  
LDFLAGS           -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g 
make              make
install           install
python            python -B
smbd              /usr/sbin/smbd
module support    no
host CPU          x86_64
host big endian   no
target list       x86_64-softmmu aarch64-softmmu
gprof enabled     no
sparse enabled    no
strip binaries    yes
profiler          no
static build      no
SDL support       yes (1.2.14)
GTK support       yes (2.24.23)
GTK GL support    no
VTE support       yes (0.25.1)
TLS priority      NORMAL
GNUTLS support    no
GNUTLS rnd        no
libgcrypt         no
libgcrypt kdf     no
nettle            no 
nettle kdf        no
libtasn1          no
curses support    yes
virgl support     no
curl support      no
mingw32 support   no
Audio drivers     oss
Block whitelist (rw) 
Block whitelist (ro) 
VirtFS support    no
Multipath support no
VNC support       yes
VNC SASL support  no
VNC JPEG support  yes
VNC PNG support   yes
xen support       yes
xen ctrl version  40600
pv dom build      no
brlapi support    no
bluez  support    no
Documentation     no
PIE               yes
vde support       no
netmap support    no
Linux AIO support no
ATTR/XATTR support yes
Install blobs     yes
KVM support       yes
HAX support       no
TCG support       yes
TCG debug enabled no
TCG interpreter   no
RDMA support      yes
fdt support       yes
preadv support    yes
fdatasync         yes
madvise           yes
posix_madvise     yes
libcap-ng support no
vhost-net support yes
vhost-scsi support yes
vhost-vsock support yes
vhost-user support yes
Trace backends    log
spice support     yes (0.12.6/0.12.4)
rbd support       no
xfsctl support    no
smartcard support yes
libusb            no
usb net redir     no
OpenGL support    yes
OpenGL dmabufs    no
libiscsi support  no
libnfs support    no
build guest agent yes
QGA VSS support   no
QGA w32 disk info no
QGA MSI support   no
seccomp support   no
coroutine backend ucontext
coroutine pool    yes
debug stack usage no
crypto afalg      no
GlusterFS support no
gcov              gcov
gcov enabled      no
TPM support       yes
libssh2 support   no
TPM passthrough   yes
TPM emulator      yes
QOM debugging     yes
Live block migration yes
lzo support       yes
snappy support    no
bzip2 support     yes
NUMA host support no
tcmalloc support  no
jemalloc support  no
avx2 optimization no
replication support yes
VxHS block device no
mkdir -p dtc/libfdt
mkdir -p dtc/tests
  GEN     x86_64-softmmu/config-devices.mak.tmp
  GEN     aarch64-softmmu/config-devices.mak.tmp
  GEN     qemu-options.def
  GEN     config-host.h
  GEN     qapi-types.h
  GEN     qmp-commands.h
  GEN     qapi-visit.h
  GEN     qapi-event.h
  GEN     x86_64-softmmu/config-devices.mak
  GEN     aarch64-softmmu/config-devices.mak
  GEN     qmp-marshal.c
  GEN     qapi-types.c
  GEN     qapi-visit.c
  GEN     qapi-event.c
  GEN     qmp-introspect.h
  GEN     qmp-introspect.c
  GEN     trace/generated-tcg-tracers.h
  GEN     trace/generated-helpers-wrappers.h
  GEN     trace/generated-helpers.h
  GEN     trace/generated-helpers.c
  GEN     module_block.h
  GEN     tests/test-qapi-types.h
  GEN     tests/test-qapi-visit.h
  GEN     tests/test-qmp-commands.h
  GEN     tests/test-qapi-event.h
  GEN     tests/test-qmp-introspect.h
  GEN     trace-root.h
  GEN     util/trace.h
  GEN     crypto/trace.h
  GEN     io/trace.h
  GEN     migration/trace.h
  GEN     block/trace.h
  GEN     chardev/trace.h
  GEN     hw/block/trace.h
  GEN     hw/block/dataplane/trace.h
  GEN     hw/char/trace.h
  GEN     hw/intc/trace.h
  GEN     hw/net/trace.h
  GEN     hw/virtio/trace.h
  GEN     hw/audio/trace.h
  GEN     hw/misc/trace.h
  GEN     hw/usb/trace.h
  GEN     hw/scsi/trace.h
  GEN     hw/nvram/trace.h
  GEN     hw/display/trace.h
  GEN     hw/input/trace.h
  GEN     hw/timer/trace.h
  GEN     hw/dma/trace.h
  GEN     hw/sparc/trace.h
  GEN     hw/sd/trace.h
  GEN     hw/isa/trace.h
  GEN     hw/mem/trace.h
  GEN     hw/i386/trace.h
  GEN     hw/i386/xen/trace.h
  GEN     hw/9pfs/trace.h
  GEN     hw/ppc/trace.h
  GEN     hw/pci/trace.h
  GEN     hw/s390x/trace.h
  GEN     hw/vfio/trace.h
  GEN     hw/acpi/trace.h
  GEN     hw/arm/trace.h
  GEN     hw/alpha/trace.h
  GEN     hw/xen/trace.h
  GEN     hw/ide/trace.h
  GEN     ui/trace.h
  GEN     audio/trace.h
  GEN     net/trace.h
  GEN     target/arm/trace.h
  GEN     target/i386/trace.h
  GEN     target/mips/trace.h
  GEN     target/sparc/trace.h
  GEN     target/s390x/trace.h
  GEN     target/ppc/trace.h
  GEN     qom/trace.h
  GEN     linux-user/trace.h
  GEN     qapi/trace.h
  GEN     accel/tcg/trace.h
  GEN     accel/kvm/trace.h
  GEN     nbd/trace.h
  GEN     scsi/trace.h
  GEN     trace-root.c
  GEN     util/trace.c
  GEN     crypto/trace.c
  GEN     io/trace.c
  GEN     migration/trace.c
  GEN     block/trace.c
  GEN     chardev/trace.c
  GEN     hw/block/trace.c
  GEN     hw/block/dataplane/trace.c
  GEN     hw/char/trace.c
  GEN     hw/intc/trace.c
  GEN     hw/net/trace.c
  GEN     hw/virtio/trace.c
  GEN     hw/audio/trace.c
  GEN     hw/misc/trace.c
  GEN     hw/usb/trace.c
  GEN     hw/scsi/trace.c
  GEN     hw/nvram/trace.c
  GEN     hw/display/trace.c
  GEN     hw/input/trace.c
  GEN     hw/timer/trace.c
  GEN     hw/dma/trace.c
  GEN     hw/sparc/trace.c
  GEN     hw/sd/trace.c
  GEN     hw/isa/trace.c
  GEN     hw/mem/trace.c
  GEN     hw/i386/trace.c
  GEN     hw/i386/xen/trace.c
  GEN     hw/9pfs/trace.c
  GEN     hw/ppc/trace.c
  GEN     hw/pci/trace.c
  GEN     hw/s390x/trace.c
  GEN     hw/vfio/trace.c
  GEN     hw/acpi/trace.c
  GEN     hw/arm/trace.c
  GEN     hw/alpha/trace.c
  GEN     hw/xen/trace.c
  GEN     hw/ide/trace.c
  GEN     ui/trace.c
  GEN     audio/trace.c
  GEN     net/trace.c
  GEN     target/arm/trace.c
  GEN     target/i386/trace.c
  GEN     target/mips/trace.c
  GEN     target/sparc/trace.c
  GEN     target/s390x/trace.c
  GEN     target/ppc/trace.c
  GEN     qom/trace.c
  GEN     linux-user/trace.c
  GEN     qapi/trace.c
  GEN     accel/tcg/trace.c
  GEN     accel/kvm/trace.c
  GEN     nbd/trace.c
  GEN     scsi/trace.c
  GEN     config-all-devices.mak
	 DEP /tmp/qemu-test/src/dtc/tests/dumptrees.c
	 DEP /tmp/qemu-test/src/dtc/tests/trees.S
	 DEP /tmp/qemu-test/src/dtc/tests/testutils.c
	 DEP /tmp/qemu-test/src/dtc/tests/value-labels.c
	 DEP /tmp/qemu-test/src/dtc/tests/asm_tree_dump.c
	 DEP /tmp/qemu-test/src/dtc/tests/truncated_property.c
	 DEP /tmp/qemu-test/src/dtc/tests/check_path.c
	 DEP /tmp/qemu-test/src/dtc/tests/overlay_bad_fixup.c
	 DEP /tmp/qemu-test/src/dtc/tests/overlay.c
	 DEP /tmp/qemu-test/src/dtc/tests/subnode_iterate.c
	 DEP /tmp/qemu-test/src/dtc/tests/property_iterate.c
	 DEP /tmp/qemu-test/src/dtc/tests/integer-expressions.c
	 DEP /tmp/qemu-test/src/dtc/tests/utilfdt_test.c
	 DEP /tmp/qemu-test/src/dtc/tests/path_offset_aliases.c
	 DEP /tmp/qemu-test/src/dtc/tests/add_subnode_with_nops.c
	 DEP /tmp/qemu-test/src/dtc/tests/dtbs_equal_unordered.c
	 DEP /tmp/qemu-test/src/dtc/tests/dtb_reverse.c
	 DEP /tmp/qemu-test/src/dtc/tests/dtbs_equal_ordered.c
	 DEP /tmp/qemu-test/src/dtc/tests/extra-terminating-null.c
	 DEP /tmp/qemu-test/src/dtc/tests/incbin.c
	 DEP /tmp/qemu-test/src/dtc/tests/boot-cpuid.c
	 DEP /tmp/qemu-test/src/dtc/tests/phandle_format.c
	 DEP /tmp/qemu-test/src/dtc/tests/references.c
	 DEP /tmp/qemu-test/src/dtc/tests/path-references.c
	 DEP /tmp/qemu-test/src/dtc/tests/string_escapes.c
	 DEP /tmp/qemu-test/src/dtc/tests/propname_escapes.c
	 DEP /tmp/qemu-test/src/dtc/tests/appendprop2.c
	 DEP /tmp/qemu-test/src/dtc/tests/appendprop1.c
	 DEP /tmp/qemu-test/src/dtc/tests/del_node.c
	 DEP /tmp/qemu-test/src/dtc/tests/del_property.c
	 DEP /tmp/qemu-test/src/dtc/tests/setprop.c
	 DEP /tmp/qemu-test/src/dtc/tests/set_name.c
	 DEP /tmp/qemu-test/src/dtc/tests/rw_tree1.c
	 DEP /tmp/qemu-test/src/dtc/tests/open_pack.c
	 DEP /tmp/qemu-test/src/dtc/tests/nopulate.c
	 DEP /tmp/qemu-test/src/dtc/tests/mangle-layout.c
	 DEP /tmp/qemu-test/src/dtc/tests/move_and_save.c
	 DEP /tmp/qemu-test/src/dtc/tests/sw_tree1.c
	 DEP /tmp/qemu-test/src/dtc/tests/nop_node.c
	 DEP /tmp/qemu-test/src/dtc/tests/nop_property.c
	 DEP /tmp/qemu-test/src/dtc/tests/setprop_inplace.c
	 DEP /tmp/qemu-test/src/dtc/tests/stringlist.c
	 DEP /tmp/qemu-test/src/dtc/tests/addr_size_cells.c
	 DEP /tmp/qemu-test/src/dtc/tests/notfound.c
	 DEP /tmp/qemu-test/src/dtc/tests/sized_cells.c
	 DEP /tmp/qemu-test/src/dtc/tests/char_literal.c
	 DEP /tmp/qemu-test/src/dtc/tests/get_alias.c
	 DEP /tmp/qemu-test/src/dtc/tests/node_offset_by_compatible.c
	 DEP /tmp/qemu-test/src/dtc/tests/node_check_compatible.c
	 DEP /tmp/qemu-test/src/dtc/tests/node_offset_by_phandle.c
	 DEP /tmp/qemu-test/src/dtc/tests/node_offset_by_prop_value.c
	 DEP /tmp/qemu-test/src/dtc/tests/supernode_atdepth_offset.c
	 DEP /tmp/qemu-test/src/dtc/tests/parent_offset.c
	 DEP /tmp/qemu-test/src/dtc/tests/get_path.c
	 DEP /tmp/qemu-test/src/dtc/tests/get_phandle.c
	 DEP /tmp/qemu-test/src/dtc/tests/getprop.c
	 DEP /tmp/qemu-test/src/dtc/tests/get_name.c
	 DEP /tmp/qemu-test/src/dtc/tests/path_offset.c
	 DEP /tmp/qemu-test/src/dtc/tests/subnode_offset.c
	 DEP /tmp/qemu-test/src/dtc/tests/find_property.c
	 DEP /tmp/qemu-test/src/dtc/tests/root_node.c
	 DEP /tmp/qemu-test/src/dtc/tests/get_mem_rsv.c
	 DEP /tmp/qemu-test/src/dtc/libfdt/fdt_overlay.c
	 DEP /tmp/qemu-test/src/dtc/libfdt/fdt_addresses.c
	 DEP /tmp/qemu-test/src/dtc/libfdt/fdt_empty_tree.c
	 DEP /tmp/qemu-test/src/dtc/libfdt/fdt_strerror.c
	 DEP /tmp/qemu-test/src/dtc/libfdt/fdt_rw.c
	 DEP /tmp/qemu-test/src/dtc/libfdt/fdt_sw.c
	 DEP /tmp/qemu-test/src/dtc/libfdt/fdt_wip.c
	 DEP /tmp/qemu-test/src/dtc/libfdt/fdt_ro.c
	 DEP /tmp/qemu-test/src/dtc/libfdt/fdt.c
	 DEP /tmp/qemu-test/src/dtc/util.c
	 DEP /tmp/qemu-test/src/dtc/fdtput.c
	 DEP /tmp/qemu-test/src/dtc/fdtget.c
	 DEP /tmp/qemu-test/src/dtc/fdtdump.c
	 LEX convert-dtsv0-lexer.lex.c
	 DEP /tmp/qemu-test/src/dtc/srcpos.c
	 BISON dtc-parser.tab.c
	 LEX dtc-lexer.lex.c
	 DEP /tmp/qemu-test/src/dtc/livetree.c
	 DEP /tmp/qemu-test/src/dtc/fstree.c
	 DEP /tmp/qemu-test/src/dtc/treesource.c
	 DEP /tmp/qemu-test/src/dtc/flattree.c
	 DEP /tmp/qemu-test/src/dtc/dtc.c
	 DEP /tmp/qemu-test/src/dtc/data.c
	 DEP /tmp/qemu-test/src/dtc/checks.c
	 DEP convert-dtsv0-lexer.lex.c
	 DEP dtc-parser.tab.c
	 DEP dtc-lexer.lex.c
	CHK version_gen.h
	UPD version_gen.h
	 DEP /tmp/qemu-test/src/dtc/util.c
	 CC libfdt/fdt.o
	 CC libfdt/fdt_wip.o
	 CC libfdt/fdt_ro.o
	 CC libfdt/fdt_sw.o
	 CC libfdt/fdt_strerror.o
	 CC libfdt/fdt_rw.o
	 CC libfdt/fdt_empty_tree.o
	 CC libfdt/fdt_addresses.o
	 CC libfdt/fdt_overlay.o
	 AR libfdt/libfdt.a
ar: creating libfdt/libfdt.a
a - libfdt/fdt.o
a - libfdt/fdt_ro.o
a - libfdt/fdt_wip.o
a - libfdt/fdt_sw.o
a - libfdt/fdt_rw.o
a - libfdt/fdt_strerror.o
a - libfdt/fdt_empty_tree.o
a - libfdt/fdt_addresses.o
a - libfdt/fdt_overlay.o
  CC      tests/qemu-iotests/socket_scm_helper.o
  GEN     qga/qapi-generated/qga-qapi-types.h
  GEN     qga/qapi-generated/qga-qapi-visit.h
  GEN     qga/qapi-generated/qga-qapi-visit.c
  GEN     qga/qapi-generated/qga-qapi-types.c
  GEN     qga/qapi-generated/qga-qmp-commands.h
  GEN     qga/qapi-generated/qga-qmp-marshal.c
  CC      qmp-introspect.o
  CC      qapi-types.o
  CC      qapi-visit.o
  CC      qapi-event.o
  CC      qapi/qapi-visit-core.o
  CC      qapi/qobject-input-visitor.o
  CC      qapi/qapi-dealloc-visitor.o
  CC      qapi/qobject-output-visitor.o
  CC      qapi/qmp-registry.o
  CC      qapi/qmp-dispatch.o
  CC      qapi/string-input-visitor.o
  CC      qapi/string-output-visitor.o
  CC      qapi/opts-visitor.o
  CC      qapi/qapi-clone-visitor.o
  CC      qapi/qmp-event.o
  CC      qapi/qapi-util.o
  CC      qobject/qnull.o
  CC      qobject/qnum.o
  CC      qobject/qstring.o
  CC      qobject/qdict.o
  CC      qobject/qlist.o
  CC      qobject/qbool.o
  CC      qobject/qlit.o
  CC      qobject/qjson.o
  CC      qobject/qobject.o
  CC      qobject/json-lexer.o
  CC      qobject/json-streamer.o
  CC      qobject/json-parser.o
  CC      trace/control.o
  CC      trace/qmp.o
  CC      util/osdep.o
  CC      util/cutils.o
  CC      util/unicode.o
  CC      util/qemu-timer-common.o
  CC      util/bufferiszero.o
  CC      util/lockcnt.o
  CC      util/aiocb.o
  CC      util/async.o
  CC      util/thread-pool.o
  CC      util/qemu-timer.o
  CC      util/main-loop.o
  CC      util/iohandler.o
  CC      util/aio-posix.o
  CC      util/compatfd.o
  CC      util/event_notifier-posix.o
  CC      util/mmap-alloc.o
  CC      util/oslib-posix.o
  CC      util/qemu-openpty.o
  CC      util/qemu-thread-posix.o
  CC      util/memfd.o
  CC      util/envlist.o
  CC      util/path.o
  CC      util/module.o
  CC      util/host-utils.o
  CC      util/bitmap.o
  CC      util/bitops.o
  CC      util/hbitmap.o
  CC      util/acl.o
  CC      util/fifo8.o
  CC      util/cacheinfo.o
  CC      util/error.o
  CC      util/qemu-error.o
  CC      util/id.o
  CC      util/iov.o
  CC      util/qemu-config.o
  CC      util/qemu-sockets.o
  CC      util/uri.o
  CC      util/notify.o
  CC      util/qemu-option.o
  CC      util/qemu-progress.o
  CC      util/keyval.o
  CC      util/hexdump.o
  CC      util/crc32c.o
  CC      util/uuid.o
  CC      util/throttle.o
  CC      util/getauxval.o
  CC      util/readline.o
  CC      util/rcu.o
  CC      util/qemu-coroutine.o
  CC      util/qemu-coroutine-lock.o
  CC      util/qemu-coroutine-io.o
  CC      util/qemu-coroutine-sleep.o
  CC      util/coroutine-ucontext.o
  CC      util/buffer.o
  CC      util/timed-average.o
  CC      util/base64.o
  CC      util/log.o
  CC      util/qdist.o
  CC      util/qht.o
  CC      util/range.o
  CC      util/stats64.o
  CC      util/systemd.o
  CC      trace-root.o
  CC      util/trace.o
  CC      crypto/trace.o
  CC      io/trace.o
  CC      migration/trace.o
  CC      block/trace.o
  CC      chardev/trace.o
  CC      hw/block/trace.o
  CC      hw/block/dataplane/trace.o
  CC      hw/char/trace.o
  CC      hw/intc/trace.o
  CC      hw/net/trace.o
  CC      hw/virtio/trace.o
  CC      hw/audio/trace.o
  CC      hw/misc/trace.o
  CC      hw/usb/trace.o
  CC      hw/scsi/trace.o
  CC      hw/nvram/trace.o
  CC      hw/display/trace.o
  CC      hw/input/trace.o
  CC      hw/timer/trace.o
  CC      hw/dma/trace.o
  CC      hw/sparc/trace.o
  CC      hw/sd/trace.o
  CC      hw/isa/trace.o
  CC      hw/mem/trace.o
  CC      hw/i386/trace.o
  CC      hw/i386/xen/trace.o
  CC      hw/9pfs/trace.o
  CC      hw/ppc/trace.o
  CC      hw/pci/trace.o
  CC      hw/s390x/trace.o
  CC      hw/vfio/trace.o
  CC      hw/acpi/trace.o
  CC      hw/arm/trace.o
  CC      hw/alpha/trace.o
  CC      hw/xen/trace.o
  CC      hw/ide/trace.o
  CC      ui/trace.o
  CC      audio/trace.o
  CC      net/trace.o
  CC      target/arm/trace.o
  CC      target/i386/trace.o
  CC      target/mips/trace.o
  CC      target/sparc/trace.o
  CC      target/s390x/trace.o
  CC      target/ppc/trace.o
  CC      qom/trace.o
  CC      linux-user/trace.o
  CC      qapi/trace.o
  CC      accel/tcg/trace.o
  CC      accel/kvm/trace.o
  CC      nbd/trace.o
  CC      scsi/trace.o
  CC      crypto/pbkdf-stub.o
  CC      stubs/arch-query-cpu-def.o
  CC      stubs/arch-query-cpu-model-expansion.o
  CC      stubs/arch-query-cpu-model-comparison.o
  CC      stubs/arch-query-cpu-model-baseline.o
  CC      stubs/bdrv-next-monitor-owned.o
  CC      stubs/blk-commit-all.o
  CC      stubs/blockdev-close-all-bdrv-states.o
  CC      stubs/clock-warp.o
  CC      stubs/cpu-get-clock.o
  CC      stubs/cpu-get-icount.o
  CC      stubs/dump.o
  CC      stubs/error-printf.o
  CC      stubs/fdset.o
  CC      stubs/gdbstub.o
  CC      stubs/get-vm-name.o
  CC      stubs/iothread.o
  CC      stubs/iothread-lock.o
  CC      stubs/is-daemonized.o
  CC      stubs/machine-init-done.o
  CC      stubs/migr-blocker.o
  CC      stubs/change-state-handler.o
  CC      stubs/monitor.o
  CC      stubs/notify-event.o
  CC      stubs/qtest.o
  CC      stubs/replay.o
  CC      stubs/runstate-check.o
  CC      stubs/set-fd-handler.o
  CC      stubs/slirp.o
  CC      stubs/sysbus.o
  CC      stubs/trace-control.o
  CC      stubs/uuid.o
  CC      stubs/vm-stop.o
  CC      stubs/vmstate.o
  CC      stubs/qmp_pc_dimm.o
  CC      stubs/target-monitor-defs.o
  CC      stubs/target-get-monitor-def.o
  CC      stubs/pc_madt_cpu_entry.o
  CC      stubs/vmgenid.o
  CC      stubs/xen-common.o
  CC      stubs/xen-hvm.o
  CC      stubs/pci-host-piix.o
  CC      contrib/ivshmem-client/ivshmem-client.o
  CC      contrib/ivshmem-client/main.o
  CC      contrib/ivshmem-server/ivshmem-server.o
  CC      contrib/ivshmem-server/main.o
  CC      qemu-nbd.o
  CC      block.o
  CC      blockjob.o
  CC      qemu-io-cmds.o
  CC      replication.o
  CC      block/raw-format.o
  CC      block/qcow.o
  CC      block/vdi.o
  CC      block/vmdk.o
  CC      block/cloop.o
  CC      block/bochs.o
  CC      block/vpc.o
  CC      block/vvfat.o
  CC      block/dmg.o
  CC      block/qcow2.o
  CC      block/qcow2-refcount.o
  CC      block/qcow2-cluster.o
  CC      block/qcow2-snapshot.o
  CC      block/qcow2-cache.o
  CC      block/qcow2-bitmap.o
  CC      block/qed.o
  CC      block/qed-l2-cache.o
  CC      block/qed-table.o
  CC      block/qed-cluster.o
  CC      block/qed-check.o
  CC      block/vhdx.o
  CC      block/vhdx-endian.o
  CC      block/vhdx-log.o
  CC      block/quorum.o
  CC      block/parallels.o
  CC      block/blkdebug.o
  CC      block/blkverify.o
  CC      block/blkreplay.o
  CC      block/block-backend.o
  CC      block/snapshot.o
  CC      block/qapi.o
  CC      block/file-posix.o
  CC      block/null.o
  CC      block/mirror.o
  CC      block/commit.o
  CC      block/io.o
  CC      block/throttle-groups.o
  CC      block/nbd.o
  CC      block/nbd-client.o
  CC      block/sheepdog.o
  CC      block/accounting.o
  CC      block/dirty-bitmap.o
  CC      block/write-threshold.o
  CC      block/backup.o
  CC      block/replication.o
  CC      block/throttle.o
  CC      block/crypto.o
  CC      nbd/server.o
  CC      nbd/client.o
  CC      nbd/common.o
  CC      scsi/utils.o
  CC      scsi/pr-manager.o
  CC      scsi/pr-manager-helper.o
  CC      block/dmg-bz2.o
  CC      crypto/init.o
  CC      crypto/hash.o
  CC      crypto/hash-glib.o
  CC      crypto/hmac.o
  CC      crypto/hmac-glib.o
  CC      crypto/aes.o
  CC      crypto/desrfb.o
  CC      crypto/cipher.o
  CC      crypto/tlscreds.o
  CC      crypto/tlscredsanon.o
  CC      crypto/tlscredsx509.o
  CC      crypto/tlssession.o
  CC      crypto/secret.o
  CC      crypto/random-platform.o
  CC      crypto/pbkdf.o
  CC      crypto/ivgen.o
  CC      crypto/ivgen-essiv.o
  CC      crypto/ivgen-plain.o
  CC      crypto/ivgen-plain64.o
  CC      crypto/afsplit.o
  CC      crypto/xts.o
  CC      crypto/block.o
  CC      crypto/block-qcow.o
  CC      crypto/block-luks.o
  CC      io/channel.o
  CC      io/channel-buffer.o
  CC      io/channel-command.o
  CC      io/channel-file.o
  CC      io/channel-socket.o
  CC      io/channel-tls.o
  CC      io/channel-watch.o
  CC      io/channel-websock.o
  CC      io/channel-util.o
  CC      io/dns-resolver.o
  CC      io/task.o
  CC      qom/object.o
  CC      qom/container.o
  CC      qom/qom-qobject.o
  CC      qom/object_interfaces.o
  GEN     qemu-img-cmds.h
  CC      qemu-io.o
  CC      scsi/qemu-pr-helper.o
  CC      qemu-bridge-helper.o
  CC      blockdev.o
  CC      blockdev-nbd.o
  CC      bootdevice.o
  CC      iothread.o
  CC      qdev-monitor.o
  CC      device-hotplug.o
  CC      os-posix.o
  CC      bt-host.o
  CC      bt-vhci.o
  CC      dma-helpers.o
  CC      vl.o
  CC      tpm.o
  CC      device_tree.o
  CC      qmp-marshal.o
  CC      qmp.o
  CC      hmp.o
  CC      cpus-common.o
  CC      audio/audio.o
  CC      audio/noaudio.o
  CC      audio/wavaudio.o
  CC      audio/mixeng.o
  CC      audio/sdlaudio.o
  CC      audio/ossaudio.o
  CC      audio/spiceaudio.o
  CC      audio/wavcapture.o
  CC      backends/rng.o
  CC      backends/rng-egd.o
  CC      backends/rng-random.o
  CC      backends/tpm.o
  CC      backends/hostmem.o
  CC      backends/hostmem-ram.o
  CC      backends/hostmem-file.o
  CC      backends/cryptodev.o
  CC      backends/cryptodev-builtin.o
  CC      chardev/msmouse.o
  CC      block/stream.o
  CC      chardev/wctablet.o
  CC      chardev/testdev.o
  CC      chardev/spice.o
  CC      disas/arm.o
  CC      disas/i386.o
  CC      fsdev/qemu-fsdev-dummy.o
  CC      fsdev/qemu-fsdev-opts.o
  CC      fsdev/qemu-fsdev-throttle.o
  CC      hw/acpi/core.o
  CC      hw/acpi/piix4.o
  CC      hw/acpi/pcihp.o
  CC      hw/acpi/ich9.o
  CC      hw/acpi/tco.o
  CC      hw/acpi/cpu_hotplug.o
  CC      hw/acpi/memory_hotplug.o
  CC      hw/acpi/cpu.o
  CC      hw/acpi/nvdimm.o
  CC      hw/acpi/vmgenid.o
  CC      hw/acpi/acpi_interface.o
  CC      hw/acpi/bios-linker-loader.o
  CC      hw/acpi/aml-build.o
  CC      hw/acpi/ipmi.o
  CC      hw/acpi/acpi-stub.o
  CC      hw/acpi/ipmi-stub.o
  CC      hw/audio/sb16.o
  CC      hw/audio/es1370.o
  CC      hw/audio/ac97.o
  CC      hw/audio/fmopl.o
  CC      hw/audio/adlib.o
  CC      hw/audio/gus.o
  CC      hw/audio/gusemu_hal.o
  CC      hw/audio/gusemu_mixer.o
  CC      hw/audio/cs4231a.o
  CC      hw/audio/intel-hda.o
  CC      hw/audio/hda-codec.o
  CC      hw/audio/pcspk.o
  CC      hw/audio/wm8750.o
  CC      hw/audio/pl041.o
  CC      hw/audio/lm4549.o
  CC      hw/audio/marvell_88w8618.o
  CC      hw/audio/soundhw.o
  CC      hw/block/block.o
  CC      hw/block/cdrom.o
  CC      hw/block/hd-geometry.o
  CC      hw/block/fdc.o
  CC      hw/block/m25p80.o
  CC      hw/block/nand.o
  CC      hw/block/pflash_cfi01.o
  CC      hw/block/pflash_cfi02.o
  CC      hw/block/xen_disk.o
  CC      hw/block/ecc.o
  CC      hw/block/onenand.o
  CC      hw/block/nvme.o
  CC      hw/bt/core.o
  CC      hw/bt/l2cap.o
  CC      hw/bt/sdp.o
  CC      hw/bt/hci.o
  CC      hw/bt/hid.o
  CC      hw/bt/hci-csr.o
  CC      hw/char/ipoctal232.o
  CC      hw/char/parallel.o
  CC      hw/char/pl011.o
  CC      hw/char/serial.o
  CC      hw/char/serial-isa.o
  CC      hw/char/serial-pci.o
  CC      hw/char/virtio-console.o
  CC      hw/char/xen_console.o
  CC      hw/char/cadence_uart.o
  CC      hw/char/cmsdk-apb-uart.o
  CC      hw/char/debugcon.o
  CC      hw/char/imx_serial.o
  CC      hw/core/qdev.o
  CC      hw/core/qdev-properties.o
  CC      hw/core/bus.o
  CC      hw/core/reset.o
  CC      hw/core/fw-path-provider.o
  CC      hw/core/irq.o
  CC      hw/core/hotplug.o
  CC      hw/core/nmi.o
  CC      hw/core/ptimer.o
  CC      hw/core/sysbus.o
  CC      hw/core/machine.o
  CC      hw/core/loader.o
  CC      hw/core/qdev-properties-system.o
  CC      hw/core/register.o
  CC      hw/core/or-irq.o
  CC      hw/core/platform-bus.o
  CC      hw/cpu/core.o
  CC      hw/display/ads7846.o
  CC      hw/display/cirrus_vga.o
  CC      hw/display/pl110.o
  CC      hw/display/ssd0303.o
  CC      hw/display/ssd0323.o
  CC      hw/display/xenfb.o
  CC      hw/display/vga-pci.o
  CC      hw/display/vga-isa.o
  CC      hw/display/vmware_vga.o
  CC      hw/display/blizzard.o
  CC      hw/display/exynos4210_fimd.o
  CC      hw/display/framebuffer.o
  CC      hw/display/tc6393xb.o
  CC      hw/display/qxl.o
  CC      hw/display/qxl-logger.o
  CC      hw/display/qxl-render.o
  CC      hw/dma/pl080.o
  CC      hw/dma/pl330.o
  CC      hw/dma/i8257.o
  CC      hw/dma/xlnx-zynq-devcfg.o
  CC      hw/gpio/max7310.o
  CC      hw/gpio/pl061.o
  CC      hw/gpio/zaurus.o
  CC      hw/gpio/gpio_key.o
  CC      hw/i2c/core.o
  CC      hw/i2c/smbus_eeprom.o
  CC      hw/i2c/smbus.o
  CC      hw/i2c/i2c-ddc.o
  CC      hw/i2c/versatile_i2c.o
  CC      hw/i2c/smbus_ich9.o
  CC      hw/i2c/pm_smbus.o
  CC      hw/i2c/bitbang_i2c.o
  CC      hw/i2c/exynos4210_i2c.o
  CC      hw/i2c/imx_i2c.o
  CC      hw/i2c/aspeed_i2c.o
  CC      hw/ide/core.o
  CC      hw/ide/atapi.o
  CC      hw/ide/qdev.o
  CC      hw/ide/pci.o
  CC      hw/ide/isa.o
  CC      hw/ide/piix.o
  CC      hw/ide/microdrive.o
  CC      hw/ide/ahci.o
  CC      hw/input/hid.o
  CC      hw/ide/ich.o
  CC      hw/input/lm832x.o
  CC      hw/input/pckbd.o
  CC      hw/input/pl050.o
  CC      hw/input/ps2.o
  CC      hw/input/stellaris_input.o
  CC      hw/input/tsc2005.o
  CC      hw/input/vmmouse.o
  CC      hw/input/virtio-input.o
  CC      hw/input/virtio-input-hid.o
  CC      hw/input/virtio-input-host.o
  CC      hw/intc/i8259_common.o
  CC      hw/intc/i8259.o
  CC      hw/intc/pl190.o
  CC      hw/intc/imx_avic.o
  CC      hw/intc/realview_gic.o
  CC      hw/intc/ioapic_common.o
  CC      hw/intc/arm_gic_common.o
  CC      hw/intc/arm_gic.o
  CC      hw/intc/arm_gicv2m.o
  CC      hw/intc/arm_gicv3_common.o
  CC      hw/intc/arm_gicv3.o
  CC      hw/intc/arm_gicv3_dist.o
  CC      hw/intc/arm_gicv3_redist.o
  CC      hw/intc/arm_gicv3_its_common.o
  CC      hw/intc/intc.o
  CC      hw/ipack/ipack.o
  CC      hw/ipack/tpci200.o
  CC      hw/ipmi/ipmi.o
  CC      hw/ipmi/ipmi_bmc_sim.o
  CC      hw/ipmi/ipmi_bmc_extern.o
  CC      hw/ipmi/isa_ipmi_kcs.o
  CC      hw/ipmi/isa_ipmi_bt.o
  CC      hw/isa/isa-bus.o
  CC      hw/isa/apm.o
  CC      hw/mem/pc-dimm.o
  CC      hw/mem/nvdimm.o
  CC      hw/misc/applesmc.o
  CC      hw/misc/max111x.o
  CC      hw/misc/tmp105.o
  CC      hw/misc/tmp421.o
  CC      hw/misc/debugexit.o
  CC      hw/misc/sga.o
  CC      hw/misc/pc-testdev.o
  CC      hw/misc/pci-testdev.o
  CC      hw/misc/edu.o
  CC      hw/misc/unimp.o
  CC      hw/misc/arm_l2x0.o
  CC      hw/misc/arm_integrator_debug.o
  CC      hw/misc/a9scu.o
  CC      hw/misc/arm11scu.o
  CC      hw/net/xen_nic.o
  CC      hw/net/ne2000.o
  CC      hw/net/eepro100.o
  CC      hw/net/pcnet-pci.o
  CC      hw/net/pcnet.o
  CC      hw/net/e1000.o
  CC      hw/net/e1000x_common.o
  CC      hw/net/net_tx_pkt.o
  CC      hw/net/net_rx_pkt.o
  CC      hw/net/e1000e.o
  CC      hw/net/e1000e_core.o
  CC      hw/net/rtl8139.o
  CC      hw/net/vmxnet3.o
  CC      hw/net/smc91c111.o
  CC      hw/net/lan9118.o
  CC      hw/net/ne2000-isa.o
  CC      hw/net/xgmac.o
  CC      hw/net/allwinner_emac.o
  CC      hw/net/imx_fec.o
  CC      hw/net/cadence_gem.o
  CC      hw/net/stellaris_enet.o
  CC      hw/net/ftgmac100.o
  CC      hw/net/rocker/rocker.o
  CC      hw/net/rocker/rocker_fp.o
  CC      hw/net/rocker/rocker_desc.o
  CC      hw/net/rocker/rocker_world.o
  CC      hw/net/rocker/rocker_of_dpa.o
  CC      hw/nvram/eeprom93xx.o
  CC      hw/nvram/fw_cfg.o
  CC      hw/nvram/chrp_nvram.o
  CC      hw/pci-bridge/pci_bridge_dev.o
  CC      hw/pci-bridge/pcie_pci_bridge.o
  CC      hw/pci-bridge/pcie_root_port.o
  CC      hw/pci-bridge/gen_pcie_root_port.o
  CC      hw/pci-bridge/pci_expander_bridge.o
  CC      hw/pci-bridge/xio3130_upstream.o
  CC      hw/pci-bridge/xio3130_downstream.o
  CC      hw/pci-bridge/ioh3420.o
  CC      hw/pci-bridge/i82801b11.o
  CC      hw/pci-host/pam.o
  CC      hw/pci-host/versatile.o
  CC      hw/pci-host/q35.o
  CC      hw/pci-host/piix.o
  CC      hw/pci-host/gpex.o
  CC      hw/pci/pci.o
  CC      hw/pci/pci_bridge.o
  CC      hw/pci/msix.o
  CC      hw/pci/msi.o
  CC      hw/pci/shpc.o
  CC      hw/pci/slotid_cap.o
  CC      hw/pci/pci_host.o
  CC      hw/pci/pcie_host.o
  CC      hw/pci/pcie.o
  CC      hw/pci/pcie_aer.o
  CC      hw/pci/pcie_port.o
  CC      hw/pci/pci-stub.o
  CC      hw/pcmcia/pcmcia.o
  CC      hw/scsi/scsi-disk.o
  CC      hw/scsi/scsi-generic.o
  CC      hw/scsi/scsi-bus.o
  CC      hw/scsi/lsi53c895a.o
  CC      hw/scsi/mptsas.o
  CC      hw/scsi/mptconfig.o
  CC      hw/scsi/mptendian.o
  CC      hw/scsi/megasas.o
  CC      hw/scsi/vmw_pvscsi.o
  CC      hw/scsi/esp.o
  CC      hw/scsi/esp-pci.o
  CC      hw/sd/pl181.o
  CC      hw/sd/ssi-sd.o
  CC      hw/sd/sd.o
  CC      hw/sd/core.o
  CC      hw/sd/sdhci.o
  CC      hw/smbios/smbios.o
  CC      hw/smbios/smbios_type_38.o
  CC      hw/smbios/smbios-stub.o
  CC      hw/smbios/smbios_type_38-stub.o
  CC      hw/ssi/pl022.o
  CC      hw/ssi/ssi.o
  CC      hw/ssi/xilinx_spips.o
  CC      hw/ssi/aspeed_smc.o
  CC      hw/ssi/stm32f2xx_spi.o
  CC      hw/ssi/mss-spi.o
  CC      hw/timer/arm_timer.o
  CC      hw/timer/arm_mptimer.o
  CC      hw/timer/armv7m_systick.o
  CC      hw/timer/a9gtimer.o
  CC      hw/timer/cadence_ttc.o
  CC      hw/timer/ds1338.o
  CC      hw/timer/hpet.o
  CC      hw/timer/i8254_common.o
  CC      hw/timer/i8254.o
  CC      hw/timer/pl031.o
  CC      hw/timer/twl92230.o
  CC      hw/timer/imx_epit.o
  CC      hw/timer/imx_gpt.o
  CC      hw/timer/stm32f2xx_timer.o
  CC      hw/timer/aspeed_timer.o
  CC      hw/timer/cmsdk-apb-timer.o
  CC      hw/timer/mss-timer.o
  CC      hw/tpm/tpm_tis.o
  CC      hw/tpm/tpm_crb.o
  CC      hw/tpm/tpm_passthrough.o
  CC      hw/tpm/tpm_util.o
/tmp/qemu-test/src/hw/tpm/tpm_crb.c: In function 'tpm_crb_reset':
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:205: error: unknown field 'intf_id_bits' specified in initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:206: error: unknown field 'type' specified in initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:207: error: unknown field 'version' specified in initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:207: warning: excess elements in union initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:207: warning: (near initialization for '(anonymous).<anonymous>')
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:208: error: unknown field 'cap_locality' specified in initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:208: warning: excess elements in union initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:208: warning: (near initialization for '(anonymous).<anonymous>')
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:209: error: unknown field 'cap_crb_idle_bypass' specified in initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:209: warning: excess elements in union initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:209: warning: (near initialization for '(anonymous).<anonymous>')
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:210: error: unknown field 'cap_data_xfer_size_support' specified in initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:210: warning: excess elements in union initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:210: warning: (near initialization for '(anonymous).<anonymous>')
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:211: error: unknown field 'cap_fifo' specified in initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:211: warning: excess elements in union initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:211: warning: (near initialization for '(anonymous).<anonymous>')
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:212: error: unknown field 'cap_crb' specified in initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:212: warning: excess elements in union initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:212: warning: (near initialization for '(anonymous).<anonymous>')
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:213: error: unknown field 'cap_if_res' specified in initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:213: warning: excess elements in union initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:213: warning: (near initialization for '(anonymous).<anonymous>')
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:214: error: unknown field 'if_selector' specified in initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:214: warning: excess elements in union initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:214: warning: (near initialization for '(anonymous).<anonymous>')
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:215: error: unknown field 'if_selector_lock' specified in initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:215: warning: excess elements in union initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:215: warning: (near initialization for '(anonymous).<anonymous>')
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:216: error: unknown field 'rid' specified in initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:216: warning: excess elements in union initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:216: warning: (near initialization for '(anonymous).<anonymous>')
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:217: error: unknown field 'vid' specified in initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:217: warning: excess elements in union initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:217: warning: (near initialization for '(anonymous).<anonymous>')
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:218: error: unknown field 'did' specified in initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:218: warning: excess elements in union initializer
/tmp/qemu-test/src/hw/tpm/tpm_crb.c:218: warning: (near initialization for '(anonymous).<anonymous>')
make: *** [hw/tpm/tpm_crb.o] Error 1
make: *** Waiting for unfinished jobs....
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 385, in <module>
    sys.exit(main())
  File "./tests/docker/docker.py", line 382, in main
    return args.cmdobj.run(args, argv)
  File "./tests/docker/docker.py", line 239, in run
    return Docker().run(argv, args.keep, quiet=args.quiet)
  File "./tests/docker/docker.py", line 207, in run
    quiet=quiet)
  File "./tests/docker/docker.py", line 125, in _do_check
    return subprocess.check_call(self._command + cmd, **kwargs)
  File "/usr/lib64/python2.7/subprocess.py", line 186, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['docker', 'run', '--label', 'com.qemu.instance.uuid=d69319c4ad4911e7bbb952540069c830', '-u', '0', '-t', '--security-opt', 'seccomp=unconfined', '--rm', '--net=none', '-e', 'TARGET_LIST=', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=8', '-e', 'DEBUG=', '-e', 'SHOW_ENV=1', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', '/root/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', '/var/tmp/patchew-tester-tmp-0efrn1fp/src/docker-src.2017-10-09-19.30.27.26521:/var/tmp/qemu:z,ro', 'qemu:centos6', '/var/tmp/qemu/run', 'test-quick']' returned non-zero exit status 2
make[1]: *** [tests/docker/Makefile.include:129: docker-run] Error 1
make[1]: Leaving directory '/var/tmp/patchew-tester-tmp-0efrn1fp/src'
make: *** [tests/docker/Makefile.include:161: docker-run-test-quick@centos6] Error 2

real	2m24.250s
user	0m1.607s
sys	0m1.680s
=== OUTPUT END ===

Test command exited with code: 2


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@freelists.org

Re: [Qemu-devel] [PATCH 00/42] TPM: code cleanup & CRB device

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> Hi,
>
> I accumulated a series of patch doing some TPM code cleanup while
> doing review. I removed some dead code, simplified other parts, and
> tried to isolate implementation of the backend and frontend by using a
> new TPMIf interface. I solved a few issues, and added some FIXME for
> what should be tackled.  Finally, I implemented a simple CRB device
> (tpm 2.0) that is work in progress for now - it works fine with
> passthrough, but swtpm/libtpms with win10 has some issues that need
> more investigations.

You are using the swtpm with --tpm2, right? And I suppose you are using 
the tpm2-preview.rev146 branch of libtpms. What are the symptoms?

Most of this series looks good to me. I'll go over it again and will add 
my Reviewed-by. It seems to have some build problems, though.

For libtpms + swtpm the biggest challenge is supporting state migration, 
especially with TPM2. I have that working on the swtpm level in form of 
test cases and also with the old CUSE TPM support in QEMU + libvirt 
mgmt. stack with CUSE support. So ideally we would get to that point as 
well with the QEMU TPM emulator device to make sure suspend/resume, 
snapshotting, and migration work. libtpms 0.6 should have TPM 2 code and 
ideally swtpm 0.1 would support TPM 2 as well.

    Regards,
        Stefan

>
> seabios CRB support is required for TPM 2.0 & emulation
> (https://mail.coreboot.org/pipermail/seabios/2017-October/011839.html)
>
> Comments/review welcome!
>
> Based-on: <1507222112-20315-1-git-send-email-stefanb@linux.vnet.ibm.com>
>
> Marc-André Lureau (42):
>    tpm-tis: remove unused hw_access argument
>    tpm-tis: remove RAISE_STS_IRQ
>    tpm: make tpm_get_backend_driver() static
>    tpm: lookup tpm backend class in tpm_driver_find_by_type()
>    tpm: replace tpm_get_backend_driver() to drop be_drivers
>    tpm: remove tpm_register_driver()
>    tpm: move TPMSizedBuffer to tpm_tis.h
>    tpm: remove TPMDriverOps
>    tpm: remove init() class method
>    tpm: remove configure_tpm() hop
>    tpm: remove unused TPMBackendCmd
>    tpm: remove needless cast
>    tpm: remove locty argument from receive_cb
>    tpm: add TPMBackendCmd to hold the request state
>    tpm-emulator: fix error handling
>    tpm: remove locty_data from TPMState
>    tpm-tis: move TPMState to TIS header
>    tpm-tis: remove tpm_tis.h header
>    tpm-tis: fold TPMTISEmuState in TPMState
>    tpm: add a QOM TPM interface
>    tpm: move recv_data_callback to TPM interface
>    tpm-backend: store TPMIf interface, improve backend_init()
>    tpm-tis: no longer expose TPMState
>    tpm-be: call request_completed() out of thread
>    tpm-be: report error instead of front-end
>    tpm-be: ask model to the TPM interface
>    tpm: remove unused opened code
>    tpm-passthrough: don't save guessed cancel_path in options
>    tpm-be: update optional function pointers
>    tpm-passthrough: pass TPMPassthruState to handle_device_opts
>    tpm-backend: move set 'id' to common code
>    tpm-passthrough: make it safer to destroy after creation
>    tpm-passthrough: remove error cleanup from handle_device_opts
>    tpm-passthrough: workaround a possible race
>    tpm-tis: simplify header inclusion
>    tpm: rename qemu_find_tpm() -> qemu_find_tpm_be()
>    tpm: lookup the the TPM interface instead of TIS device
>    tpm: add TPM interface to lookup TPM version
>    tpm: add tpm_cmd_get_size() to tpm_util
>    acpi: change TPM TIS data conditions
>    tpm-emulator: add a FIXME comment about blocking cancel
>    WIP: add TPM CRB device
>
>   qapi/tpm.json                      |   7 +-
>   hw/tpm/tpm_int.h                   |  25 +-
>   hw/tpm/tpm_tis.h                   |  70 ------
>   hw/tpm/tpm_util.h                  |   8 +-
>   include/hw/acpi/tpm.h              |  65 +++++
>   include/sysemu/tpm.h               |  59 +++--
>   include/sysemu/tpm_backend.h       |  70 ++----
>   backends/tpm.c                     | 121 ++++-----
>   hw/i386/acpi-build.c               |  33 ++-
>   hw/tpm/tpm_crb.c                   | 320 ++++++++++++++++++++++++
>   hw/tpm/tpm_emulator.c              |  95 +++----
>   hw/tpm/tpm_passthrough.c           | 114 +++------
>   hw/tpm/tpm_tis.c                   | 499 +++++++++++++++++++------------------
>   hw/tpm/tpm_util.c                  |   1 +
>   tpm.c                              |  63 ++---
>   default-configs/i386-softmmu.mak   |   1 +
>   default-configs/x86_64-softmmu.mak |   1 +
>   hw/tpm/Makefile.objs               |   1 +
>   scripts/checkpatch.pl              |   1 -
>   19 files changed, 899 insertions(+), 655 deletions(-)
>   delete mode 100644 hw/tpm/tpm_tis.h
>   create mode 100644 hw/tpm/tpm_crb.c
>

Re: [Qemu-devel] [PATCH 01/42] tpm-tis: remove unused hw_access argument

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> This argument is always false, simplify the code.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>



> ---
>   hw/tpm/tpm_tis.c | 13 +++----------
>   1 file changed, 3 insertions(+), 10 deletions(-)
>
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index d5118e7f60..a9e9cbdeb2 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -615,9 +615,8 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
>    * Write a value to a register of the TIS interface
>    * See specs pages 33-63 for description of the registers
>    */
> -static void tpm_tis_mmio_write_intern(void *opaque, hwaddr addr,
> -                                      uint64_t val, unsigned size,
> -                                      bool hw_access)
> +static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
> +                               uint64_t val, unsigned size)
>   {
>       TPMState *s = opaque;
>       TPMTISEmuState *tis = &s->s.tis;
> @@ -631,7 +630,7 @@ static void tpm_tis_mmio_write_intern(void *opaque, hwaddr addr,
>
>       DPRINTF("tpm_tis: write.%u(%08x) = %08x\n", size, (int)addr, (int)val);
>
> -    if (locty == 4 && !hw_access) {
> +    if (locty == 4) {
>           DPRINTF("tpm_tis: Access to locality 4 only allowed from hardware\n");
>           return;
>       }
> @@ -942,12 +941,6 @@ static void tpm_tis_mmio_write_intern(void *opaque, hwaddr addr,
>       }
>   }
>
> -static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
> -                               uint64_t val, unsigned size)
> -{
> -    tpm_tis_mmio_write_intern(opaque, addr, val, size, false);
> -}
> -
>   static const MemoryRegionOps tpm_tis_memory_ops = {
>       .read = tpm_tis_mmio_read,
>       .write = tpm_tis_mmio_write,

Re: [Qemu-devel] [PATCH 02/42] tpm-tis: remove RAISE_STS_IRQ

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> This look like temporary hacking code. It shouldn't be necessary in
> release code, or there should be a runtime option for it.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   hw/tpm/tpm_tis.c | 24 +-----------------------
>   1 file changed, 1 insertion(+), 23 deletions(-)
>
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index a9e9cbdeb2..c54dac32de 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -43,9 +43,6 @@
>       } \
>   } while (0);
>
> -/* whether the STS interrupt is supported */
> -#define RAISE_STS_IRQ
> -
>   /* tis registers */
>   #define TPM_TIS_REG_ACCESS                0x00
>   #define TPM_TIS_REG_INT_ENABLE            0x08
> @@ -98,21 +95,11 @@
>   #define TPM_TIS_INT_POLARITY_MASK         (3 << 3)
>   #define TPM_TIS_INT_POLARITY_LOW_LEVEL    (1 << 3)
>
> -#ifndef RAISE_STS_IRQ
> -
> -#define TPM_TIS_INTERRUPTS_SUPPORTED (TPM_TIS_INT_LOCALITY_CHANGED | \
> -                                      TPM_TIS_INT_DATA_AVAILABLE   | \
> -                                      TPM_TIS_INT_COMMAND_READY)
> -
> -#else
> -
>   #define TPM_TIS_INTERRUPTS_SUPPORTED (TPM_TIS_INT_LOCALITY_CHANGED | \
>                                         TPM_TIS_INT_DATA_AVAILABLE   | \
>                                         TPM_TIS_INT_STS_VALID | \
>                                         TPM_TIS_INT_COMMAND_READY)
>
> -#endif
> -
>   #define TPM_TIS_CAP_INTERFACE_VERSION1_3 (2 << 28)
>   #define TPM_TIS_CAP_INTERFACE_VERSION1_3_FOR_TPM2_0 (3 << 28)
>   #define TPM_TIS_CAP_DATA_TRANSFER_64B    (3 << 9)
> @@ -377,12 +364,8 @@ static void tpm_tis_receive_bh(void *opaque)
>           tpm_tis_abort(s, locty);
>       }
>
> -#ifndef RAISE_STS_IRQ
> -    tpm_tis_raise_irq(s, locty, TPM_TIS_INT_DATA_AVAILABLE);
> -#else
>       tpm_tis_raise_irq(s, locty,
>                         TPM_TIS_INT_DATA_AVAILABLE | TPM_TIS_INT_STS_VALID);
> -#endif
>   }
>
>   /*
> @@ -421,9 +404,7 @@ static uint32_t tpm_tis_data_read(TPMState *s, uint8_t locty)
>           if (tis->loc[locty].r_offset >= len) {
>               /* got last byte */
>               tpm_tis_sts_set(&tis->loc[locty], TPM_TIS_STS_VALID);
> -#ifdef RAISE_STS_IRQ
>               tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID);
> -#endif
>           }
>           DPRINTF("tpm_tis: tpm_tis_data_read byte 0x%02x   [%d]\n",
>                   ret, tis->loc[locty].r_offset-1);
> @@ -912,9 +893,8 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>               if (tis->loc[locty].w_offset > 5 &&
>                   (tis->loc[locty].sts & TPM_TIS_STS_EXPECT)) {
>                   /* we have a packet length - see if we have all of it */
> -#ifdef RAISE_STS_IRQ
>                   bool need_irq = !(tis->loc[locty].sts & TPM_TIS_STS_VALID);
> -#endif
> +
>                   len = tpm_tis_get_size_from_buffer(&tis->loc[locty].w_buffer);
>                   if (len > tis->loc[locty].w_offset) {
>                       tpm_tis_sts_set(&tis->loc[locty],
> @@ -923,11 +903,9 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>                       /* packet complete */
>                       tpm_tis_sts_set(&tis->loc[locty], TPM_TIS_STS_VALID);
>                   }
> -#ifdef RAISE_STS_IRQ
>                   if (need_irq) {
>                       tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID);
>                   }
> -#endif
>               }
>           }
>           break;

Re: [Qemu-devel] [PATCH 03/42] tpm: make tpm_get_backend_driver() static

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> No need to export the function.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>


> ---
>   include/sysemu/tpm_backend.h | 1 -
>   tpm.c                        | 2 +-
>   2 files changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
> index 2c798a1eb4..c6e5637f68 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -215,7 +215,6 @@ TPMInfo *tpm_backend_query_tpm(TPMBackend *s);
>
>   TPMBackend *qemu_find_tpm(const char *id);
>
> -const TPMDriverOps *tpm_get_backend_driver(const char *type);
>   void tpm_register_model(enum TpmModel model);
>   void tpm_register_driver(const TPMDriverOps *tdo);
>
> diff --git a/tpm.c b/tpm.c
> index 3122227156..bc7d7470a8 100644
> --- a/tpm.c
> +++ b/tpm.c
> @@ -31,7 +31,7 @@ void tpm_register_model(enum TpmModel model)
>       tpm_models[model] = true;
>   }
>
> -const TPMDriverOps *tpm_get_backend_driver(const char *type)
> +static const TPMDriverOps *tpm_get_backend_driver(const char *type)
>   {
>       int i = qapi_enum_parse(&TpmType_lookup, type, -1, NULL);
>

Re: [Qemu-devel] [PATCH 04/42] tpm: lookup tpm backend class in tpm_driver_find_by_type()

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> One step towards removing TPMDriverOps and driver registration.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>


> ---
>   tpm.c | 29 +++++++++++++++++++++--------
>   1 file changed, 21 insertions(+), 8 deletions(-)
>
> diff --git a/tpm.c b/tpm.c
> index bc7d7470a8..04de8da5fd 100644
> --- a/tpm.c
> +++ b/tpm.c
> @@ -47,6 +47,24 @@ void tpm_register_driver(const TPMDriverOps *tdo)
>       be_drivers[tdo->type] = tdo;
>   }
>
> +static const TPMDriverOps *
> +tpm_driver_find_by_type(enum TpmType type)
> +{
> +    ObjectClass *oc;
> +    TPMBackendClass *bc;
> +    char *typename = g_strdup_printf("tpm-%s", TpmType_str(type));
> +
> +    oc = object_class_by_name(typename);
> +    g_free(typename);
> +
> +    if (!object_class_dynamic_cast(oc, TYPE_TPM_BACKEND)) {
> +        return NULL;
> +    }
> +
> +    bc = TPM_BACKEND_CLASS(oc);
> +    return bc->ops;
> +}
> +
>   /*
>    * Walk the list of available TPM backend drivers and display them on the
>    * screen.
> @@ -58,11 +76,11 @@ static void tpm_display_backend_drivers(void)
>       fprintf(stderr, "Supported TPM types (choose only one):\n");
>
>       for (i = 0; i < TPM_TYPE__MAX; i++) {
> -        if (be_drivers[i] == NULL) {
> +        const TPMDriverOps *ops = tpm_driver_find_by_type(i);
> +        if (!ops) {
>               continue;
>           }
> -        fprintf(stderr, "%12s   %s\n",
> -                TpmType_str(i), be_drivers[i]->desc);
> +        fprintf(stderr, "%12s   %s\n", TpmType_str(i), ops->desc);
>       }
>       fprintf(stderr, "\n");
>   }
> @@ -196,11 +214,6 @@ int tpm_config_parse(QemuOptsList *opts_list, const char *optarg)
>
>   #endif /* CONFIG_TPM */
>
> -static const TPMDriverOps *tpm_driver_find_by_type(enum TpmType type)
> -{
> -    return be_drivers[type];
> -}
> -
>   /*
>    * Walk the list of active TPM backends and collect information about them
>    * following the schema description in qapi-schema.json.

Re: [Qemu-devel] [PATCH 05/42] tpm: replace tpm_get_backend_driver() to drop be_drivers

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> Use tpm_driver_find_by_type() instead.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>


> ---
>   tpm.c | 11 +++--------
>   1 file changed, 3 insertions(+), 8 deletions(-)
>
> diff --git a/tpm.c b/tpm.c
> index 04de8da5fd..ad2ed6a0da 100644
> --- a/tpm.c
> +++ b/tpm.c
> @@ -31,13 +31,6 @@ void tpm_register_model(enum TpmModel model)
>       tpm_models[model] = true;
>   }
>   
> -static const TPMDriverOps *tpm_get_backend_driver(const char *type)
> -{
> -    int i = qapi_enum_parse(&TpmType_lookup, type, -1, NULL);
> -
> -    return i >= 0 ? be_drivers[i] : NULL;
> -}
> -
>   #ifdef CONFIG_TPM
>   
>   void tpm_register_driver(const TPMDriverOps *tdo)
> @@ -110,6 +103,7 @@ static int configure_tpm(QemuOpts *opts)
>       const TPMDriverOps *be;
>       TPMBackend *drv;
>       Error *local_err = NULL;
> +    int i;
>   
>       if (!QLIST_EMPTY(&tpm_backends)) {
>           error_report("Only one TPM is allowed.");
> @@ -129,7 +123,8 @@ static int configure_tpm(QemuOpts *opts)
>           return 1;
>       }
>   
> -    be = tpm_get_backend_driver(value);
> +    i = qapi_enum_parse(&TpmType_lookup, value, -1, NULL);
> +    be = i >= 0 ? tpm_driver_find_by_type(i) : NULL;
>       if (be == NULL) {
>           error_report(QERR_INVALID_PARAMETER_VALUE,
>                        "type", "a TPM backend type");

Re: [Qemu-devel] [PATCH 06/42] tpm: remove tpm_register_driver()

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> No more users of be_drivers[], drop that too.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>


> ---
>   include/sysemu/tpm_backend.h | 1 -
>   hw/tpm/tpm_emulator.c        | 1 -
>   hw/tpm/tpm_passthrough.c     | 1 -
>   tpm.c                        | 8 --------
>   4 files changed, 11 deletions(-)
>
> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
> index c6e5637f68..adb6a68076 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -216,6 +216,5 @@ TPMInfo *tpm_backend_query_tpm(TPMBackend *s);
>   TPMBackend *qemu_find_tpm(const char *id);
>   
>   void tpm_register_model(enum TpmModel model);
> -void tpm_register_driver(const TPMDriverOps *tdo);
>   
>   #endif
> diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> index 5ddd7238d2..9e24a5f30e 100644
> --- a/hw/tpm/tpm_emulator.c
> +++ b/hw/tpm/tpm_emulator.c
> @@ -581,7 +581,6 @@ static const TypeInfo tpm_emulator_info = {
>   static void tpm_emulator_register(void)
>   {
>       type_register_static(&tpm_emulator_info);
> -    tpm_register_driver(&tpm_emulator_driver);
>   }
>   
>   type_init(tpm_emulator_register)
> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> index e6ace28b04..f04eab3e63 100644
> --- a/hw/tpm/tpm_passthrough.c
> +++ b/hw/tpm/tpm_passthrough.c
> @@ -418,7 +418,6 @@ static const TypeInfo tpm_passthrough_info = {
>   static void tpm_passthrough_register(void)
>   {
>       type_register_static(&tpm_passthrough_info);
> -    tpm_register_driver(&tpm_passthrough_driver);
>   }
>   
>   type_init(tpm_passthrough_register)
> diff --git a/tpm.c b/tpm.c
> index ad2ed6a0da..75a589b837 100644
> --- a/tpm.c
> +++ b/tpm.c
> @@ -23,7 +23,6 @@
>   static QLIST_HEAD(, TPMBackend) tpm_backends =
>       QLIST_HEAD_INITIALIZER(tpm_backends);
>   
> -static TPMDriverOps const *be_drivers[TPM_TYPE__MAX];
>   static bool tpm_models[TPM_MODEL__MAX];
>   
>   void tpm_register_model(enum TpmModel model)
> @@ -33,13 +32,6 @@ void tpm_register_model(enum TpmModel model)
>   
>   #ifdef CONFIG_TPM
>   
> -void tpm_register_driver(const TPMDriverOps *tdo)
> -{
> -    assert(!be_drivers[tdo->type]);
> -
> -    be_drivers[tdo->type] = tdo;
> -}
> -
>   static const TPMDriverOps *
>   tpm_driver_find_by_type(enum TpmType type)
>   {

Re: [Qemu-devel] [PATCH 07/42] tpm: move TPMSizedBuffer to tpm_tis.h

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> Close to where it's being used.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>



> ---
>   hw/tpm/tpm_tis.h             | 5 +++++
>   include/sysemu/tpm_backend.h | 5 -----
>   2 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/hw/tpm/tpm_tis.h b/hw/tpm/tpm_tis.h
> index a1df41fa21..31e612a7f4 100644
> --- a/hw/tpm/tpm_tis.h
> +++ b/hw/tpm/tpm_tis.h
> @@ -37,6 +37,11 @@ typedef enum {
>       TPM_TIS_STATE_RECEPTION,
>   } TPMTISState;
>   
> +typedef struct TPMSizedBuffer {
> +    uint32_t size;
> +    uint8_t  *buffer;
> +} TPMSizedBuffer;
> +
>   /* locality data  -- all fields are persisted */
>   typedef struct TPMLocality {
>       TPMTISState state;
> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
> index adb6a68076..63093551a1 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -66,11 +66,6 @@ struct TPMBackendClass {
>       void (*handle_request)(TPMBackend *s, TPMBackendCmd cmd);
>   };
>   
> -typedef struct TPMSizedBuffer {
> -    uint32_t size;
> -    uint8_t  *buffer;
> -} TPMSizedBuffer;
> -
>   struct TPMDriverOps {
>       enum TpmType type;
>       const QemuOptDesc *opts;

Re: [Qemu-devel] [PATCH 08/42] tpm: remove TPMDriverOps

[Valluri, Amarnath]

On Tue, 2017-10-10 at 00:55 +0200, Marc-André Lureau wrote:
> Use TPMBackendClass to hold class methods/fields.
> 
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
>  include/sysemu/tpm_backend.h | 15 +++++----------
>  backends/tpm.c               | 31 ++++++++++++++++---------------
>  hw/tpm/tpm_emulator.c        | 29 ++++++++++++-----------------
>  hw/tpm/tpm_passthrough.c     | 25 +++++++++++--------------
>  tpm.c                        | 20 +++++++++-----------
>  scripts/checkpatch.pl        |  1 -
>  6 files changed, 53 insertions(+), 68 deletions(-)
> 
> diff --git a/include/sysemu/tpm_backend.h
> b/include/sysemu/tpm_backend.h
> index 63093551a1..a4288df038 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -29,7 +29,7 @@
>  
>  typedef struct TPMBackendClass TPMBackendClass;
>  typedef struct TPMBackend TPMBackend;
> -typedef struct TPMDriverOps TPMDriverOps;
> +
>  typedef void (TPMRecvDataCB)(TPMState *, uint8_t locty, bool
> selftest_done);
>  
>  typedef enum TPMBackendCmd {
> @@ -59,14 +59,6 @@ struct TPMBackend {
>  struct TPMBackendClass {
>      ObjectClass parent_class;
>  
> -    const TPMDriverOps *ops;
> -
> -    void (*opened)(TPMBackend *s, Error **errp);
> -
> -    void (*handle_request)(TPMBackend *s, TPMBackendCmd cmd);
> -};
> -
> -struct TPMDriverOps {
>      enum TpmType type;
>      const QemuOptDesc *opts;
>      /* get a descriptive text of the backend to display to the user
> */
> @@ -90,8 +82,11 @@ struct TPMDriverOps {
>      TPMVersion (*get_tpm_version)(TPMBackend *t);
>  
>      TpmTypeOptions *(*get_tpm_options)(TPMBackend *t);
> -};
>  
> +    void (*opened)(TPMBackend *s, Error **errp);
> +
> +    void (*handle_request)(TPMBackend *s, TPMBackendCmd cmd);
> +};
>  
>  /**
>   * tpm_backend_get_type:
> diff --git a/backends/tpm.c b/backends/tpm.c
> index 37c84b7c66..ca3a78eea8 100644
> --- a/backends/tpm.c
> +++ b/backends/tpm.c
> @@ -41,7 +41,7 @@ enum TpmType tpm_backend_get_type(TPMBackend *s)
>  {
>      TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
>  
> -    return k->ops->type;
> +    return k->type;
>  }
>  
>  int tpm_backend_init(TPMBackend *s, TPMState *state,
> @@ -53,7 +53,7 @@ int tpm_backend_init(TPMBackend *s, TPMState
> *state,
>      s->recv_data_callback = datacb;
>      s->had_startup_error = false;
>  
> -    return k->ops->init ? k->ops->init(s) : 0;
> +    return k->init ? k->init(s) : 0;
>  }
>  
>  int tpm_backend_startup_tpm(TPMBackend *s)
> @@ -68,7 +68,7 @@ int tpm_backend_startup_tpm(TPMBackend *s)
>                                         NULL);
>      g_thread_pool_push(s->thread_pool,
> (gpointer)TPM_BACKEND_CMD_INIT, NULL);
>  
> -    res = k->ops->startup_tpm ? k->ops->startup_tpm(s) : 0;
> +    res = k->startup_tpm ? k->startup_tpm(s) : 0;
>  
>      s->had_startup_error = (res != 0);
>  
> @@ -90,8 +90,8 @@ void tpm_backend_reset(TPMBackend *s)
>  {
>      TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
>  
> -    if (k->ops->reset) {
> -        k->ops->reset(s);
> +    if (k->reset) {
> +        k->reset(s);
>      }
>  
>      tpm_backend_thread_end(s);
> @@ -103,34 +103,34 @@ void tpm_backend_cancel_cmd(TPMBackend *s)
>  {
>      TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
>  
> -    assert(k->ops->cancel_cmd);
> +    assert(k->cancel_cmd);
>  
> -    k->ops->cancel_cmd(s);
> +    k->cancel_cmd(s);
>  }
>  
>  bool tpm_backend_get_tpm_established_flag(TPMBackend *s)
>  {
>      TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
>  
> -    return k->ops->get_tpm_established_flag ?
> -           k->ops->get_tpm_established_flag(s) : false;
> +    return k->get_tpm_established_flag ?
> +           k->get_tpm_established_flag(s) : false;
>  }
>  
>  int tpm_backend_reset_tpm_established_flag(TPMBackend *s, uint8_t
> locty)
>  {
>      TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
>  
> -    return k->ops->reset_tpm_established_flag ?
> -           k->ops->reset_tpm_established_flag(s, locty) : 0;
> +    return k->reset_tpm_established_flag ?
> +           k->reset_tpm_established_flag(s, locty) : 0;
>  }
>  
>  TPMVersion tpm_backend_get_tpm_version(TPMBackend *s)
>  {
>      TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
>  
> -    assert(k->ops->get_tpm_version);
> +    assert(k->get_tpm_version);
>  
> -    return k->ops->get_tpm_version(s);
> +    return k->get_tpm_version(s);
>  }
>  
>  TPMInfo *tpm_backend_query_tpm(TPMBackend *s)
> @@ -140,8 +140,9 @@ TPMInfo *tpm_backend_query_tpm(TPMBackend *s)
>  
>      info->id = g_strdup(s->id);
>      info->model = s->fe_model;
> -    info->options = k->ops->get_tpm_options ?
> -                    k->ops->get_tpm_options(s) : NULL;
> +    if (k->get_tpm_options) {
> +        info->options = k->get_tpm_options(s);
> +    }
>  
>      return info;
>  }
> diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> index 9e24a5f30e..bb5a65b492 100644
> --- a/hw/tpm/tpm_emulator.c
> +++ b/hw/tpm/tpm_emulator.c
> @@ -60,8 +60,6 @@
>  
>  #define TPM_EMULATOR_IMPLEMENTS_ALL_CAPS(S, cap) (((S)->caps &
> (cap)) == (cap))
>  
> -static const TPMDriverOps tpm_emulator_driver;
> -
>  /* data structures */
>  typedef struct TPMEmulator {
>      TPMBackend parent;
> @@ -504,20 +502,6 @@ static const QemuOptDesc
> tpm_emulator_cmdline_opts[] = {
>      { /* end of list */ },
>  };
>  
> -static const TPMDriverOps tpm_emulator_driver = {
> -    .type                     = TPM_TYPE_EMULATOR,
We can remove 'type' from class, and even tpm_backend_get_type() API
also from backend, there are no takers for this.

> -    .opts                     = tpm_emulator_cmdline_opts,
> -    .desc                     = "TPM emulator backend driver",
And i feel, the above two members are better suited for Object members
than Class.

- Amarnath

Re: [Qemu-devel] [PATCH 08/42] tpm: remove TPMDriverOps

[Valluri, Amarnath]

> 
> > 
> > -    .opts                     = tpm_emulator_cmdline_opts,
> > -    .desc                     = "TPM emulator backend driver",
> And i feel, the above two members are better suited for Object
> members than Class.
> 

Please ignore this comment, i was wrong.

- Amarnath

Re: [Qemu-devel] [PATCH 31/42] tpm-backend: move set 'id' to common code

[Valluri, Amarnath]

On Tue, 2017-10-10 at 00:56 +0200, Marc-André Lureau wrote:
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
>  include/sysemu/tpm_backend.h |  2 +-
>  hw/tpm/tpm_emulator.c        | 12 +++---------
>  hw/tpm/tpm_passthrough.c     |  9 +++------
>  tpm.c                        |  3 ++-
>  4 files changed, 9 insertions(+), 17 deletions(-)
> 
> diff --git a/include/sysemu/tpm_backend.h
> b/include/sysemu/tpm_backend.h
> index 594bb50782..881be97ee3 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -64,7 +64,7 @@ struct TPMBackendClass {
>      /* get a descriptive text of the backend to display to the user
> */
>      const char *desc;
>  
> -    TPMBackend *(*create)(QemuOpts *opts, const char *id);
> +    TPMBackend *(*create)(QemuOpts *opts);
>  
>      /* start up the TPM on the backend - optional */
>      int (*startup_tpm)(TPMBackend *t);
> diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> index 36454837b3..315819329b 100644
> --- a/hw/tpm/tpm_emulator.c
> +++ b/hw/tpm/tpm_emulator.c
> @@ -453,22 +453,16 @@ err:
>      return -1;
>  }
>  
> -static TPMBackend *tpm_emulator_create(QemuOpts *opts, const char
> *id)
> +static TPMBackend *tpm_emulator_create(QemuOpts *opts)
>  {
>      TPMBackend *tb = TPM_BACKEND(object_new(TYPE_TPM_EMULATOR));
>  
> -    tb->id = g_strdup(id);
> -
>      if (tpm_emulator_handle_device_opts(TPM_EMULATOR(tb), opts)) {
> -        goto err_exit;
> +        object_unref(OBJECT(tb));
> +        return NULL;
>      }
>  
>      return tb;
> -
> -err_exit:
> -    object_unref(OBJECT(tb));
> -
> -    return NULL;
>  }
>  
>  static TpmTypeOptions *tpm_emulator_get_tpm_options(TPMBackend *tb)
> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> index 9326cbfdc9..7371d50739 100644
> --- a/hw/tpm/tpm_passthrough.c
> +++ b/hw/tpm/tpm_passthrough.c
> @@ -284,13 +284,10 @@
> tpm_passthrough_handle_device_opts(TPMPassthruState *tpm_pt, QemuOpts
> *opts)
>      return 1;
>  }
>  
> -static TPMBackend *tpm_passthrough_create(QemuOpts *opts, const char
> *id)
> +static TPMBackend *tpm_passthrough_create(QemuOpts *opts)
>  {
>      Object *obj = object_new(TYPE_TPM_PASSTHROUGH);
> -    TPMBackend *tb = TPM_BACKEND(obj);
> -    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
> -
> -    tb->id = g_strdup(id);
> +    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(obj);
>  
>      if (tpm_passthrough_handle_device_opts(tpm_pt, opts)) {
>          goto err_exit;
> @@ -301,7 +298,7 @@ static TPMBackend
> *tpm_passthrough_create(QemuOpts *opts, const char *id)
>          goto err_exit;
>      }
>  
> -    return tb;
> +    return TPM_BACKEND(obj);
>  
>  err_exit:
>      object_unref(obj);
> diff --git a/tpm.c b/tpm.c
> index a46ee5f144..37298f3f03 100644
> --- a/tpm.c
> +++ b/tpm.c
> @@ -129,11 +129,12 @@ static int tpm_init_tpmdev(void *dummy,
> QemuOpts *opts, Error **errp)
>          return 1;
>      }
>  
> -    drv = be->create(opts, id);
> +    drv = be->create(opts);
>      if (!drv) {
>          return 1;
>      }
>  
> +    drv->id = g_strdup(id);
I kind of oppose this change, instead what about adding new TPMBackend
api say - TPMBackend* tpm_backend_create(const char *type, const
QemuOpts *opts), that should handle this common code, and returns the
newly instantiated backend object.

- Amarnath

Re: [Qemu-devel] [PATCH 22/42] tpm-backend: store TPMIf interface, improve backend_init()

[Valluri, Amarnath]

On Tue, 2017-10-10 at 00:56 +0200, Marc-André Lureau wrote:
> Store the TPM interface, the actual object may be different from
> TPMState. Keep a reference on the interface, and check the backend
> wasn't already initialized.
> 
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
>  include/sysemu/tpm_backend.h |  7 ++++---
>  backends/tpm.c               | 12 +++++++++---
>  hw/tpm/tpm_emulator.c        |  4 ++--
>  hw/tpm/tpm_passthrough.c     |  4 ++--
>  hw/tpm/tpm_tis.c             |  2 +-
>  5 files changed, 18 insertions(+), 11 deletions(-)
> 
> diff --git a/include/sysemu/tpm_backend.h
> b/include/sysemu/tpm_backend.h
> index 03ea5a3400..8d08765b3c 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -18,6 +18,7 @@
>  #include "qapi-types.h"
>  #include "qemu/option.h"
>  #include "sysemu/tpm.h"
> +#include "hw/tpm/tpm_int.h"
This is not supposed to be internal header?

- Amarnath

Re: [Qemu-devel] [PATCH 31/42] tpm-backend: move set 'id' to common code

[Marc-André Lureau]

Hi

----- Original Message -----
> On Tue, 2017-10-10 at 00:56 +0200, Marc-André Lureau wrote:
> > Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> > ---
> >  include/sysemu/tpm_backend.h |  2 +-
> >  hw/tpm/tpm_emulator.c        | 12 +++---------
> >  hw/tpm/tpm_passthrough.c     |  9 +++------
> >  tpm.c                        |  3 ++-
> >  4 files changed, 9 insertions(+), 17 deletions(-)
> > 
> > diff --git a/include/sysemu/tpm_backend.h
> > b/include/sysemu/tpm_backend.h
> > index 594bb50782..881be97ee3 100644
> > --- a/include/sysemu/tpm_backend.h
> > +++ b/include/sysemu/tpm_backend.h
> > @@ -64,7 +64,7 @@ struct TPMBackendClass {
> >      /* get a descriptive text of the backend to display to the user
> > */
> >      const char *desc;
> >  
> > -    TPMBackend *(*create)(QemuOpts *opts, const char *id);
> > +    TPMBackend *(*create)(QemuOpts *opts);
> >  
> >      /* start up the TPM on the backend - optional */
> >      int (*startup_tpm)(TPMBackend *t);
> > diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> > index 36454837b3..315819329b 100644
> > --- a/hw/tpm/tpm_emulator.c
> > +++ b/hw/tpm/tpm_emulator.c
> > @@ -453,22 +453,16 @@ err:
> >      return -1;
> >  }
> >  
> > -static TPMBackend *tpm_emulator_create(QemuOpts *opts, const char
> > *id)
> > +static TPMBackend *tpm_emulator_create(QemuOpts *opts)
> >  {
> >      TPMBackend *tb = TPM_BACKEND(object_new(TYPE_TPM_EMULATOR));
> >  
> > -    tb->id = g_strdup(id);
> > -
> >      if (tpm_emulator_handle_device_opts(TPM_EMULATOR(tb), opts)) {
> > -        goto err_exit;
> > +        object_unref(OBJECT(tb));
> > +        return NULL;
> >      }
> >  
> >      return tb;
> > -
> > -err_exit:
> > -    object_unref(OBJECT(tb));
> > -
> > -    return NULL;
> >  }
> >  
> >  static TpmTypeOptions *tpm_emulator_get_tpm_options(TPMBackend *tb)
> > diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> > index 9326cbfdc9..7371d50739 100644
> > --- a/hw/tpm/tpm_passthrough.c
> > +++ b/hw/tpm/tpm_passthrough.c
> > @@ -284,13 +284,10 @@
> > tpm_passthrough_handle_device_opts(TPMPassthruState *tpm_pt, QemuOpts
> > *opts)
> >      return 1;
> >  }
> >  
> > -static TPMBackend *tpm_passthrough_create(QemuOpts *opts, const char
> > *id)
> > +static TPMBackend *tpm_passthrough_create(QemuOpts *opts)
> >  {
> >      Object *obj = object_new(TYPE_TPM_PASSTHROUGH);
> > -    TPMBackend *tb = TPM_BACKEND(obj);
> > -    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
> > -
> > -    tb->id = g_strdup(id);
> > +    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(obj);
> >  
> >      if (tpm_passthrough_handle_device_opts(tpm_pt, opts)) {
> >          goto err_exit;
> > @@ -301,7 +298,7 @@ static TPMBackend
> > *tpm_passthrough_create(QemuOpts *opts, const char *id)
> >          goto err_exit;
> >      }
> >  
> > -    return tb;
> > +    return TPM_BACKEND(obj);
> >  
> >  err_exit:
> >      object_unref(obj);
> > diff --git a/tpm.c b/tpm.c
> > index a46ee5f144..37298f3f03 100644
> > --- a/tpm.c
> > +++ b/tpm.c
> > @@ -129,11 +129,12 @@ static int tpm_init_tpmdev(void *dummy,
> > QemuOpts *opts, Error **errp)
> >          return 1;
> >      }
> >  
> > -    drv = be->create(opts, id);
> > +    drv = be->create(opts);
> >      if (!drv) {
> >          return 1;
> >      }
> >  
> > +    drv->id = g_strdup(id);
> I kind of oppose this change, instead what about adding new TPMBackend
> api say - TPMBackend* tpm_backend_create(const char *type, const
> QemuOpts *opts), that should handle this common code, and returns the
> newly instantiated backend object.

That would be a more complicated refactoring than what I propose here, which is basic common code refactoring. To clarify your proposal, make a follow-up patch?

Another interesting approach would be to implement USER_CREATABLE (I have an experimental patch for that). This allows to use -object tpm-passthrough,id=..,path=.. and will change the way backends are created & initialized.

Re: [Qemu-devel] [PATCH 22/42] tpm-backend: store TPMIf interface, improve backend_init()

[Marc-André Lureau]

Hi

----- Original Message -----
> On Tue, 2017-10-10 at 00:56 +0200, Marc-André Lureau wrote:
> > Store the TPM interface, the actual object may be different from
> > TPMState. Keep a reference on the interface, and check the backend
> > wasn't already initialized.
> > 
> > Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> > ---
> >  include/sysemu/tpm_backend.h |  7 ++++---
> >  backends/tpm.c               | 12 +++++++++---
> >  hw/tpm/tpm_emulator.c        |  4 ++--
> >  hw/tpm/tpm_passthrough.c     |  4 ++--
> >  hw/tpm/tpm_tis.c             |  2 +-
> >  5 files changed, 18 insertions(+), 11 deletions(-)
> > 
> > diff --git a/include/sysemu/tpm_backend.h
> > b/include/sysemu/tpm_backend.h
> > index 03ea5a3400..8d08765b3c 100644
> > --- a/include/sysemu/tpm_backend.h
> > +++ b/include/sysemu/tpm_backend.h
> > @@ -18,6 +18,7 @@
> >  #include "qapi-types.h"
> >  #include "qemu/option.h"
> >  #include "sysemu/tpm.h"
> > +#include "hw/tpm/tpm_int.h"
> This is not supposed to be internal header?

You are right, moving the interface to include/sysemu/tpm.h directly, to avoid that header inclusion and later code churn in patch "tpm: lookup the the TPM interface"

thanks

Re: [Qemu-devel] [PATCH 31/42] tpm-backend: move set 'id' to common code

[Valluri, Amarnath]

On Tue, 2017-10-10 at 06:47 -0400, Marc-André Lureau wrote:
> Hi
> 
> ----- Original Message -----
> > 
> > On Tue, 2017-10-10 at 00:56 +0200, Marc-André Lureau wrote:
> > > 
> > > Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> > > ---
> > >  include/sysemu/tpm_backend.h |  2 +-
> > >  hw/tpm/tpm_emulator.c        | 12 +++---------
> > >  hw/tpm/tpm_passthrough.c     |  9 +++------
> > >  tpm.c                        |  3 ++-
> > >  4 files changed, 9 insertions(+), 17 deletions(-)
> > > 
> > > diff --git a/include/sysemu/tpm_backend.h
> > > b/include/sysemu/tpm_backend.h
> > > index 594bb50782..881be97ee3 100644
> > > --- a/include/sysemu/tpm_backend.h
> > > +++ b/include/sysemu/tpm_backend.h
> > > @@ -64,7 +64,7 @@ struct TPMBackendClass {
> > >      /* get a descriptive text of the backend to display to the
> > > user
> > > */
> > >      const char *desc;
> > >  
> > > -    TPMBackend *(*create)(QemuOpts *opts, const char *id);
> > > +    TPMBackend *(*create)(QemuOpts *opts);
> > >  
> > >      /* start up the TPM on the backend - optional */
> > >      int (*startup_tpm)(TPMBackend *t);
> > > diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> > > index 36454837b3..315819329b 100644
> > > --- a/hw/tpm/tpm_emulator.c
> > > +++ b/hw/tpm/tpm_emulator.c
> > > @@ -453,22 +453,16 @@ err:
> > >      return -1;
> > >  }
> > >  
> > > -static TPMBackend *tpm_emulator_create(QemuOpts *opts, const
> > > char
> > > *id)
> > > +static TPMBackend *tpm_emulator_create(QemuOpts *opts)
> > >  {
> > >      TPMBackend *tb = TPM_BACKEND(object_new(TYPE_TPM_EMULATOR));
> > >  
> > > -    tb->id = g_strdup(id);
> > > -
> > >      if (tpm_emulator_handle_device_opts(TPM_EMULATOR(tb), opts))
> > > {
> > > -        goto err_exit;
> > > +        object_unref(OBJECT(tb));
> > > +        return NULL;
> > >      }
> > >  
> > >      return tb;
> > > -
> > > -err_exit:
> > > -    object_unref(OBJECT(tb));
> > > -
> > > -    return NULL;
> > >  }
> > >  
> > >  static TpmTypeOptions *tpm_emulator_get_tpm_options(TPMBackend
> > > *tb)
> > > diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> > > index 9326cbfdc9..7371d50739 100644
> > > --- a/hw/tpm/tpm_passthrough.c
> > > +++ b/hw/tpm/tpm_passthrough.c
> > > @@ -284,13 +284,10 @@
> > > tpm_passthrough_handle_device_opts(TPMPassthruState *tpm_pt,
> > > QemuOpts
> > > *opts)
> > >      return 1;
> > >  }
> > >  
> > > -static TPMBackend *tpm_passthrough_create(QemuOpts *opts, const
> > > char
> > > *id)
> > > +static TPMBackend *tpm_passthrough_create(QemuOpts *opts)
> > >  {
> > >      Object *obj = object_new(TYPE_TPM_PASSTHROUGH);
> > > -    TPMBackend *tb = TPM_BACKEND(obj);
> > > -    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
> > > -
> > > -    tb->id = g_strdup(id);
> > > +    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(obj);
> > >  
> > >      if (tpm_passthrough_handle_device_opts(tpm_pt, opts)) {
> > >          goto err_exit;
> > > @@ -301,7 +298,7 @@ static TPMBackend
> > > *tpm_passthrough_create(QemuOpts *opts, const char *id)
> > >          goto err_exit;
> > >      }
> > >  
> > > -    return tb;
> > > +    return TPM_BACKEND(obj);
> > >  
> > >  err_exit:
> > >      object_unref(obj);
> > > diff --git a/tpm.c b/tpm.c
> > > index a46ee5f144..37298f3f03 100644
> > > --- a/tpm.c
> > > +++ b/tpm.c
> > > @@ -129,11 +129,12 @@ static int tpm_init_tpmdev(void *dummy,
> > > QemuOpts *opts, Error **errp)
> > >          return 1;
> > >      }
> > >  
> > > -    drv = be->create(opts, id);
> > > +    drv = be->create(opts);
> > >      if (!drv) {
> > >          return 1;
> > >      }
> > >  
> > > +    drv->id = g_strdup(id);
> > I kind of oppose this change, instead what about adding new
> > TPMBackend
> > api say - TPMBackend* tpm_backend_create(const char *type, const
> > QemuOpts *opts), that should handle this common code, and returns
> > the
> > newly instantiated backend object.
> That would be a more complicated refactoring than what I propose
> here, which is basic common code refactoring. To clarify your
> proposal, make a follow-up patch?
Yes, ok with a follow-up patch.
> 
> Another interesting approach would be to implement USER_CREATABLE (I
> have an experimental patch for that). This allows to use -object tpm-
> passthrough,id=..,path=.. and will change the way backends are
> created & initialized.
This approach is really interesting.

- Amarnath

Re: [Qemu-devel] [PATCH 00/42] TPM: code cleanup & CRB device

[Marc-André Lureau]

Hi Stefan

On Tue, Oct 10, 2017 at 4:34 AM, Stefan Berger
<stefanb@linux.vnet.ibm.com> wrote:
> On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
>>
>> Hi,
>>
>> I accumulated a series of patch doing some TPM code cleanup while
>> doing review. I removed some dead code, simplified other parts, and
>> tried to isolate implementation of the backend and frontend by using a
>> new TPMIf interface. I solved a few issues, and added some FIXME for
>> what should be tackled.  Finally, I implemented a simple CRB device
>> (tpm 2.0) that is work in progress for now - it works fine with
>> passthrough, but swtpm/libtpms with win10 has some issues that need
>> more investigations.
>
>
> You are using the swtpm with --tpm2, right? And I suppose you are using the
> tpm2-preview.rev146 branch of libtpms. What are the symptoms?

Yes, I was using tpm2-preview.rev146.ossl11 branch

Windows complained about malfunctioning TPM 2.0 device, despite doing
many exchanges. Sadly, I couldn't find many option to make libtpms a
bit more verbose, as I am not able to parse the hexdump. I haven't
spent much time investigating yet.

>
> Most of this series looks good to me. I'll go over it again and will add my
> Reviewed-by. It seems to have some build problems, though.

I fixed the build issue (gcc on centos is a bit old), last version is
https://github.com/elmarco/qemu/commits/tpm.

>
> For libtpms + swtpm the biggest challenge is supporting state migration,
> especially with TPM2. I have that working on the swtpm level in form of test
> cases and also with the old CUSE TPM support in QEMU + libvirt mgmt. stack
> with CUSE support. So ideally we would get to that point as well with the
> QEMU TPM emulator device to make sure suspend/resume, snapshotting, and
> migration work. libtpms 0.6 should have TPM 2 code and ideally swtpm 0.1
> would support TPM 2 as well.

Yes! thanks a lot for working on this, this is indeed essential. How
close are you from releasing the migration code?

Depending how quickly this series is reviewed & merged, I would like
to work on cleaning up the threading code next.


thanks

>
>    Regards,
>        Stefan
>
>
>>
>> seabios CRB support is required for TPM 2.0 & emulation
>> (https://mail.coreboot.org/pipermail/seabios/2017-October/011839.html)
>>
>> Comments/review welcome!
>>
>> Based-on: <1507222112-20315-1-git-send-email-stefanb@linux.vnet.ibm.com>
>>
>> Marc-André Lureau (42):
>>    tpm-tis: remove unused hw_access argument
>>    tpm-tis: remove RAISE_STS_IRQ
>>    tpm: make tpm_get_backend_driver() static
>>    tpm: lookup tpm backend class in tpm_driver_find_by_type()
>>    tpm: replace tpm_get_backend_driver() to drop be_drivers
>>    tpm: remove tpm_register_driver()
>>    tpm: move TPMSizedBuffer to tpm_tis.h
>>    tpm: remove TPMDriverOps
>>    tpm: remove init() class method
>>    tpm: remove configure_tpm() hop
>>    tpm: remove unused TPMBackendCmd
>>    tpm: remove needless cast
>>    tpm: remove locty argument from receive_cb
>>    tpm: add TPMBackendCmd to hold the request state
>>    tpm-emulator: fix error handling
>>    tpm: remove locty_data from TPMState
>>    tpm-tis: move TPMState to TIS header
>>    tpm-tis: remove tpm_tis.h header
>>    tpm-tis: fold TPMTISEmuState in TPMState
>>    tpm: add a QOM TPM interface
>>    tpm: move recv_data_callback to TPM interface
>>    tpm-backend: store TPMIf interface, improve backend_init()
>>    tpm-tis: no longer expose TPMState
>>    tpm-be: call request_completed() out of thread
>>    tpm-be: report error instead of front-end
>>    tpm-be: ask model to the TPM interface
>>    tpm: remove unused opened code
>>    tpm-passthrough: don't save guessed cancel_path in options
>>    tpm-be: update optional function pointers
>>    tpm-passthrough: pass TPMPassthruState to handle_device_opts
>>    tpm-backend: move set 'id' to common code
>>    tpm-passthrough: make it safer to destroy after creation
>>    tpm-passthrough: remove error cleanup from handle_device_opts
>>    tpm-passthrough: workaround a possible race
>>    tpm-tis: simplify header inclusion
>>    tpm: rename qemu_find_tpm() -> qemu_find_tpm_be()
>>    tpm: lookup the the TPM interface instead of TIS device
>>    tpm: add TPM interface to lookup TPM version
>>    tpm: add tpm_cmd_get_size() to tpm_util
>>    acpi: change TPM TIS data conditions
>>    tpm-emulator: add a FIXME comment about blocking cancel
>>    WIP: add TPM CRB device
>>
>>   qapi/tpm.json                      |   7 +-
>>   hw/tpm/tpm_int.h                   |  25 +-
>>   hw/tpm/tpm_tis.h                   |  70 ------
>>   hw/tpm/tpm_util.h                  |   8 +-
>>   include/hw/acpi/tpm.h              |  65 +++++
>>   include/sysemu/tpm.h               |  59 +++--
>>   include/sysemu/tpm_backend.h       |  70 ++----
>>   backends/tpm.c                     | 121 ++++-----
>>   hw/i386/acpi-build.c               |  33 ++-
>>   hw/tpm/tpm_crb.c                   | 320 ++++++++++++++++++++++++
>>   hw/tpm/tpm_emulator.c              |  95 +++----
>>   hw/tpm/tpm_passthrough.c           | 114 +++------
>>   hw/tpm/tpm_tis.c                   | 499
>> +++++++++++++++++++------------------
>>   hw/tpm/tpm_util.c                  |   1 +
>>   tpm.c                              |  63 ++---
>>   default-configs/i386-softmmu.mak   |   1 +
>>   default-configs/x86_64-softmmu.mak |   1 +
>>   hw/tpm/Makefile.objs               |   1 +
>>   scripts/checkpatch.pl              |   1 -
>>   19 files changed, 899 insertions(+), 655 deletions(-)
>>   delete mode 100644 hw/tpm/tpm_tis.h
>>   create mode 100644 hw/tpm/tpm_crb.c
>>
>
>



-- 
Marc-André Lureau

Re: [Qemu-devel] [PATCH 09/42] tpm: remove init() class method

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> No backend use it.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   include/sysemu/tpm_backend.h | 2 --
>   backends/tpm.c               | 4 +---
>   2 files changed, 1 insertion(+), 5 deletions(-)
>
> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
> index a4288df038..b08f985500 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -66,8 +66,6 @@ struct TPMBackendClass {
>   
>       TPMBackend *(*create)(QemuOpts *opts, const char *id);
>   
> -    /* initialize the backend */
> -    int (*init)(TPMBackend *t);
>       /* start up the TPM on the backend */
>       int (*startup_tpm)(TPMBackend *t);
>   
> diff --git a/backends/tpm.c b/backends/tpm.c
> index ca3a78eea8..dc750d48c9 100644
> --- a/backends/tpm.c
> +++ b/backends/tpm.c
> @@ -47,13 +47,11 @@ enum TpmType tpm_backend_get_type(TPMBackend *s)
>   int tpm_backend_init(TPMBackend *s, TPMState *state,
>                        TPMRecvDataCB *datacb)
>   {
> -    TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
> -
>       s->tpm_state = state;
>       s->recv_data_callback = datacb;
>       s->had_startup_error = false;
>   
> -    return k->init ? k->init(s) : 0;
> +    return 0;
>   }
>   
>   int tpm_backend_startup_tpm(TPMBackend *s)

Re: [Qemu-devel] [PATCH 10/42] tpm: remove configure_tpm() hop

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   tpm.c | 7 +------
>   1 file changed, 1 insertion(+), 6 deletions(-)
>
> diff --git a/tpm.c b/tpm.c
> index 4882501bd7..45520f555d 100644
> --- a/tpm.c
> +++ b/tpm.c
> @@ -86,7 +86,7 @@ TPMBackend *qemu_find_tpm(const char *id)
>       return NULL;
>   }
>   
> -static int configure_tpm(QemuOpts *opts)
> +static int tpm_init_tpmdev(void *dummy, QemuOpts *opts, Error **errp)
>   {
>       const char *value;
>       const char *id;
> @@ -145,11 +145,6 @@ static int configure_tpm(QemuOpts *opts)
>       return 0;
>   }
>   
> -static int tpm_init_tpmdev(void *dummy, QemuOpts *opts, Error **errp)
> -{
> -    return configure_tpm(opts);
> -}
> -
>   /*
>    * Walk the list of TPM backend drivers that are in use and call their
>    * destroy function to have them cleaned up.

Re: [Qemu-devel] [PATCH 12/42] tpm: remove needless cast

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
> ---
>   hw/tpm/tpm_passthrough.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> index 5cd988e8a4..fed3d69799 100644
> --- a/hw/tpm/tpm_passthrough.c
> +++ b/hw/tpm/tpm_passthrough.c
> @@ -96,7 +96,7 @@ static int tpm_passthrough_unix_tx_bufs(TPMPassthruState *tpm_pt,
>   
>       is_selftest = tpm_util_is_selftest(in, in_len);
>   
> -    ret = qemu_write_full(tpm_pt->tpm_fd, (const void *)in, (size_t)in_len);
> +    ret = qemu_write_full(tpm_pt->tpm_fd, in, in_len);
>       if (ret != in_len) {
>           if (!tpm_pt->tpm_op_canceled || errno != ECANCELED) {
>               error_report("tpm_passthrough: error while transmitting data "

Re: [Qemu-devel] [PATCH 13/42] tpm: remove locty argument from receive_cb

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> The tpm_state is passed as argument, the assert() is pointless since
> we give it the value of tpm_state->locty_number already.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   include/sysemu/tpm_backend.h | 2 +-
>   hw/tpm/tpm_emulator.c        | 3 +--
>   hw/tpm/tpm_passthrough.c     | 4 +---
>   hw/tpm/tpm_tis.c             | 5 ++---
>   4 files changed, 5 insertions(+), 9 deletions(-)
>
> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
> index 7d7ebfc21d..9c83a512e1 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -30,7 +30,7 @@
>   typedef struct TPMBackendClass TPMBackendClass;
>   typedef struct TPMBackend TPMBackend;
>   
> -typedef void (TPMRecvDataCB)(TPMState *, uint8_t locty, bool selftest_done);
> +typedef void (TPMRecvDataCB)(TPMState *, bool selftest_done);
>   
>   struct TPMBackend {
>       Object parent;
> diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> index dadc264182..4fe405353a 100644
> --- a/hw/tpm/tpm_emulator.c
> +++ b/hw/tpm/tpm_emulator.c
> @@ -193,8 +193,7 @@ static void tpm_emulator_handle_request(TPMBackend *tb)
>           error_report_err(err);
>       }
>   
> -    tb->recv_data_callback(tb->tpm_state, tb->tpm_state->locty_number,
> -                           selftest_done);
> +    tb->recv_data_callback(tb->tpm_state, selftest_done);
>   }
>   
>   static int tpm_emulator_probe_caps(TPMEmulator *tpm_emu)
> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> index fed3d69799..0ae4596932 100644
> --- a/hw/tpm/tpm_passthrough.c
> +++ b/hw/tpm/tpm_passthrough.c
> @@ -160,9 +160,7 @@ static void tpm_passthrough_handle_request(TPMBackend *tb)
>                                     tb->tpm_state->locty_data,
>                                     &selftest_done);
>   
> -    tb->recv_data_callback(tb->tpm_state,
> -                           tb->tpm_state->locty_number,
> -                           selftest_done);
> +    tb->recv_data_callback(tb->tpm_state, selftest_done);
>   }
>   
>   static void tpm_passthrough_reset(TPMBackend *tb)
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index c54dac32de..345a4fbee5 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -371,14 +371,13 @@ static void tpm_tis_receive_bh(void *opaque)
>   /*
>    * Callback from the TPM to indicate that the response was received.
>    */
> -static void tpm_tis_receive_cb(TPMState *s, uint8_t locty,
> +static void tpm_tis_receive_cb(TPMState *s,
>                                  bool is_selftest_done)
>   {
>       TPMTISEmuState *tis = &s->s.tis;
> +    uint8_t locty = s->locty_number;
>       uint8_t l;
>   
> -    assert(s->locty_number == locty);
> -
>       if (is_selftest_done) {
>           for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
>               tis->loc[locty].sts |= TPM_TIS_STS_SELFTEST_DONE;

Re: [Qemu-devel] [PATCH 14/42] tpm: add TPMBackendCmd to hold the request state

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> This simplifies a bit locality handling, and argument passing, and
> could pave the way to queuing requests (if that makes sense).

We won't queue requests. The TPM interfaces all send one request and 
expect the driver to wait until the response comes back.

>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   hw/tpm/tpm_int.h             |  1 +
>   include/sysemu/tpm_backend.h | 16 +++++++++++++---
>   backends/tpm.c               |  6 +++---
>   hw/tpm/tpm_emulator.c        | 29 +++++++++++++++--------------
>   hw/tpm/tpm_passthrough.c     | 24 +++++-------------------
>   hw/tpm/tpm_tis.c             | 18 +++++++++++++-----
>   6 files changed, 50 insertions(+), 44 deletions(-)
>
> diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
> index f2f285b3cc..6d7b3dc850 100644
> --- a/hw/tpm/tpm_int.h
> +++ b/hw/tpm/tpm_int.h
> @@ -26,6 +26,7 @@ struct TPMState {
>   
>       uint8_t     locty_number;
>       TPMLocality *locty_data;
> +    TPMBackendCmd cmd;
>   
>       char *backend;
>       TPMBackend *be_driver;
> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
> index 9c83a512e1..3bb90be3de 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -30,7 +30,16 @@
>   typedef struct TPMBackendClass TPMBackendClass;
>   typedef struct TPMBackend TPMBackend;
>   
> -typedef void (TPMRecvDataCB)(TPMState *, bool selftest_done);
> +typedef void (TPMRecvDataCB)(TPMState *);
> +
> +typedef struct TPMBackendCmd {
> +    uint8_t locty;
> +    const uint8_t *in;
> +    uint32_t in_len;
> +    uint8_t *out;
> +    uint32_t out_len;
> +    bool selftest_done;
> +} TPMBackendCmd;
>   
>   struct TPMBackend {
>       Object parent;
> @@ -76,7 +85,7 @@ struct TPMBackendClass {
>   
>       void (*opened)(TPMBackend *s, Error **errp);
>   
> -    void (*handle_request)(TPMBackend *s);
> +    void (*handle_request)(TPMBackend *s, TPMBackendCmd *cmd);
>   };
>   
>   /**
> @@ -121,11 +130,12 @@ bool tpm_backend_had_startup_error(TPMBackend *s);
>   /**
>    * tpm_backend_deliver_request:
>    * @s: the backend to send the request to
> + * @cmd: the command to deliver
>    *
>    * Send a request to the backend. The backend will then send the request
>    * to the TPM implementation.
>    */
> -void tpm_backend_deliver_request(TPMBackend *s);
> +void tpm_backend_deliver_request(TPMBackend *s, TPMBackendCmd *cmd);
>   
>   /**
>    * tpm_backend_reset:
> diff --git a/backends/tpm.c b/backends/tpm.c
> index 34e82085ec..dc7c831ff8 100644
> --- a/backends/tpm.c
> +++ b/backends/tpm.c
> @@ -25,7 +25,7 @@ static void tpm_backend_worker_thread(gpointer data, gpointer user_data)
>       TPMBackendClass *k  = TPM_BACKEND_GET_CLASS(s);
>   
>       assert(k->handle_request != NULL);
> -    k->handle_request(s);
> +    k->handle_request(s, (TPMBackendCmd *)data);
>   }
>   
>   static void tpm_backend_thread_end(TPMBackend *s)
> @@ -76,9 +76,9 @@ bool tpm_backend_had_startup_error(TPMBackend *s)
>       return s->had_startup_error;
>   }
>   
> -void tpm_backend_deliver_request(TPMBackend *s)
> +void tpm_backend_deliver_request(TPMBackend *s, TPMBackendCmd *cmd)
>   {
> -    g_thread_pool_push(s->thread_pool, NULL, NULL);
> +    g_thread_pool_push(s->thread_pool, cmd, NULL);
>   }
>   
>   void tpm_backend_reset(TPMBackend *s)
> diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> index 4fe405353a..788ab9876d 100644
> --- a/hw/tpm/tpm_emulator.c
> +++ b/hw/tpm/tpm_emulator.c
> @@ -172,28 +172,29 @@ static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number)
>       return 0;
>   }
>   
> -static void tpm_emulator_handle_request(TPMBackend *tb)
> +static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
>   {
>       TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
> -    TPMLocality *locty = NULL;
> -    bool selftest_done = false;
>       Error *err = NULL;
>   
>       DPRINTF("processing TPM command");
>   
> -    locty = tb->tpm_state->locty_data;
> -    if (tpm_emulator_set_locality(tpm_emu,
> -                                  tb->tpm_state->locty_number) < 0 ||
> -        tpm_emulator_unix_tx_bufs(tpm_emu, locty->w_buffer.buffer,
> -                                  locty->w_offset, locty->r_buffer.buffer,
> -                                  locty->r_buffer.size, &selftest_done,
> -                                  &err) < 0) {
> -        tpm_util_write_fatal_error_response(locty->r_buffer.buffer,
> -                                            locty->r_buffer.size);
> -        error_report_err(err);
> +    if (tpm_emulator_set_locality(tpm_emu, tb->tpm_state->locty_number) < 0) {
> +        goto error;
> +    }
> +
> +    if (tpm_emulator_unix_tx_bufs(tpm_emu, cmd->in, cmd->in_len,
> +                                  cmd->out, cmd->out_len,
> +                                  &cmd->selftest_done, &err) < 0) {
> +        goto error;
>       }
>   
> -    tb->recv_data_callback(tb->tpm_state, selftest_done);
> +    tb->recv_data_callback(tb->tpm_state);
> +    return;
> +
> +error:
> +    tpm_util_write_fatal_error_response(cmd->out, cmd->out_len);
> +    error_report_err(err);
>   }
>   
>   static int tpm_emulator_probe_caps(TPMEmulator *tpm_emu)
> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> index 0ae4596932..93d72b8e9e 100644
> --- a/hw/tpm/tpm_passthrough.c
> +++ b/hw/tpm/tpm_passthrough.c
> @@ -137,30 +137,16 @@ err_exit:
>       return ret;
>   }
>   
> -static int tpm_passthrough_unix_transfer(TPMPassthruState *tpm_pt,
> -                                         const TPMLocality *locty_data,
> -                                         bool *selftest_done)
> -{
> -    return tpm_passthrough_unix_tx_bufs(tpm_pt,
> -                                        locty_data->w_buffer.buffer,
> -                                        locty_data->w_offset,
> -                                        locty_data->r_buffer.buffer,
> -                                        locty_data->r_buffer.size,
> -                                        selftest_done);
> -}
> -
> -static void tpm_passthrough_handle_request(TPMBackend *tb)
> +static void tpm_passthrough_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
>   {
>       TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
> -    bool selftest_done = false;
>   
> -    DPRINTF("tpm_passthrough: processing command\n");
> +    DPRINTF("tpm_passthrough: processing command %p\n", cmd);
>   
> -    tpm_passthrough_unix_transfer(tpm_pt,
> -                                  tb->tpm_state->locty_data,
> -                                  &selftest_done);
> +    tpm_passthrough_unix_tx_bufs(tpm_pt, cmd->in, cmd->in_len,
> +                                 cmd->out, cmd->out_len, &cmd->selftest_done);
>   
> -    tb->recv_data_callback(tb->tpm_state, selftest_done);
> +    tb->recv_data_callback(tb->tpm_state);
>   }
>   
>   static void tpm_passthrough_reset(TPMBackend *tb)
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index 345a4fbee5..ffed7bfaf9 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -215,7 +215,15 @@ static void tpm_tis_tpm_send(TPMState *s, uint8_t locty)
>        */
>       tis->loc[locty].state = TPM_TIS_STATE_EXECUTION;
>   
> -    tpm_backend_deliver_request(s->be_driver);
> +    s->cmd = (TPMBackendCmd) {
> +        .locty = locty,
> +        .in = s->locty_data->w_buffer.buffer,
> +        .in_len = s->locty_data->w_offset,
> +        .out = s->locty_data->r_buffer.buffer,
> +        .out_len = s->locty_data->r_buffer.size
> +    };
> +
> +    tpm_backend_deliver_request(s->be_driver, &s->cmd);
>   }
>   
>   /* raise an interrupt if allowed */
> @@ -352,7 +360,7 @@ static void tpm_tis_receive_bh(void *opaque)
>   {
>       TPMState *s = opaque;
>       TPMTISEmuState *tis = &s->s.tis;
> -    uint8_t locty = s->locty_number;
> +    uint8_t locty = s->cmd.locty;
>   
>       tpm_tis_sts_set(&tis->loc[locty],
>                       TPM_TIS_STS_VALID | TPM_TIS_STS_DATA_AVAILABLE);
> @@ -371,11 +379,11 @@ static void tpm_tis_receive_bh(void *opaque)
>   /*
>    * Callback from the TPM to indicate that the response was received.
>    */
> -static void tpm_tis_receive_cb(TPMState *s,
> -                               bool is_selftest_done)
> +static void tpm_tis_receive_cb(TPMState *s)
>   {
>       TPMTISEmuState *tis = &s->s.tis;
> -    uint8_t locty = s->locty_number;
> +    bool is_selftest_done = s->cmd.selftest_done;
> +    uint8_t locty = s->cmd.locty;
>       uint8_t l;
>   
>       if (is_selftest_done) {

Re: [Qemu-devel] [PATCH 15/42] tpm-emulator: fix error handling

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> The previous patch cleaned up a bit error handling, and exposed an
> existing bug: error_report_err() could be called with a NULL error.
> Instead, make tpm_emulator_set_locality() set the error.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   hw/tpm/tpm_emulator.c | 14 ++++++++------
>   1 file changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> index 788ab9876d..25a6258c10 100644
> --- a/hw/tpm/tpm_emulator.c
> +++ b/hw/tpm/tpm_emulator.c
> @@ -141,7 +141,8 @@ static int tpm_emulator_unix_tx_bufs(TPMEmulator *tpm_emu,
>       return 0;
>   }
>   
> -static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number)
> +static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number,
> +                                     Error **errp)
>   {
>       ptm_loc loc;
>   
> @@ -155,15 +156,15 @@ static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number)
>       loc.u.req.loc = locty_number;
>       if (tpm_emulator_ctrlcmd(&tpm_emu->ctrl_chr, CMD_SET_LOCALITY, &loc,
>                                sizeof(loc), sizeof(loc)) < 0) {
> -        error_report("tpm-emulator: could not set locality : %s",
> -                     strerror(errno));
> +        error_setg(errp, "tpm-emulator: could not set locality : %s",
> +                   strerror(errno));
>           return -1;
>       }
>   
>       loc.u.resp.tpm_result = be32_to_cpu(loc.u.resp.tpm_result);
>       if (loc.u.resp.tpm_result != 0) {
> -        error_report("tpm-emulator: TPM result for set locality : 0x%x",
> -                     loc.u.resp.tpm_result);
> +        error_setg(errp, "tpm-emulator: TPM result for set locality : 0x%x",
> +                   loc.u.resp.tpm_result);
>           return -1;
>       }
>   
> @@ -179,7 +180,8 @@ static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
>   
>       DPRINTF("processing TPM command");
>   
> -    if (tpm_emulator_set_locality(tpm_emu, tb->tpm_state->locty_number) < 0) {
> +    if (tpm_emulator_set_locality(tpm_emu,
> +                                  tb->tpm_state->locty_number, &err) < 0) {
>           goto error;
>       }
>   

Re: [Qemu-devel] [PATCH 16/42] tpm: remove locty_data from TPMState

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> Keep it internal to tpm-tis instead.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   hw/tpm/tpm_int.h      |  2 --
>   hw/tpm/tpm_emulator.c |  3 +--
>   hw/tpm/tpm_tis.c      | 12 +++++-------
>   3 files changed, 6 insertions(+), 11 deletions(-)
>
> diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
> index 6d7b3dc850..252c4082ef 100644
> --- a/hw/tpm/tpm_int.h
> +++ b/hw/tpm/tpm_int.h
> @@ -24,8 +24,6 @@ struct TPMState {
>           TPMTISEmuState tis;
>       } s;
>   
> -    uint8_t     locty_number;
> -    TPMLocality *locty_data;
>       TPMBackendCmd cmd;
>   
>       char *backend;
> diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> index 25a6258c10..407ac97651 100644
> --- a/hw/tpm/tpm_emulator.c
> +++ b/hw/tpm/tpm_emulator.c
> @@ -180,8 +180,7 @@ static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
>   
>       DPRINTF("processing TPM command");
>   
> -    if (tpm_emulator_set_locality(tpm_emu,
> -                                  tb->tpm_state->locty_number, &err) < 0) {
> +    if (tpm_emulator_set_locality(tpm_emu, cmd->locty, &err) < 0) {
>           goto error;
>       }
>   
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index ffed7bfaf9..ad2845622e 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -203,12 +203,10 @@ static void tpm_tis_sts_set(TPMLocality *l, uint32_t flags)
>   static void tpm_tis_tpm_send(TPMState *s, uint8_t locty)
>   {
>       TPMTISEmuState *tis = &s->s.tis;
> +    TPMLocality *locty_data = &tis->loc[locty];
>   
>       tpm_tis_show_buffer(&tis->loc[locty].w_buffer, "tpm_tis: To TPM");
>   
> -    s->locty_number = locty;
> -    s->locty_data = &tis->loc[locty];
> -
>       /*
>        * w_offset serves as length indicator for length of data;
>        * it's reset when the response comes back
> @@ -217,10 +215,10 @@ static void tpm_tis_tpm_send(TPMState *s, uint8_t locty)
>   
>       s->cmd = (TPMBackendCmd) {
>           .locty = locty,
> -        .in = s->locty_data->w_buffer.buffer,
> -        .in_len = s->locty_data->w_offset,
> -        .out = s->locty_data->r_buffer.buffer,
> -        .out_len = s->locty_data->r_buffer.size
> +        .in = locty_data->w_buffer.buffer,
> +        .in_len = locty_data->w_offset,
> +        .out = locty_data->r_buffer.buffer,
> +        .out_len = locty_data->r_buffer.size
>       };
>   
>       tpm_backend_deliver_request(s->be_driver, &s->cmd);

Re: [Qemu-devel] [PATCH 17/42] tpm-tis: move TPMState to TIS header

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
>   hw/tpm/tpm_int.h  | 23 ++---------------------
>   hw/tpm/tpm_tis.h  | 19 +++++++++++++++++++
>   hw/tpm/tpm_util.c |  1 +
>   3 files changed, 22 insertions(+), 21 deletions(-)
>
> diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
> index 252c4082ef..e231d0eb4f 100644
> --- a/hw/tpm/tpm_int.h
> +++ b/hw/tpm/tpm_int.h
> @@ -12,28 +12,9 @@
>   #ifndef TPM_TPM_INT_H
>   #define TPM_TPM_INT_H
>   
> -#include "exec/memory.h"
> -#include "tpm_tis.h"
> +#include "qemu/osdep.h"
>   
> -/* overall state of the TPM interface */
> -struct TPMState {
> -    ISADevice busdev;
> -    MemoryRegion mmio;
> -
> -    union {
> -        TPMTISEmuState tis;
> -    } s;
> -
> -    TPMBackendCmd cmd;
> -
> -    char *backend;
> -    TPMBackend *be_driver;
> -    TPMVersion be_tpm_version;
> -};
> -
> -#define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS)
> -
> -#define TPM_STANDARD_CMDLINE_OPTS \
> +#define TPM_STANDARD_CMDLINE_OPTS               \
>       { \
>           .name = "type", \
>           .type = QEMU_OPT_STRING, \
> diff --git a/hw/tpm/tpm_tis.h b/hw/tpm/tpm_tis.h
> index 31e612a7f4..30e35eef64 100644
> --- a/hw/tpm/tpm_tis.h
> +++ b/hw/tpm/tpm_tis.h
> @@ -72,4 +72,23 @@ typedef struct TPMTISEmuState {
>       uint32_t irq_num;
>   } TPMTISEmuState;
>   
> +/* overall state of the TPM interface */
> +struct TPMState {
> +    ISADevice busdev;
> +    MemoryRegion mmio;
> +
> +    union {
> +        TPMTISEmuState tis;
> +    } s;
> +
> +    uint8_t     locty_number;

This one probably shouldn't be here at this point. You seem to have 
added it in the move?



> +    TPMBackendCmd cmd;
> +
> +    char *backend;
> +    TPMBackend *be_driver;
> +    TPMVersion be_tpm_version;
> +};
> +
> +#define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS)
> +
>   #endif /* TPM_TPM_TIS_H */
> diff --git a/hw/tpm/tpm_util.c b/hw/tpm/tpm_util.c
> index fb929f6e92..7dc5b08824 100644
> --- a/hw/tpm/tpm_util.c
> +++ b/hw/tpm/tpm_util.c
> @@ -22,6 +22,7 @@
>   #include "qemu/osdep.h"
>   #include "tpm_util.h"
>   #include "tpm_int.h"
> +#include "exec/memory.h"
>   
>   /*
>    * Write an error message in the given output buffer.

Re: [Qemu-devel] [PATCH 17/42] tpm-tis: move TPMState to TIS header

[Marc-André Lureau]

----- Original Message -----
> On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> > Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> > ---
> >   hw/tpm/tpm_int.h  | 23 ++---------------------
> >   hw/tpm/tpm_tis.h  | 19 +++++++++++++++++++
> >   hw/tpm/tpm_util.c |  1 +
> >   3 files changed, 22 insertions(+), 21 deletions(-)
> >
> > diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
> > index 252c4082ef..e231d0eb4f 100644
> > --- a/hw/tpm/tpm_int.h
> > +++ b/hw/tpm/tpm_int.h
> > @@ -12,28 +12,9 @@
> >   #ifndef TPM_TPM_INT_H
> >   #define TPM_TPM_INT_H
> >   
> > -#include "exec/memory.h"
> > -#include "tpm_tis.h"
> > +#include "qemu/osdep.h"
> >   
> > -/* overall state of the TPM interface */
> > -struct TPMState {
> > -    ISADevice busdev;
> > -    MemoryRegion mmio;
> > -
> > -    union {
> > -        TPMTISEmuState tis;
> > -    } s;
> > -
> > -    TPMBackendCmd cmd;
> > -
> > -    char *backend;
> > -    TPMBackend *be_driver;
> > -    TPMVersion be_tpm_version;
> > -};
> > -
> > -#define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS)
> > -
> > -#define TPM_STANDARD_CMDLINE_OPTS \
> > +#define TPM_STANDARD_CMDLINE_OPTS               \
> >       { \
> >           .name = "type", \
> >           .type = QEMU_OPT_STRING, \
> > diff --git a/hw/tpm/tpm_tis.h b/hw/tpm/tpm_tis.h
> > index 31e612a7f4..30e35eef64 100644
> > --- a/hw/tpm/tpm_tis.h
> > +++ b/hw/tpm/tpm_tis.h
> > @@ -72,4 +72,23 @@ typedef struct TPMTISEmuState {
> >       uint32_t irq_num;
> >   } TPMTISEmuState;
> >   
> > +/* overall state of the TPM interface */
> > +struct TPMState {
> > +    ISADevice busdev;
> > +    MemoryRegion mmio;
> > +
> > +    union {
> > +        TPMTISEmuState tis;
> > +    } s;
> > +
> > +    uint8_t     locty_number;
> 
> This one probably shouldn't be here at this point. You seem to have
> added it in the move?
> 

good catch, removed

Thanks

Re: [Qemu-devel] [PATCH 14/42] tpm: add TPMBackendCmd to hold the request state

[Marc-André Lureau]

Hi

----- Original Message -----
> On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> > This simplifies a bit locality handling, and argument passing, and
> > could pave the way to queuing requests (if that makes sense).
> 
> We won't queue requests. The TPM interfaces all send one request and
> expect the driver to wait until the response comes back.

Even on different localities? (I am not familiar enough with that part)

> 
> >
> > Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> 
> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
> 
> > ---
> >   hw/tpm/tpm_int.h             |  1 +
> >   include/sysemu/tpm_backend.h | 16 +++++++++++++---
> >   backends/tpm.c               |  6 +++---
> >   hw/tpm/tpm_emulator.c        | 29 +++++++++++++++--------------
> >   hw/tpm/tpm_passthrough.c     | 24 +++++-------------------
> >   hw/tpm/tpm_tis.c             | 18 +++++++++++++-----
> >   6 files changed, 50 insertions(+), 44 deletions(-)
> >
> > diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
> > index f2f285b3cc..6d7b3dc850 100644
> > --- a/hw/tpm/tpm_int.h
> > +++ b/hw/tpm/tpm_int.h
> > @@ -26,6 +26,7 @@ struct TPMState {
> >   
> >       uint8_t     locty_number;
> >       TPMLocality *locty_data;
> > +    TPMBackendCmd cmd;
> >   
> >       char *backend;
> >       TPMBackend *be_driver;
> > diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
> > index 9c83a512e1..3bb90be3de 100644
> > --- a/include/sysemu/tpm_backend.h
> > +++ b/include/sysemu/tpm_backend.h
> > @@ -30,7 +30,16 @@
> >   typedef struct TPMBackendClass TPMBackendClass;
> >   typedef struct TPMBackend TPMBackend;
> >   
> > -typedef void (TPMRecvDataCB)(TPMState *, bool selftest_done);
> > +typedef void (TPMRecvDataCB)(TPMState *);
> > +
> > +typedef struct TPMBackendCmd {
> > +    uint8_t locty;
> > +    const uint8_t *in;
> > +    uint32_t in_len;
> > +    uint8_t *out;
> > +    uint32_t out_len;
> > +    bool selftest_done;
> > +} TPMBackendCmd;
> >   
> >   struct TPMBackend {
> >       Object parent;
> > @@ -76,7 +85,7 @@ struct TPMBackendClass {
> >   
> >       void (*opened)(TPMBackend *s, Error **errp);
> >   
> > -    void (*handle_request)(TPMBackend *s);
> > +    void (*handle_request)(TPMBackend *s, TPMBackendCmd *cmd);
> >   };
> >   
> >   /**
> > @@ -121,11 +130,12 @@ bool tpm_backend_had_startup_error(TPMBackend *s);
> >   /**
> >    * tpm_backend_deliver_request:
> >    * @s: the backend to send the request to
> > + * @cmd: the command to deliver
> >    *
> >    * Send a request to the backend. The backend will then send the request
> >    * to the TPM implementation.
> >    */
> > -void tpm_backend_deliver_request(TPMBackend *s);
> > +void tpm_backend_deliver_request(TPMBackend *s, TPMBackendCmd *cmd);
> >   
> >   /**
> >    * tpm_backend_reset:
> > diff --git a/backends/tpm.c b/backends/tpm.c
> > index 34e82085ec..dc7c831ff8 100644
> > --- a/backends/tpm.c
> > +++ b/backends/tpm.c
> > @@ -25,7 +25,7 @@ static void tpm_backend_worker_thread(gpointer data,
> > gpointer user_data)
> >       TPMBackendClass *k  = TPM_BACKEND_GET_CLASS(s);
> >   
> >       assert(k->handle_request != NULL);
> > -    k->handle_request(s);
> > +    k->handle_request(s, (TPMBackendCmd *)data);
> >   }
> >   
> >   static void tpm_backend_thread_end(TPMBackend *s)
> > @@ -76,9 +76,9 @@ bool tpm_backend_had_startup_error(TPMBackend *s)
> >       return s->had_startup_error;
> >   }
> >   
> > -void tpm_backend_deliver_request(TPMBackend *s)
> > +void tpm_backend_deliver_request(TPMBackend *s, TPMBackendCmd *cmd)
> >   {
> > -    g_thread_pool_push(s->thread_pool, NULL, NULL);
> > +    g_thread_pool_push(s->thread_pool, cmd, NULL);
> >   }
> >   
> >   void tpm_backend_reset(TPMBackend *s)
> > diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> > index 4fe405353a..788ab9876d 100644
> > --- a/hw/tpm/tpm_emulator.c
> > +++ b/hw/tpm/tpm_emulator.c
> > @@ -172,28 +172,29 @@ static int tpm_emulator_set_locality(TPMEmulator
> > *tpm_emu, uint8_t locty_number)
> >       return 0;
> >   }
> >   
> > -static void tpm_emulator_handle_request(TPMBackend *tb)
> > +static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd
> > *cmd)
> >   {
> >       TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
> > -    TPMLocality *locty = NULL;
> > -    bool selftest_done = false;
> >       Error *err = NULL;
> >   
> >       DPRINTF("processing TPM command");
> >   
> > -    locty = tb->tpm_state->locty_data;
> > -    if (tpm_emulator_set_locality(tpm_emu,
> > -                                  tb->tpm_state->locty_number) < 0 ||
> > -        tpm_emulator_unix_tx_bufs(tpm_emu, locty->w_buffer.buffer,
> > -                                  locty->w_offset, locty->r_buffer.buffer,
> > -                                  locty->r_buffer.size, &selftest_done,
> > -                                  &err) < 0) {
> > -        tpm_util_write_fatal_error_response(locty->r_buffer.buffer,
> > -                                            locty->r_buffer.size);
> > -        error_report_err(err);
> > +    if (tpm_emulator_set_locality(tpm_emu, tb->tpm_state->locty_number) <
> > 0) {
> > +        goto error;
> > +    }
> > +
> > +    if (tpm_emulator_unix_tx_bufs(tpm_emu, cmd->in, cmd->in_len,
> > +                                  cmd->out, cmd->out_len,
> > +                                  &cmd->selftest_done, &err) < 0) {
> > +        goto error;
> >       }
> >   
> > -    tb->recv_data_callback(tb->tpm_state, selftest_done);
> > +    tb->recv_data_callback(tb->tpm_state);
> > +    return;
> > +
> > +error:
> > +    tpm_util_write_fatal_error_response(cmd->out, cmd->out_len);
> > +    error_report_err(err);
> >   }
> >   
> >   static int tpm_emulator_probe_caps(TPMEmulator *tpm_emu)
> > diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> > index 0ae4596932..93d72b8e9e 100644
> > --- a/hw/tpm/tpm_passthrough.c
> > +++ b/hw/tpm/tpm_passthrough.c
> > @@ -137,30 +137,16 @@ err_exit:
> >       return ret;
> >   }
> >   
> > -static int tpm_passthrough_unix_transfer(TPMPassthruState *tpm_pt,
> > -                                         const TPMLocality *locty_data,
> > -                                         bool *selftest_done)
> > -{
> > -    return tpm_passthrough_unix_tx_bufs(tpm_pt,
> > -                                        locty_data->w_buffer.buffer,
> > -                                        locty_data->w_offset,
> > -                                        locty_data->r_buffer.buffer,
> > -                                        locty_data->r_buffer.size,
> > -                                        selftest_done);
> > -}
> > -
> > -static void tpm_passthrough_handle_request(TPMBackend *tb)
> > +static void tpm_passthrough_handle_request(TPMBackend *tb, TPMBackendCmd
> > *cmd)
> >   {
> >       TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
> > -    bool selftest_done = false;
> >   
> > -    DPRINTF("tpm_passthrough: processing command\n");
> > +    DPRINTF("tpm_passthrough: processing command %p\n", cmd);
> >   
> > -    tpm_passthrough_unix_transfer(tpm_pt,
> > -                                  tb->tpm_state->locty_data,
> > -                                  &selftest_done);
> > +    tpm_passthrough_unix_tx_bufs(tpm_pt, cmd->in, cmd->in_len,
> > +                                 cmd->out, cmd->out_len,
> > &cmd->selftest_done);
> >   
> > -    tb->recv_data_callback(tb->tpm_state, selftest_done);
> > +    tb->recv_data_callback(tb->tpm_state);
> >   }
> >   
> >   static void tpm_passthrough_reset(TPMBackend *tb)
> > diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> > index 345a4fbee5..ffed7bfaf9 100644
> > --- a/hw/tpm/tpm_tis.c
> > +++ b/hw/tpm/tpm_tis.c
> > @@ -215,7 +215,15 @@ static void tpm_tis_tpm_send(TPMState *s, uint8_t
> > locty)
> >        */
> >       tis->loc[locty].state = TPM_TIS_STATE_EXECUTION;
> >   
> > -    tpm_backend_deliver_request(s->be_driver);
> > +    s->cmd = (TPMBackendCmd) {
> > +        .locty = locty,
> > +        .in = s->locty_data->w_buffer.buffer,
> > +        .in_len = s->locty_data->w_offset,
> > +        .out = s->locty_data->r_buffer.buffer,
> > +        .out_len = s->locty_data->r_buffer.size
> > +    };
> > +
> > +    tpm_backend_deliver_request(s->be_driver, &s->cmd);
> >   }
> >   
> >   /* raise an interrupt if allowed */
> > @@ -352,7 +360,7 @@ static void tpm_tis_receive_bh(void *opaque)
> >   {
> >       TPMState *s = opaque;
> >       TPMTISEmuState *tis = &s->s.tis;
> > -    uint8_t locty = s->locty_number;
> > +    uint8_t locty = s->cmd.locty;
> >   
> >       tpm_tis_sts_set(&tis->loc[locty],
> >                       TPM_TIS_STS_VALID | TPM_TIS_STS_DATA_AVAILABLE);
> > @@ -371,11 +379,11 @@ static void tpm_tis_receive_bh(void *opaque)
> >   /*
> >    * Callback from the TPM to indicate that the response was received.
> >    */
> > -static void tpm_tis_receive_cb(TPMState *s,
> > -                               bool is_selftest_done)
> > +static void tpm_tis_receive_cb(TPMState *s)
> >   {
> >       TPMTISEmuState *tis = &s->s.tis;
> > -    uint8_t locty = s->locty_number;
> > +    bool is_selftest_done = s->cmd.selftest_done;
> > +    uint8_t locty = s->cmd.locty;
> >       uint8_t l;
> >   
> >       if (is_selftest_done) {
> 
> 
> 

Re: [Qemu-devel] [PATCH 18/42] tpm-tis: remove tpm_tis.h header

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> The definitions are now private to TIS implementation.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>


With that stray locty_number, introduced in previous patch, removed:

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   hw/tpm/tpm_tis.h         | 94 ------------------------------------------------
>   hw/tpm/tpm_passthrough.c |  1 -
>   hw/tpm/tpm_tis.c         | 72 ++++++++++++++++++++++++++++++++++++-
>   3 files changed, 71 insertions(+), 96 deletions(-)
>   delete mode 100644 hw/tpm/tpm_tis.h
>
> diff --git a/hw/tpm/tpm_tis.h b/hw/tpm/tpm_tis.h
> deleted file mode 100644
> index 30e35eef64..0000000000
> --- a/hw/tpm/tpm_tis.h
> +++ /dev/null
> @@ -1,94 +0,0 @@
> -/*
> - * tpm_tis.h - QEMU's TPM TIS interface emulator
> - *
> - * Copyright (C) 2006, 2010-2013 IBM Corporation
> - *
> - * Authors:
> - *  Stefan Berger <stefanb@us.ibm.com>
> - *  David Safford <safford@us.ibm.com>
> - *
> - * This work is licensed under the terms of the GNU GPL, version 2 or later.
> - * See the COPYING file in the top-level directory.
> - *
> - * Implementation of the TIS interface according to specs found at
> - * http://www.trustedcomputinggroup.org
> - *
> - */
> -#ifndef TPM_TPM_TIS_H
> -#define TPM_TPM_TIS_H
> -
> -#include "hw/isa/isa.h"
> -#include "hw/acpi/tpm.h"
> -#include "qemu-common.h"
> -
> -#define TPM_TIS_NUM_LOCALITIES      5     /* per spec */
> -#define TPM_TIS_LOCALITY_SHIFT      12
> -#define TPM_TIS_NO_LOCALITY         0xff
> -
> -#define TPM_TIS_IS_VALID_LOCTY(x)   ((x) < TPM_TIS_NUM_LOCALITIES)
> -
> -#define TPM_TIS_BUFFER_MAX          4096
> -
> -typedef enum {
> -    TPM_TIS_STATE_IDLE = 0,
> -    TPM_TIS_STATE_READY,
> -    TPM_TIS_STATE_COMPLETION,
> -    TPM_TIS_STATE_EXECUTION,
> -    TPM_TIS_STATE_RECEPTION,
> -} TPMTISState;
> -
> -typedef struct TPMSizedBuffer {
> -    uint32_t size;
> -    uint8_t  *buffer;
> -} TPMSizedBuffer;
> -
> -/* locality data  -- all fields are persisted */
> -typedef struct TPMLocality {
> -    TPMTISState state;
> -    uint8_t access;
> -    uint32_t sts;
> -    uint32_t iface_id;
> -    uint32_t inte;
> -    uint32_t ints;
> -
> -    uint16_t w_offset;
> -    uint16_t r_offset;
> -    TPMSizedBuffer w_buffer;
> -    TPMSizedBuffer r_buffer;
> -} TPMLocality;
> -
> -typedef struct TPMTISEmuState {
> -    QEMUBH *bh;
> -    uint32_t offset;
> -    uint8_t buf[TPM_TIS_BUFFER_MAX];
> -
> -    uint8_t active_locty;
> -    uint8_t aborting_locty;
> -    uint8_t next_locty;
> -
> -    TPMLocality loc[TPM_TIS_NUM_LOCALITIES];
> -
> -    qemu_irq irq;
> -    uint32_t irq_num;
> -} TPMTISEmuState;
> -
> -/* overall state of the TPM interface */
> -struct TPMState {
> -    ISADevice busdev;
> -    MemoryRegion mmio;
> -
> -    union {
> -        TPMTISEmuState tis;
> -    } s;
> -
> -    uint8_t     locty_number;
> -    TPMBackendCmd cmd;
> -
> -    char *backend;
> -    TPMBackend *be_driver;
> -    TPMVersion be_tpm_version;
> -};
> -
> -#define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS)
> -
> -#endif /* TPM_TPM_TIS_H */
> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> index 93d72b8e9e..4274164a61 100644
> --- a/hw/tpm/tpm_passthrough.c
> +++ b/hw/tpm/tpm_passthrough.c
> @@ -31,7 +31,6 @@
>   #include "hw/hw.h"
>   #include "hw/i386/pc.h"
>   #include "qapi/clone-visitor.h"
> -#include "tpm_tis.h"
>   #include "tpm_util.h"
>
>   #define DEBUG_TPM 0
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index ad2845622e..73cda41dc6 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -23,6 +23,7 @@
>    */
>
>   #include "qemu/osdep.h"
> +#include "hw/isa/isa.h"
>   #include "sysemu/tpm_backend.h"
>   #include "tpm_int.h"
>   #include "sysemu/block-backend.h"
> @@ -30,10 +31,79 @@
>   #include "hw/hw.h"
>   #include "hw/i386/pc.h"
>   #include "hw/pci/pci_ids.h"
> -#include "tpm_tis.h"
>   #include "qapi/error.h"
>   #include "qemu-common.h"
>   #include "qemu/main-loop.h"
> +#include "hw/acpi/tpm.h"
> +
> +#define TPM_TIS_NUM_LOCALITIES      5     /* per spec */
> +#define TPM_TIS_LOCALITY_SHIFT      12
> +#define TPM_TIS_NO_LOCALITY         0xff
> +
> +#define TPM_TIS_IS_VALID_LOCTY(x)   ((x) < TPM_TIS_NUM_LOCALITIES)
> +
> +#define TPM_TIS_BUFFER_MAX          4096
> +
> +typedef enum {
> +    TPM_TIS_STATE_IDLE = 0,
> +    TPM_TIS_STATE_READY,
> +    TPM_TIS_STATE_COMPLETION,
> +    TPM_TIS_STATE_EXECUTION,
> +    TPM_TIS_STATE_RECEPTION,
> +} TPMTISState;
> +
> +typedef struct TPMSizedBuffer {
> +    uint32_t size;
> +    uint8_t  *buffer;
> +} TPMSizedBuffer;
> +
> +/* locality data  -- all fields are persisted */
> +typedef struct TPMLocality {
> +    TPMTISState state;
> +    uint8_t access;
> +    uint32_t sts;
> +    uint32_t iface_id;
> +    uint32_t inte;
> +    uint32_t ints;
> +
> +    uint16_t w_offset;
> +    uint16_t r_offset;
> +    TPMSizedBuffer w_buffer;
> +    TPMSizedBuffer r_buffer;
> +} TPMLocality;
> +
> +typedef struct TPMTISEmuState {
> +    QEMUBH *bh;
> +    uint32_t offset;
> +    uint8_t buf[TPM_TIS_BUFFER_MAX];
> +
> +    uint8_t active_locty;
> +    uint8_t aborting_locty;
> +    uint8_t next_locty;
> +
> +    TPMLocality loc[TPM_TIS_NUM_LOCALITIES];
> +
> +    qemu_irq irq;
> +    uint32_t irq_num;
> +} TPMTISEmuState;
> +
> +struct TPMState {
> +    ISADevice busdev;
> +    MemoryRegion mmio;
> +
> +    union {
> +        TPMTISEmuState tis;
> +    } s;
> +
> +    uint8_t     locty_number;
> +    TPMBackendCmd cmd;
> +
> +    char *backend;
> +    TPMBackend *be_driver;
> +    TPMVersion be_tpm_version;
> +};
> +
> +#define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS)
>
>   #define DEBUG_TIS 0
>

Re: [Qemu-devel] [PATCH 19/42] tpm-tis: fold TPMTISEmuState in TPMState

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>



> ---
>   hw/tpm/tpm_tis.c | 336 ++++++++++++++++++++++++++-----------------------------
>   1 file changed, 157 insertions(+), 179 deletions(-)
>
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index 73cda41dc6..d84eec48b4 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -72,7 +72,10 @@ typedef struct TPMLocality {
>       TPMSizedBuffer r_buffer;
>   } TPMLocality;
>
> -typedef struct TPMTISEmuState {
> +struct TPMState {
> +    ISADevice busdev;
> +    MemoryRegion mmio;
> +
>       QEMUBH *bh;
>       uint32_t offset;
>       uint8_t buf[TPM_TIS_BUFFER_MAX];
> @@ -85,15 +88,6 @@ typedef struct TPMTISEmuState {
>
>       qemu_irq irq;
>       uint32_t irq_num;
> -} TPMTISEmuState;
> -
> -struct TPMState {
> -    ISADevice busdev;
> -    MemoryRegion mmio;
> -
> -    union {
> -        TPMTISEmuState tis;
> -    } s;
>
>       uint8_t     locty_number;
>       TPMBackendCmd cmd;
> @@ -272,16 +266,15 @@ static void tpm_tis_sts_set(TPMLocality *l, uint32_t flags)
>    */
>   static void tpm_tis_tpm_send(TPMState *s, uint8_t locty)
>   {
> -    TPMTISEmuState *tis = &s->s.tis;
> -    TPMLocality *locty_data = &tis->loc[locty];
> +    TPMLocality *locty_data = &s->loc[locty];
>
> -    tpm_tis_show_buffer(&tis->loc[locty].w_buffer, "tpm_tis: To TPM");
> +    tpm_tis_show_buffer(&s->loc[locty].w_buffer, "tpm_tis: To TPM");
>
>       /*
>        * w_offset serves as length indicator for length of data;
>        * it's reset when the response comes back
>        */
> -    tis->loc[locty].state = TPM_TIS_STATE_EXECUTION;
> +    s->loc[locty].state = TPM_TIS_STATE_EXECUTION;
>
>       s->cmd = (TPMBackendCmd) {
>           .locty = locty,
> @@ -297,17 +290,15 @@ static void tpm_tis_tpm_send(TPMState *s, uint8_t locty)
>   /* raise an interrupt if allowed */
>   static void tpm_tis_raise_irq(TPMState *s, uint8_t locty, uint32_t irqmask)
>   {
> -    TPMTISEmuState *tis = &s->s.tis;
> -
>       if (!TPM_TIS_IS_VALID_LOCTY(locty)) {
>           return;
>       }
>
> -    if ((tis->loc[locty].inte & TPM_TIS_INT_ENABLED) &&
> -        (tis->loc[locty].inte & irqmask)) {
> +    if ((s->loc[locty].inte & TPM_TIS_INT_ENABLED) &&
> +        (s->loc[locty].inte & irqmask)) {
>           DPRINTF("tpm_tis: Raising IRQ for flag %08x\n", irqmask);
> -        qemu_irq_raise(s->s.tis.irq);
> -        tis->loc[locty].ints |= irqmask;
> +        qemu_irq_raise(s->irq);
> +        s->loc[locty].ints |= irqmask;
>       }
>   }
>
> @@ -319,7 +310,7 @@ static uint32_t tpm_tis_check_request_use_except(TPMState *s, uint8_t locty)
>           if (l == locty) {
>               continue;
>           }
> -        if ((s->s.tis.loc[l].access & TPM_TIS_ACCESS_REQUEST_USE)) {
> +        if ((s->loc[l].access & TPM_TIS_ACCESS_REQUEST_USE)) {
>               return 1;
>           }
>       }
> @@ -329,14 +320,13 @@ static uint32_t tpm_tis_check_request_use_except(TPMState *s, uint8_t locty)
>
>   static void tpm_tis_new_active_locality(TPMState *s, uint8_t new_active_locty)
>   {
> -    TPMTISEmuState *tis = &s->s.tis;
> -    bool change = (s->s.tis.active_locty != new_active_locty);
> +    bool change = (s->active_locty != new_active_locty);
>       bool is_seize;
>       uint8_t mask;
>
> -    if (change && TPM_TIS_IS_VALID_LOCTY(s->s.tis.active_locty)) {
> +    if (change && TPM_TIS_IS_VALID_LOCTY(s->active_locty)) {
>           is_seize = TPM_TIS_IS_VALID_LOCTY(new_active_locty) &&
> -                   tis->loc[new_active_locty].access & TPM_TIS_ACCESS_SEIZE;
> +                   s->loc[new_active_locty].access & TPM_TIS_ACCESS_SEIZE;
>
>           if (is_seize) {
>               mask = ~(TPM_TIS_ACCESS_ACTIVE_LOCALITY);
> @@ -345,73 +335,70 @@ static void tpm_tis_new_active_locality(TPMState *s, uint8_t new_active_locty)
>                        TPM_TIS_ACCESS_REQUEST_USE);
>           }
>           /* reset flags on the old active locality */
> -        tis->loc[s->s.tis.active_locty].access &= mask;
> +        s->loc[s->active_locty].access &= mask;
>
>           if (is_seize) {
> -            tis->loc[tis->active_locty].access |= TPM_TIS_ACCESS_BEEN_SEIZED;
> +            s->loc[s->active_locty].access |= TPM_TIS_ACCESS_BEEN_SEIZED;
>           }
>       }
>
> -    tis->active_locty = new_active_locty;
> +    s->active_locty = new_active_locty;
>
> -    DPRINTF("tpm_tis: Active locality is now %d\n", s->s.tis.active_locty);
> +    DPRINTF("tpm_tis: Active locality is now %d\n", s->active_locty);
>
>       if (TPM_TIS_IS_VALID_LOCTY(new_active_locty)) {
>           /* set flags on the new active locality */
> -        tis->loc[new_active_locty].access |= TPM_TIS_ACCESS_ACTIVE_LOCALITY;
> -        tis->loc[new_active_locty].access &= ~(TPM_TIS_ACCESS_REQUEST_USE |
> +        s->loc[new_active_locty].access |= TPM_TIS_ACCESS_ACTIVE_LOCALITY;
> +        s->loc[new_active_locty].access &= ~(TPM_TIS_ACCESS_REQUEST_USE |
>                                                  TPM_TIS_ACCESS_SEIZE);
>       }
>
>       if (change) {
> -        tpm_tis_raise_irq(s, tis->active_locty, TPM_TIS_INT_LOCALITY_CHANGED);
> +        tpm_tis_raise_irq(s, s->active_locty, TPM_TIS_INT_LOCALITY_CHANGED);
>       }
>   }
>
>   /* abort -- this function switches the locality */
>   static void tpm_tis_abort(TPMState *s, uint8_t locty)
>   {
> -    TPMTISEmuState *tis = &s->s.tis;
> -
> -    tis->loc[locty].r_offset = 0;
> -    tis->loc[locty].w_offset = 0;
> +    s->loc[locty].r_offset = 0;
> +    s->loc[locty].w_offset = 0;
>
> -    DPRINTF("tpm_tis: tis_abort: new active locality is %d\n", tis->next_locty);
> +    DPRINTF("tpm_tis: tis_abort: new active locality is %d\n", s->next_locty);
>
>       /*
>        * Need to react differently depending on who's aborting now and
>        * which locality will become active afterwards.
>        */
> -    if (tis->aborting_locty == tis->next_locty) {
> -        tis->loc[tis->aborting_locty].state = TPM_TIS_STATE_READY;
> -        tpm_tis_sts_set(&tis->loc[tis->aborting_locty],
> +    if (s->aborting_locty == s->next_locty) {
> +        s->loc[s->aborting_locty].state = TPM_TIS_STATE_READY;
> +        tpm_tis_sts_set(&s->loc[s->aborting_locty],
>                           TPM_TIS_STS_COMMAND_READY);
> -        tpm_tis_raise_irq(s, tis->aborting_locty, TPM_TIS_INT_COMMAND_READY);
> +        tpm_tis_raise_irq(s, s->aborting_locty, TPM_TIS_INT_COMMAND_READY);
>       }
>
>       /* locality after abort is another one than the current one */
> -    tpm_tis_new_active_locality(s, tis->next_locty);
> +    tpm_tis_new_active_locality(s, s->next_locty);
>
> -    tis->next_locty = TPM_TIS_NO_LOCALITY;
> +    s->next_locty = TPM_TIS_NO_LOCALITY;
>       /* nobody's aborting a command anymore */
> -    tis->aborting_locty = TPM_TIS_NO_LOCALITY;
> +    s->aborting_locty = TPM_TIS_NO_LOCALITY;
>   }
>
>   /* prepare aborting current command */
>   static void tpm_tis_prep_abort(TPMState *s, uint8_t locty, uint8_t newlocty)
>   {
> -    TPMTISEmuState *tis = &s->s.tis;
>       uint8_t busy_locty;
>
> -    tis->aborting_locty = locty;
> -    tis->next_locty = newlocty;  /* locality after successful abort */
> +    s->aborting_locty = locty;
> +    s->next_locty = newlocty;  /* locality after successful abort */
>
>       /*
>        * only abort a command using an interrupt if currently executing
>        * a command AND if there's a valid connection to the vTPM.
>        */
>       for (busy_locty = 0; busy_locty < TPM_TIS_NUM_LOCALITIES; busy_locty++) {
> -        if (tis->loc[busy_locty].state == TPM_TIS_STATE_EXECUTION) {
> +        if (s->loc[busy_locty].state == TPM_TIS_STATE_EXECUTION) {
>               /*
>                * request the backend to cancel. Some backends may not
>                * support it
> @@ -427,16 +414,15 @@ static void tpm_tis_prep_abort(TPMState *s, uint8_t locty, uint8_t newlocty)
>   static void tpm_tis_receive_bh(void *opaque)
>   {
>       TPMState *s = opaque;
> -    TPMTISEmuState *tis = &s->s.tis;
>       uint8_t locty = s->cmd.locty;
>
> -    tpm_tis_sts_set(&tis->loc[locty],
> +    tpm_tis_sts_set(&s->loc[locty],
>                       TPM_TIS_STS_VALID | TPM_TIS_STS_DATA_AVAILABLE);
> -    tis->loc[locty].state = TPM_TIS_STATE_COMPLETION;
> -    tis->loc[locty].r_offset = 0;
> -    tis->loc[locty].w_offset = 0;
> +    s->loc[locty].state = TPM_TIS_STATE_COMPLETION;
> +    s->loc[locty].r_offset = 0;
> +    s->loc[locty].w_offset = 0;
>
> -    if (TPM_TIS_IS_VALID_LOCTY(tis->next_locty)) {
> +    if (TPM_TIS_IS_VALID_LOCTY(s->next_locty)) {
>           tpm_tis_abort(s, locty);
>       }
>
> @@ -449,18 +435,17 @@ static void tpm_tis_receive_bh(void *opaque)
>    */
>   static void tpm_tis_receive_cb(TPMState *s)
>   {
> -    TPMTISEmuState *tis = &s->s.tis;
>       bool is_selftest_done = s->cmd.selftest_done;
>       uint8_t locty = s->cmd.locty;
>       uint8_t l;
>
>       if (is_selftest_done) {
>           for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
> -            tis->loc[locty].sts |= TPM_TIS_STS_SELFTEST_DONE;
> +            s->loc[locty].sts |= TPM_TIS_STS_SELFTEST_DONE;
>           }
>       }
>
> -    qemu_bh_schedule(tis->bh);
> +    qemu_bh_schedule(s->bh);
>   }
>
>   /*
> @@ -468,21 +453,20 @@ static void tpm_tis_receive_cb(TPMState *s)
>    */
>   static uint32_t tpm_tis_data_read(TPMState *s, uint8_t locty)
>   {
> -    TPMTISEmuState *tis = &s->s.tis;
>       uint32_t ret = TPM_TIS_NO_DATA_BYTE;
>       uint16_t len;
>
> -    if ((tis->loc[locty].sts & TPM_TIS_STS_DATA_AVAILABLE)) {
> -        len = tpm_tis_get_size_from_buffer(&tis->loc[locty].r_buffer);
> +    if ((s->loc[locty].sts & TPM_TIS_STS_DATA_AVAILABLE)) {
> +        len = tpm_tis_get_size_from_buffer(&s->loc[locty].r_buffer);
>
> -        ret = tis->loc[locty].r_buffer.buffer[tis->loc[locty].r_offset++];
> -        if (tis->loc[locty].r_offset >= len) {
> +        ret = s->loc[locty].r_buffer.buffer[s->loc[locty].r_offset++];
> +        if (s->loc[locty].r_offset >= len) {
>               /* got last byte */
> -            tpm_tis_sts_set(&tis->loc[locty], TPM_TIS_STS_VALID);
> +            tpm_tis_sts_set(&s->loc[locty], TPM_TIS_STS_VALID);
>               tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID);
>           }
>           DPRINTF("tpm_tis: tpm_tis_data_read byte 0x%02x   [%d]\n",
> -                ret, tis->loc[locty].r_offset-1);
> +                ret, s->loc[locty].r_offset - 1);
>       }
>
>       return ret;
> @@ -505,13 +489,12 @@ static void tpm_tis_dump_state(void *opaque, hwaddr addr)
>       uint8_t locty = tpm_tis_locality_from_addr(addr);
>       hwaddr base = addr & ~0xfff;
>       TPMState *s = opaque;
> -    TPMTISEmuState *tis = &s->s.tis;
>
>       DPRINTF("tpm_tis: active locality      : %d\n"
>               "tpm_tis: state of locality %d : %d\n"
>               "tpm_tis: register dump:\n",
> -            tis->active_locty,
> -            locty, tis->loc[locty].state);
> +            s->active_locty,
> +            locty, s->loc[locty].state);
>
>       for (idx = 0; regs[idx] != 0xfff; idx++) {
>           DPRINTF("tpm_tis: 0x%04x : 0x%08x\n", regs[idx],
> @@ -520,25 +503,25 @@ static void tpm_tis_dump_state(void *opaque, hwaddr addr)
>
>       DPRINTF("tpm_tis: read offset   : %d\n"
>               "tpm_tis: result buffer : ",
> -            tis->loc[locty].r_offset);
> +            s->loc[locty].r_offset);
>       for (idx = 0;
> -         idx < tpm_tis_get_size_from_buffer(&tis->loc[locty].r_buffer);
> +         idx < tpm_tis_get_size_from_buffer(&s->loc[locty].r_buffer);
>            idx++) {
>           DPRINTF("%c%02x%s",
> -                tis->loc[locty].r_offset == idx ? '>' : ' ',
> -                tis->loc[locty].r_buffer.buffer[idx],
> +                s->loc[locty].r_offset == idx ? '>' : ' ',
> +                s->loc[locty].r_buffer.buffer[idx],
>                   ((idx & 0xf) == 0xf) ? "\ntpm_tis:                 " : "");
>       }
>       DPRINTF("\n"
>               "tpm_tis: write offset  : %d\n"
>               "tpm_tis: request buffer: ",
> -            tis->loc[locty].w_offset);
> +            s->loc[locty].w_offset);
>       for (idx = 0;
> -         idx < tpm_tis_get_size_from_buffer(&tis->loc[locty].w_buffer);
> +         idx < tpm_tis_get_size_from_buffer(&s->loc[locty].w_buffer);
>            idx++) {
>           DPRINTF("%c%02x%s",
> -                tis->loc[locty].w_offset == idx ? '>' : ' ',
> -                tis->loc[locty].w_buffer.buffer[idx],
> +                s->loc[locty].w_offset == idx ? '>' : ' ',
> +                s->loc[locty].w_buffer.buffer[idx],
>                   ((idx & 0xf) == 0xf) ? "\ntpm_tis:                 " : "");
>       }
>       DPRINTF("\n");
> @@ -553,7 +536,6 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
>                                     unsigned size)
>   {
>       TPMState *s = opaque;
> -    TPMTISEmuState *tis = &s->s.tis;
>       uint16_t offset = addr & 0xffc;
>       uint8_t shift = (addr & 0x3) * 8;
>       uint32_t val = 0xffffffff;
> @@ -568,7 +550,7 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
>       switch (offset) {
>       case TPM_TIS_REG_ACCESS:
>           /* never show the SEIZE flag even though we use it internally */
> -        val = tis->loc[locty].access & ~TPM_TIS_ACCESS_SEIZE;
> +        val = s->loc[locty].access & ~TPM_TIS_ACCESS_SEIZE;
>           /* the pending flag is always calculated */
>           if (tpm_tis_check_request_use_except(s, locty)) {
>               val |= TPM_TIS_ACCESS_PENDING_REQUEST;
> @@ -576,13 +558,13 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
>           val |= !tpm_backend_get_tpm_established_flag(s->be_driver);
>           break;
>       case TPM_TIS_REG_INT_ENABLE:
> -        val = tis->loc[locty].inte;
> +        val = s->loc[locty].inte;
>           break;
>       case TPM_TIS_REG_INT_VECTOR:
> -        val = tis->irq_num;
> +        val = s->irq_num;
>           break;
>       case TPM_TIS_REG_INT_STATUS:
> -        val = tis->loc[locty].ints;
> +        val = s->loc[locty].ints;
>           break;
>       case TPM_TIS_REG_INTF_CAPABILITY:
>           switch (s->be_tpm_version) {
> @@ -598,14 +580,14 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
>           }
>           break;
>       case TPM_TIS_REG_STS:
> -        if (tis->active_locty == locty) {
> -            if ((tis->loc[locty].sts & TPM_TIS_STS_DATA_AVAILABLE)) {
> +        if (s->active_locty == locty) {
> +            if ((s->loc[locty].sts & TPM_TIS_STS_DATA_AVAILABLE)) {
>                   val = TPM_TIS_BURST_COUNT(
> -                       tpm_tis_get_size_from_buffer(&tis->loc[locty].r_buffer)
> -                       - tis->loc[locty].r_offset) | tis->loc[locty].sts;
> +                       tpm_tis_get_size_from_buffer(&s->loc[locty].r_buffer)
> +                       - s->loc[locty].r_offset) | s->loc[locty].sts;
>               } else {
> -                avail = tis->loc[locty].w_buffer.size
> -                        - tis->loc[locty].w_offset;
> +                avail = s->loc[locty].w_buffer.size
> +                        - s->loc[locty].w_offset;
>                   /*
>                    * byte-sized reads should not return 0x00 for 0x100
>                    * available bytes.
> @@ -613,13 +595,13 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
>                   if (size == 1 && avail > 0xff) {
>                       avail = 0xff;
>                   }
> -                val = TPM_TIS_BURST_COUNT(avail) | tis->loc[locty].sts;
> +                val = TPM_TIS_BURST_COUNT(avail) | s->loc[locty].sts;
>               }
>           }
>           break;
>       case TPM_TIS_REG_DATA_FIFO:
>       case TPM_TIS_REG_DATA_XFIFO ... TPM_TIS_REG_DATA_XFIFO_END:
> -        if (tis->active_locty == locty) {
> +        if (s->active_locty == locty) {
>               if (size > 4 - (addr & 0x3)) {
>                   /* prevent access beyond FIFO */
>                   size = 4 - (addr & 0x3);
> @@ -627,7 +609,7 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
>               val = 0;
>               shift = 0;
>               while (size > 0) {
> -                switch (tis->loc[locty].state) {
> +                switch (s->loc[locty].state) {
>                   case TPM_TIS_STATE_COMPLETION:
>                       v = tpm_tis_data_read(s, locty);
>                       break;
> @@ -643,7 +625,7 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
>           }
>           break;
>       case TPM_TIS_REG_INTERFACE_ID:
> -        val = tis->loc[locty].iface_id;
> +        val = s->loc[locty].iface_id;
>           break;
>       case TPM_TIS_REG_DID_VID:
>           val = (TPM_TIS_TPM_DID << 16) | TPM_TIS_TPM_VID;
> @@ -675,7 +657,6 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>                                  uint64_t val, unsigned size)
>   {
>       TPMState *s = opaque;
> -    TPMTISEmuState *tis = &s->s.tis;
>       uint16_t off = addr & 0xffc;
>       uint8_t shift = (addr & 0x3) * 8;
>       uint8_t locty = tpm_tis_locality_from_addr(addr);
> @@ -712,17 +693,17 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>                        TPM_TIS_ACCESS_ACTIVE_LOCALITY);
>           }
>
> -        active_locty = tis->active_locty;
> +        active_locty = s->active_locty;
>
>           if ((val & TPM_TIS_ACCESS_ACTIVE_LOCALITY)) {
>               /* give up locality if currently owned */
> -            if (tis->active_locty == locty) {
> +            if (s->active_locty == locty) {
>                   DPRINTF("tpm_tis: Releasing locality %d\n", locty);
>
>                   uint8_t newlocty = TPM_TIS_NO_LOCALITY;
>                   /* anybody wants the locality ? */
>                   for (c = TPM_TIS_NUM_LOCALITIES - 1; c >= 0; c--) {
> -                    if ((tis->loc[c].access & TPM_TIS_ACCESS_REQUEST_USE)) {
> +                    if ((s->loc[c].access & TPM_TIS_ACCESS_REQUEST_USE)) {
>                           DPRINTF("tpm_tis: Locality %d requests use.\n", c);
>                           newlocty = c;
>                           break;
> @@ -740,12 +721,12 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>                   }
>               } else {
>                   /* not currently the owner; clear a pending request */
> -                tis->loc[locty].access &= ~TPM_TIS_ACCESS_REQUEST_USE;
> +                s->loc[locty].access &= ~TPM_TIS_ACCESS_REQUEST_USE;
>               }
>           }
>
>           if ((val & TPM_TIS_ACCESS_BEEN_SEIZED)) {
> -            tis->loc[locty].access &= ~TPM_TIS_ACCESS_BEEN_SEIZED;
> +            s->loc[locty].access &= ~TPM_TIS_ACCESS_BEEN_SEIZED;
>           }
>
>           if ((val & TPM_TIS_ACCESS_SEIZE)) {
> @@ -756,19 +737,19 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>                * allow seize for requesting locality if no locality is
>                * active
>                */
> -            while ((TPM_TIS_IS_VALID_LOCTY(tis->active_locty) &&
> -                    locty > tis->active_locty) ||
> -                    !TPM_TIS_IS_VALID_LOCTY(tis->active_locty)) {
> +            while ((TPM_TIS_IS_VALID_LOCTY(s->active_locty) &&
> +                    locty > s->active_locty) ||
> +                    !TPM_TIS_IS_VALID_LOCTY(s->active_locty)) {
>                   bool higher_seize = FALSE;
>
>                   /* already a pending SEIZE ? */
> -                if ((tis->loc[locty].access & TPM_TIS_ACCESS_SEIZE)) {
> +                if ((s->loc[locty].access & TPM_TIS_ACCESS_SEIZE)) {
>                       break;
>                   }
>
>                   /* check for ongoing seize by a higher locality */
>                   for (l = locty + 1; l < TPM_TIS_NUM_LOCALITIES; l++) {
> -                    if ((tis->loc[l].access & TPM_TIS_ACCESS_SEIZE)) {
> +                    if ((s->loc[l].access & TPM_TIS_ACCESS_SEIZE)) {
>                           higher_seize = TRUE;
>                           break;
>                       }
> @@ -780,24 +761,24 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>
>                   /* cancel any seize by a lower locality */
>                   for (l = 0; l < locty - 1; l++) {
> -                    tis->loc[l].access &= ~TPM_TIS_ACCESS_SEIZE;
> +                    s->loc[l].access &= ~TPM_TIS_ACCESS_SEIZE;
>                   }
>
> -                tis->loc[locty].access |= TPM_TIS_ACCESS_SEIZE;
> +                s->loc[locty].access |= TPM_TIS_ACCESS_SEIZE;
>                   DPRINTF("tpm_tis: TPM_TIS_ACCESS_SEIZE: "
>                           "Locality %d seized from locality %d\n",
> -                        locty, tis->active_locty);
> +                        locty, s->active_locty);
>                   DPRINTF("tpm_tis: TPM_TIS_ACCESS_SEIZE: Initiating abort.\n");
>                   set_new_locty = 0;
> -                tpm_tis_prep_abort(s, tis->active_locty, locty);
> +                tpm_tis_prep_abort(s, s->active_locty, locty);
>                   break;
>               }
>           }
>
>           if ((val & TPM_TIS_ACCESS_REQUEST_USE)) {
> -            if (tis->active_locty != locty) {
> -                if (TPM_TIS_IS_VALID_LOCTY(tis->active_locty)) {
> -                    tis->loc[locty].access |= TPM_TIS_ACCESS_REQUEST_USE;
> +            if (s->active_locty != locty) {
> +                if (TPM_TIS_IS_VALID_LOCTY(s->active_locty)) {
> +                    s->loc[locty].access |= TPM_TIS_ACCESS_REQUEST_USE;
>                   } else {
>                       /* no locality active -> make this one active now */
>                       active_locty = locty;
> @@ -811,12 +792,12 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>
>           break;
>       case TPM_TIS_REG_INT_ENABLE:
> -        if (tis->active_locty != locty) {
> +        if (s->active_locty != locty) {
>               break;
>           }
>
> -        tis->loc[locty].inte &= mask;
> -        tis->loc[locty].inte |= (val & (TPM_TIS_INT_ENABLED |
> +        s->loc[locty].inte &= mask;
> +        s->loc[locty].inte |= (val & (TPM_TIS_INT_ENABLED |
>                                           TPM_TIS_INT_POLARITY_MASK |
>                                           TPM_TIS_INTERRUPTS_SUPPORTED));
>           break;
> @@ -824,30 +805,30 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>           /* hard wired -- ignore */
>           break;
>       case TPM_TIS_REG_INT_STATUS:
> -        if (tis->active_locty != locty) {
> +        if (s->active_locty != locty) {
>               break;
>           }
>
>           /* clearing of interrupt flags */
>           if (((val & TPM_TIS_INTERRUPTS_SUPPORTED)) &&
> -            (tis->loc[locty].ints & TPM_TIS_INTERRUPTS_SUPPORTED)) {
> -            tis->loc[locty].ints &= ~val;
> -            if (tis->loc[locty].ints == 0) {
> -                qemu_irq_lower(tis->irq);
> +            (s->loc[locty].ints & TPM_TIS_INTERRUPTS_SUPPORTED)) {
> +            s->loc[locty].ints &= ~val;
> +            if (s->loc[locty].ints == 0) {
> +                qemu_irq_lower(s->irq);
>                   DPRINTF("tpm_tis: Lowering IRQ\n");
>               }
>           }
> -        tis->loc[locty].ints &= ~(val & TPM_TIS_INTERRUPTS_SUPPORTED);
> +        s->loc[locty].ints &= ~(val & TPM_TIS_INTERRUPTS_SUPPORTED);
>           break;
>       case TPM_TIS_REG_STS:
> -        if (tis->active_locty != locty) {
> +        if (s->active_locty != locty) {
>               break;
>           }
>
>           if (s->be_tpm_version == TPM_VERSION_2_0) {
>               /* some flags that are only supported for TPM 2 */
>               if (val & TPM_TIS_STS_COMMAND_CANCEL) {
> -                if (tis->loc[locty].state == TPM_TIS_STATE_EXECUTION) {
> +                if (s->loc[locty].state == TPM_TIS_STATE_EXECUTION) {
>                       /*
>                        * request the backend to cancel. Some backends may not
>                        * support it
> @@ -867,16 +848,16 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>                   TPM_TIS_STS_RESPONSE_RETRY);
>
>           if (val == TPM_TIS_STS_COMMAND_READY) {
> -            switch (tis->loc[locty].state) {
> +            switch (s->loc[locty].state) {
>
>               case TPM_TIS_STATE_READY:
> -                tis->loc[locty].w_offset = 0;
> -                tis->loc[locty].r_offset = 0;
> +                s->loc[locty].w_offset = 0;
> +                s->loc[locty].r_offset = 0;
>               break;
>
>               case TPM_TIS_STATE_IDLE:
> -                tpm_tis_sts_set(&tis->loc[locty], TPM_TIS_STS_COMMAND_READY);
> -                tis->loc[locty].state = TPM_TIS_STATE_READY;
> +                tpm_tis_sts_set(&s->loc[locty], TPM_TIS_STS_COMMAND_READY);
> +                s->loc[locty].state = TPM_TIS_STATE_READY;
>                   tpm_tis_raise_irq(s, locty, TPM_TIS_INT_COMMAND_READY);
>               break;
>
> @@ -889,23 +870,23 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>               break;
>
>               case TPM_TIS_STATE_COMPLETION:
> -                tis->loc[locty].w_offset = 0;
> -                tis->loc[locty].r_offset = 0;
> +                s->loc[locty].w_offset = 0;
> +                s->loc[locty].r_offset = 0;
>                   /* shortcut to ready state with C/R set */
> -                tis->loc[locty].state = TPM_TIS_STATE_READY;
> -                if (!(tis->loc[locty].sts & TPM_TIS_STS_COMMAND_READY)) {
> -                    tpm_tis_sts_set(&tis->loc[locty],
> +                s->loc[locty].state = TPM_TIS_STATE_READY;
> +                if (!(s->loc[locty].sts & TPM_TIS_STS_COMMAND_READY)) {
> +                    tpm_tis_sts_set(&s->loc[locty],
>                                       TPM_TIS_STS_COMMAND_READY);
>                       tpm_tis_raise_irq(s, locty, TPM_TIS_INT_COMMAND_READY);
>                   }
> -                tis->loc[locty].sts &= ~(TPM_TIS_STS_DATA_AVAILABLE);
> +                s->loc[locty].sts &= ~(TPM_TIS_STS_DATA_AVAILABLE);
>               break;
>
>               }
>           } else if (val == TPM_TIS_STS_TPM_GO) {
> -            switch (tis->loc[locty].state) {
> +            switch (s->loc[locty].state) {
>               case TPM_TIS_STATE_RECEPTION:
> -                if ((tis->loc[locty].sts & TPM_TIS_STS_EXPECT) == 0) {
> +                if ((s->loc[locty].sts & TPM_TIS_STS_EXPECT) == 0) {
>                       tpm_tis_tpm_send(s, locty);
>                   }
>                   break;
> @@ -914,10 +895,10 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>                   break;
>               }
>           } else if (val == TPM_TIS_STS_RESPONSE_RETRY) {
> -            switch (tis->loc[locty].state) {
> +            switch (s->loc[locty].state) {
>               case TPM_TIS_STATE_COMPLETION:
> -                tis->loc[locty].r_offset = 0;
> -                tpm_tis_sts_set(&tis->loc[locty],
> +                s->loc[locty].r_offset = 0;
> +                tpm_tis_sts_set(&s->loc[locty],
>                                   TPM_TIS_STS_VALID|
>                                   TPM_TIS_STS_DATA_AVAILABLE);
>                   break;
> @@ -930,20 +911,20 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>       case TPM_TIS_REG_DATA_FIFO:
>       case TPM_TIS_REG_DATA_XFIFO ... TPM_TIS_REG_DATA_XFIFO_END:
>           /* data fifo */
> -        if (tis->active_locty != locty) {
> +        if (s->active_locty != locty) {
>               break;
>           }
>
> -        if (tis->loc[locty].state == TPM_TIS_STATE_IDLE ||
> -            tis->loc[locty].state == TPM_TIS_STATE_EXECUTION ||
> -            tis->loc[locty].state == TPM_TIS_STATE_COMPLETION) {
> +        if (s->loc[locty].state == TPM_TIS_STATE_IDLE ||
> +            s->loc[locty].state == TPM_TIS_STATE_EXECUTION ||
> +            s->loc[locty].state == TPM_TIS_STATE_COMPLETION) {
>               /* drop the byte */
>           } else {
>               DPRINTF("tpm_tis: Data to send to TPM: %08x (size=%d)\n",
>                       (int)val, size);
> -            if (tis->loc[locty].state == TPM_TIS_STATE_READY) {
> -                tis->loc[locty].state = TPM_TIS_STATE_RECEPTION;
> -                tpm_tis_sts_set(&tis->loc[locty],
> +            if (s->loc[locty].state == TPM_TIS_STATE_READY) {
> +                s->loc[locty].state = TPM_TIS_STATE_RECEPTION;
> +                tpm_tis_sts_set(&s->loc[locty],
>                                   TPM_TIS_STS_EXPECT | TPM_TIS_STS_VALID);
>               }
>
> @@ -953,30 +934,30 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>                   size = 4 - (addr & 0x3);
>               }
>
> -            while ((tis->loc[locty].sts & TPM_TIS_STS_EXPECT) && size > 0) {
> -                if (tis->loc[locty].w_offset < tis->loc[locty].w_buffer.size) {
> -                    tis->loc[locty].w_buffer.
> -                        buffer[tis->loc[locty].w_offset++] = (uint8_t)val;
> +            while ((s->loc[locty].sts & TPM_TIS_STS_EXPECT) && size > 0) {
> +                if (s->loc[locty].w_offset < s->loc[locty].w_buffer.size) {
> +                    s->loc[locty].w_buffer.
> +                        buffer[s->loc[locty].w_offset++] = (uint8_t)val;
>                       val >>= 8;
>                       size--;
>                   } else {
> -                    tpm_tis_sts_set(&tis->loc[locty], TPM_TIS_STS_VALID);
> +                    tpm_tis_sts_set(&s->loc[locty], TPM_TIS_STS_VALID);
>                   }
>               }
>
>               /* check for complete packet */
> -            if (tis->loc[locty].w_offset > 5 &&
> -                (tis->loc[locty].sts & TPM_TIS_STS_EXPECT)) {
> +            if (s->loc[locty].w_offset > 5 &&
> +                (s->loc[locty].sts & TPM_TIS_STS_EXPECT)) {
>                   /* we have a packet length - see if we have all of it */
> -                bool need_irq = !(tis->loc[locty].sts & TPM_TIS_STS_VALID);
> +                bool need_irq = !(s->loc[locty].sts & TPM_TIS_STS_VALID);
>
> -                len = tpm_tis_get_size_from_buffer(&tis->loc[locty].w_buffer);
> -                if (len > tis->loc[locty].w_offset) {
> -                    tpm_tis_sts_set(&tis->loc[locty],
> +                len = tpm_tis_get_size_from_buffer(&s->loc[locty].w_buffer);
> +                if (len > s->loc[locty].w_offset) {
> +                    tpm_tis_sts_set(&s->loc[locty],
>                                       TPM_TIS_STS_EXPECT | TPM_TIS_STS_VALID);
>                   } else {
>                       /* packet complete */
> -                    tpm_tis_sts_set(&tis->loc[locty], TPM_TIS_STS_VALID);
> +                    tpm_tis_sts_set(&s->loc[locty], TPM_TIS_STS_VALID);
>                   }
>                   if (need_irq) {
>                       tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID);
> @@ -987,7 +968,7 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>       case TPM_TIS_REG_INTERFACE_ID:
>           if (val & TPM_TIS_IFACE_ID_INT_SEL_LOCK) {
>               for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
> -                tis->loc[l].iface_id |= TPM_TIS_IFACE_ID_INT_SEL_LOCK;
> +                s->loc[l].iface_id |= TPM_TIS_IFACE_ID_INT_SEL_LOCK;
>               }
>           }
>           break;
> @@ -1036,39 +1017,38 @@ TPMVersion tpm_tis_get_tpm_version(Object *obj)
>   static void tpm_tis_reset(DeviceState *dev)
>   {
>       TPMState *s = TPM(dev);
> -    TPMTISEmuState *tis = &s->s.tis;
>       int c;
>
>       s->be_tpm_version = tpm_backend_get_tpm_version(s->be_driver);
>
>       tpm_backend_reset(s->be_driver);
>
> -    tis->active_locty = TPM_TIS_NO_LOCALITY;
> -    tis->next_locty = TPM_TIS_NO_LOCALITY;
> -    tis->aborting_locty = TPM_TIS_NO_LOCALITY;
> +    s->active_locty = TPM_TIS_NO_LOCALITY;
> +    s->next_locty = TPM_TIS_NO_LOCALITY;
> +    s->aborting_locty = TPM_TIS_NO_LOCALITY;
>
>       for (c = 0; c < TPM_TIS_NUM_LOCALITIES; c++) {
> -        tis->loc[c].access = TPM_TIS_ACCESS_TPM_REG_VALID_STS;
> +        s->loc[c].access = TPM_TIS_ACCESS_TPM_REG_VALID_STS;
>           switch (s->be_tpm_version) {
>           case TPM_VERSION_UNSPEC:
>               break;
>           case TPM_VERSION_1_2:
> -            tis->loc[c].sts = TPM_TIS_STS_TPM_FAMILY1_2;
> -            tis->loc[c].iface_id = TPM_TIS_IFACE_ID_SUPPORTED_FLAGS1_3;
> +            s->loc[c].sts = TPM_TIS_STS_TPM_FAMILY1_2;
> +            s->loc[c].iface_id = TPM_TIS_IFACE_ID_SUPPORTED_FLAGS1_3;
>               break;
>           case TPM_VERSION_2_0:
> -            tis->loc[c].sts = TPM_TIS_STS_TPM_FAMILY2_0;
> -            tis->loc[c].iface_id = TPM_TIS_IFACE_ID_SUPPORTED_FLAGS2_0;
> +            s->loc[c].sts = TPM_TIS_STS_TPM_FAMILY2_0;
> +            s->loc[c].iface_id = TPM_TIS_IFACE_ID_SUPPORTED_FLAGS2_0;
>               break;
>           }
> -        tis->loc[c].inte = TPM_TIS_INT_POLARITY_LOW_LEVEL;
> -        tis->loc[c].ints = 0;
> -        tis->loc[c].state = TPM_TIS_STATE_IDLE;
> -
> -        tis->loc[c].w_offset = 0;
> -        tpm_tis_realloc_buffer(&tis->loc[c].w_buffer);
> -        tis->loc[c].r_offset = 0;
> -        tpm_tis_realloc_buffer(&tis->loc[c].r_buffer);
> +        s->loc[c].inte = TPM_TIS_INT_POLARITY_LOW_LEVEL;
> +        s->loc[c].ints = 0;
> +        s->loc[c].state = TPM_TIS_STATE_IDLE;
> +
> +        s->loc[c].w_offset = 0;
> +        tpm_tis_realloc_buffer(&s->loc[c].w_buffer);
> +        s->loc[c].r_offset = 0;
> +        tpm_tis_realloc_buffer(&s->loc[c].r_buffer);
>       }
>
>       tpm_tis_do_startup_tpm(s);
> @@ -1080,8 +1060,7 @@ static const VMStateDescription vmstate_tpm_tis = {
>   };
>
>   static Property tpm_tis_properties[] = {
> -    DEFINE_PROP_UINT32("irq", TPMState,
> -                       s.tis.irq_num, TPM_TIS_IRQ),
> +    DEFINE_PROP_UINT32("irq", TPMState, irq_num, TPM_TIS_IRQ),
>       DEFINE_PROP_STRING("tpmdev", TPMState, backend),
>       DEFINE_PROP_END_OF_LIST(),
>   };
> @@ -1089,7 +1068,6 @@ static Property tpm_tis_properties[] = {
>   static void tpm_tis_realizefn(DeviceState *dev, Error **errp)
>   {
>       TPMState *s = TPM(dev);
> -    TPMTISEmuState *tis = &s->s.tis;
>
>       s->be_driver = qemu_find_tpm(s->backend);
>       if (!s->be_driver) {
> @@ -1106,15 +1084,15 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp)
>           return;
>       }
>
> -    if (tis->irq_num > 15) {
> +    if (s->irq_num > 15) {
>           error_setg(errp, "tpm_tis: IRQ %d for TPM TIS is outside valid range "
> -                   "of 0 to 15", tis->irq_num);
> +                   "of 0 to 15", s->irq_num);
>           return;
>       }
>
> -    tis->bh = qemu_bh_new(tpm_tis_receive_bh, s);
> +    s->bh = qemu_bh_new(tpm_tis_receive_bh, s);
>
> -    isa_init_irq(&s->busdev, &tis->irq, tis->irq_num);
> +    isa_init_irq(&s->busdev, &s->irq, s->irq_num);
>
>       memory_region_add_subregion(isa_address_space(ISA_DEVICE(dev)),
>                                   TPM_TIS_ADDR_BASE, &s->mmio);

Re: [Qemu-devel] [PATCH 20/42] tpm: add a QOM TPM interface

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> This will simplify backend / interface objects relationship, so the
> frontend interface will simply have to implement the TPM QOM interface.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   hw/tpm/tpm_int.h | 17 +++++++++++++++++
>   backends/tpm.c   |  8 ++++++++
>   hw/tpm/tpm_tis.c |  4 ++++
>   3 files changed, 29 insertions(+)
>
> diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
> index e231d0eb4f..eb02e7760c 100644
> --- a/hw/tpm/tpm_int.h
> +++ b/hw/tpm/tpm_int.h
> @@ -13,6 +13,23 @@
>   #define TPM_TPM_INT_H
>
>   #include "qemu/osdep.h"
> +#include "qom/object.h"
> +
> +#define TYPE_TPM_IF "tpm-if"
> +#define TPM_IF_CLASS(klass) \
> +    OBJECT_CLASS_CHECK(TPMIfClass, (klass), TYPE_TPM_IF)
> +#define TPM_IF_GET_CLASS(obj) \
> +    OBJECT_GET_CLASS(TPMIfClass, (obj), TYPE_TPM_IF)
> +#define TPM_IF(obj) \
> +    INTERFACE_CHECK(TPMIf, (obj), TYPE_TPM_IF)
> +
> +typedef struct TPMIf {
> +    Object parent_obj;
> +} TPMIf;
> +
> +typedef struct TPMIfClass {
> +    InterfaceClass parent_class;
> +} TPMIfClass;
>
>   #define TPM_STANDARD_CMDLINE_OPTS               \
>       { \
> diff --git a/backends/tpm.c b/backends/tpm.c
> index dc7c831ff8..87c5c09179 100644
> --- a/backends/tpm.c
> +++ b/backends/tpm.c
> @@ -17,6 +17,7 @@
>   #include "qapi/error.h"
>   #include "qapi/qmp/qerror.h"
>   #include "sysemu/tpm.h"
> +#include "hw/tpm/tpm_int.h"
>   #include "qemu/thread.h"
>
>   static void tpm_backend_worker_thread(gpointer data, gpointer user_data)
> @@ -209,9 +210,16 @@ static const TypeInfo tpm_backend_info = {
>       .abstract = true,
>   };
>
> +static const TypeInfo tpm_if_info = {
> +    .name = TYPE_TPM_IF,
> +    .parent = TYPE_INTERFACE,
> +    .class_size = sizeof(TPMIfClass),
> +};
> +
>   static void register_types(void)
>   {
>       type_register_static(&tpm_backend_info);
> +    type_register_static(&tpm_if_info);
>   }
>
>   type_init(register_types);
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index d84eec48b4..dbb50043ac 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -1123,6 +1123,10 @@ static const TypeInfo tpm_tis_info = {
>       .instance_size = sizeof(TPMState),
>       .instance_init = tpm_tis_initfn,
>       .class_init  = tpm_tis_class_init,
> +    .interfaces = (InterfaceInfo[]) {
> +        { TYPE_TPM_IF },
> +        { }
> +    }
>   };
>
>   static void tpm_tis_register(void)

Re: [Qemu-devel] [PATCH 32/42] tpm-passthrough: make it safer to destroy after creation

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> Check fds values before closing, to avoid close(-1).
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Typicall free() can be called with a NULL pointer.  I am also fine with 
this change here,  but could we move the fd < 0 check into qemu_close?

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   hw/tpm/tpm_passthrough.c | 8 ++++++--
>   1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> index 7371d50739..aa9167e3c6 100644
> --- a/hw/tpm/tpm_passthrough.c
> +++ b/hw/tpm/tpm_passthrough.c
> @@ -347,8 +347,12 @@ static void tpm_passthrough_inst_finalize(Object *obj)
>   
>       tpm_passthrough_cancel_cmd(TPM_BACKEND(obj));
>   
> -    qemu_close(tpm_pt->tpm_fd);
> -    qemu_close(tpm_pt->cancel_fd);
> +    if (tpm_pt->tpm_fd >= 0) {
> +        qemu_close(tpm_pt->tpm_fd);
> +    }
> +    if (tpm_pt->cancel_fd >= 0) {
> +        qemu_close(tpm_pt->cancel_fd);
> +    }
>       qapi_free_TPMPassthroughOptions(tpm_pt->options);
>   }
>   

Re: [Qemu-devel] [PATCH 00/42] TPM: code cleanup & CRB device

[Stefan Berger]

On 10/10/2017 08:14 AM, Marc-André Lureau wrote:
> Hi Stefan
>
> On Tue, Oct 10, 2017 at 4:34 AM, Stefan Berger
> <stefanb@linux.vnet.ibm.com> wrote:
>> On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
>>> Hi,
>>>
>>> I accumulated a series of patch doing some TPM code cleanup while
>>> doing review. I removed some dead code, simplified other parts, and
>>> tried to isolate implementation of the backend and frontend by using a
>>> new TPMIf interface. I solved a few issues, and added some FIXME for
>>> what should be tackled.  Finally, I implemented a simple CRB device
>>> (tpm 2.0) that is work in progress for now - it works fine with
>>> passthrough, but swtpm/libtpms with win10 has some issues that need
>>> more investigations.
>>
>> You are using the swtpm with --tpm2, right? And I suppose you are using the
>> tpm2-preview.rev146 branch of libtpms. What are the symptoms?
> Yes, I was using tpm2-preview.rev146.ossl11 branch
>
> Windows complained about malfunctioning TPM 2.0 device, despite doing
> many exchanges. Sadly, I couldn't find many option to make libtpms a
> bit more verbose, as I am not able to parse the hexdump. I haven't
> spent much time investigating yet.

libtpms's TPM 2 code doesn't have a lot of debugging output. The only 
solution for now is to crank up the log level to 20 and have it log into 
a file. It at least shows the exchange of messages.

>
>> Most of this series looks good to me. I'll go over it again and will add my
>> Reviewed-by. It seems to have some build problems, though.
> I fixed the build issue (gcc on centos is a bit old), last version is
> https://github.com/elmarco/qemu/commits/tpm.
>
>> For libtpms + swtpm the biggest challenge is supporting state migration,
>> especially with TPM2. I have that working on the swtpm level in form of test
>> cases and also with the old CUSE TPM support in QEMU + libvirt mgmt. stack
>> with CUSE support. So ideally we would get to that point as well with the
>> QEMU TPM emulator device to make sure suspend/resume, snapshotting, and
>> migration work. libtpms 0.6 should have TPM 2 code and ideally swtpm 0.1
>> would support TPM 2 as well.
> Yes! thanks a lot for working on this, this is indeed essential. How
> close are you from releasing the migration code?
>
> Depending how quickly this series is reviewed & merged, I would like
> to work on cleaning up the threading code next.

I haven't worked on the suspend/resume part. It would have to be a port 
of these 3 patches:
https://github.com/stefanberger/qemu-tpm/commit/9d8c9c3f0df288242d03f78d3b103099c1910574
https://github.com/stefanberger/qemu-tpm/commit/b9ea09d2e26eac92b4a1604a7afa695c4fc2735e
https://github.com/stefanberger/qemu-tpm/commit/27d332dc3b2c6bfd0fcd38e69f5c899651f3a5d8


    Stefan


>
>
> thanks
>
>>     Regards,
>>         Stefan
>>
>>
>>> seabios CRB support is required for TPM 2.0 & emulation
>>> (https://mail.coreboot.org/pipermail/seabios/2017-October/011839.html)
>>>
>>> Comments/review welcome!
>>>
>>> Based-on: <1507222112-20315-1-git-send-email-stefanb@linux.vnet.ibm.com>
>>>
>>> Marc-André Lureau (42):
>>>     tpm-tis: remove unused hw_access argument
>>>     tpm-tis: remove RAISE_STS_IRQ
>>>     tpm: make tpm_get_backend_driver() static
>>>     tpm: lookup tpm backend class in tpm_driver_find_by_type()
>>>     tpm: replace tpm_get_backend_driver() to drop be_drivers
>>>     tpm: remove tpm_register_driver()
>>>     tpm: move TPMSizedBuffer to tpm_tis.h
>>>     tpm: remove TPMDriverOps
>>>     tpm: remove init() class method
>>>     tpm: remove configure_tpm() hop
>>>     tpm: remove unused TPMBackendCmd
>>>     tpm: remove needless cast
>>>     tpm: remove locty argument from receive_cb
>>>     tpm: add TPMBackendCmd to hold the request state
>>>     tpm-emulator: fix error handling
>>>     tpm: remove locty_data from TPMState
>>>     tpm-tis: move TPMState to TIS header
>>>     tpm-tis: remove tpm_tis.h header
>>>     tpm-tis: fold TPMTISEmuState in TPMState
>>>     tpm: add a QOM TPM interface
>>>     tpm: move recv_data_callback to TPM interface
>>>     tpm-backend: store TPMIf interface, improve backend_init()
>>>     tpm-tis: no longer expose TPMState
>>>     tpm-be: call request_completed() out of thread
>>>     tpm-be: report error instead of front-end
>>>     tpm-be: ask model to the TPM interface
>>>     tpm: remove unused opened code
>>>     tpm-passthrough: don't save guessed cancel_path in options
>>>     tpm-be: update optional function pointers
>>>     tpm-passthrough: pass TPMPassthruState to handle_device_opts
>>>     tpm-backend: move set 'id' to common code
>>>     tpm-passthrough: make it safer to destroy after creation
>>>     tpm-passthrough: remove error cleanup from handle_device_opts
>>>     tpm-passthrough: workaround a possible race
>>>     tpm-tis: simplify header inclusion
>>>     tpm: rename qemu_find_tpm() -> qemu_find_tpm_be()
>>>     tpm: lookup the the TPM interface instead of TIS device
>>>     tpm: add TPM interface to lookup TPM version
>>>     tpm: add tpm_cmd_get_size() to tpm_util
>>>     acpi: change TPM TIS data conditions
>>>     tpm-emulator: add a FIXME comment about blocking cancel
>>>     WIP: add TPM CRB device
>>>
>>>    qapi/tpm.json                      |   7 +-
>>>    hw/tpm/tpm_int.h                   |  25 +-
>>>    hw/tpm/tpm_tis.h                   |  70 ------
>>>    hw/tpm/tpm_util.h                  |   8 +-
>>>    include/hw/acpi/tpm.h              |  65 +++++
>>>    include/sysemu/tpm.h               |  59 +++--
>>>    include/sysemu/tpm_backend.h       |  70 ++----
>>>    backends/tpm.c                     | 121 ++++-----
>>>    hw/i386/acpi-build.c               |  33 ++-
>>>    hw/tpm/tpm_crb.c                   | 320 ++++++++++++++++++++++++
>>>    hw/tpm/tpm_emulator.c              |  95 +++----
>>>    hw/tpm/tpm_passthrough.c           | 114 +++------
>>>    hw/tpm/tpm_tis.c                   | 499
>>> +++++++++++++++++++------------------
>>>    hw/tpm/tpm_util.c                  |   1 +
>>>    tpm.c                              |  63 ++---
>>>    default-configs/i386-softmmu.mak   |   1 +
>>>    default-configs/x86_64-softmmu.mak |   1 +
>>>    hw/tpm/Makefile.objs               |   1 +
>>>    scripts/checkpatch.pl              |   1 -
>>>    19 files changed, 899 insertions(+), 655 deletions(-)
>>>    delete mode 100644 hw/tpm/tpm_tis.h
>>>    create mode 100644 hw/tpm/tpm_crb.c
>>>
>>
>
>

Re: [Qemu-devel] [PATCH 41/42] tpm-emulator: add a FIXME comment about blocking cancel

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   hw/tpm/tpm_emulator.c | 1 +
>   1 file changed, 1 insertion(+)
>
> diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> index 315819329b..091d7ea147 100644
> --- a/hw/tpm/tpm_emulator.c
> +++ b/hw/tpm/tpm_emulator.c
> @@ -328,6 +328,7 @@ static void tpm_emulator_cancel_cmd(TPMBackend *tb)
>           return;
>       }
>   
> +    /* FIXME: make the function non-blocking, or it may block a VCPU */
>       if (tpm_emulator_ctrlcmd(&tpm_emu->ctrl_chr, CMD_CANCEL_TPM_CMD, &res, 0,
>                                sizeof(res)) < 0) {
>           error_report("tpm-emulator: Could not cancel command: %s",

Re: [Qemu-devel] [PATCH 40/42] acpi: change TPM TIS data conditions

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> The device should be exposed if present. It shouldn't have an
> undefined version (or else backend init failed, and device should fail
> too). Finally, make the fields specific to TIS device model.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>


> ---
>   include/sysemu/tpm.h |  3 +++
>   hw/i386/acpi-build.c | 12 ++++++++----
>   2 files changed, 11 insertions(+), 4 deletions(-)
>
> diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h
> index 9439330cf1..8223ec621c 100644
> --- a/include/sysemu/tpm.h
> +++ b/include/sysemu/tpm.h
> @@ -47,6 +47,9 @@ void tpm_cleanup(void);
>   
>   #define TYPE_TPM_TIS                "tpm-tis"
>   
> +#define TPM_IS_TIS(chr)                             \
> +    object_dynamic_cast(OBJECT(chr), TYPE_TPM_TIS)
> +
>   static inline TPMIf *tpm_find(void)
>   {
>       Object *obj = object_resolve_path_type("", TYPE_TPM_IF, NULL);
> diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> index 40371b6f75..ee38b00e31 100644
> --- a/hw/i386/acpi-build.c
> +++ b/hw/i386/acpi-build.c
> @@ -2038,7 +2038,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
>           }
>       }
>   
> -    if (misc->tpm_version != TPM_VERSION_UNSPEC) {
> +    if (TPM_IS_TIS(tpm_find())) {
>           aml_append(crs, aml_memory32_fixed(TPM_TIS_ADDR_BASE,
>                      TPM_TIS_ADDR_SIZE, AML_READ_WRITE));
>       }
> @@ -2204,7 +2204,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
>               /* Scan all PCI buses. Generate tables to support hotplug. */
>               build_append_pci_bus_devices(scope, bus, pm->pcihp_bridge_en);
>   
> -            if (misc->tpm_version != TPM_VERSION_UNSPEC) {
> +            if (TPM_IS_TIS(tpm_find())) {
>                   dev = aml_device("ISA.TPM");
>                   aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0C31")));
>                   aml_append(dev, aml_name_decl("_STA", aml_int(0xF)));
> @@ -2281,8 +2281,12 @@ build_tpm2(GArray *table_data, BIOSLinker *linker)
>       tpm2_ptr = acpi_data_push(table_data, sizeof *tpm2_ptr);
>   
>       tpm2_ptr->platform_class = cpu_to_le16(TPM2_ACPI_CLASS_CLIENT);
> -    tpm2_ptr->control_area_address = cpu_to_le64(0);
> -    tpm2_ptr->start_method = cpu_to_le32(TPM2_START_METHOD_MMIO);
> +    if (TPM_IS_TIS(tpm_find())) {
> +        tpm2_ptr->control_area_address = cpu_to_le64(0);
> +        tpm2_ptr->start_method = cpu_to_le32(TPM2_START_METHOD_MMIO);
> +    } else {
> +        g_warn_if_reached();
> +    }
>   
>       build_header(linker, table_data,
>                    (void *)tpm2_ptr, "TPM2", sizeof(*tpm2_ptr), 4, NULL, NULL);

Re: [Qemu-devel] [PATCH 39/42] tpm: add tpm_cmd_get_size() to tpm_util

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> The function is generally useful and used in the following patches.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>


> ---
>   hw/tpm/tpm_util.h | 8 +++++++-
>   hw/tpm/tpm_tis.c  | 3 ++-
>   2 files changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/hw/tpm/tpm_util.h b/hw/tpm/tpm_util.h
> index 2f7c96146d..aca10c97bf 100644
> --- a/hw/tpm/tpm_util.h
> +++ b/hw/tpm/tpm_util.h
> @@ -22,7 +22,8 @@
>   #ifndef TPM_TPM_UTIL_H
>   #define TPM_TPM_UTIL_H
>   
> -#include "sysemu/tpm_backend.h"
> +#include "sysemu/tpm.h"
> +#include "qemu/bswap.h"
>   
>   void tpm_util_write_fatal_error_response(uint8_t *out, uint32_t out_len);
>   
> @@ -30,4 +31,9 @@ bool tpm_util_is_selftest(const uint8_t *in, uint32_t in_len);
>   
>   int tpm_util_test_tpmdev(int tpm_fd, TPMVersion *tpm_version);
>   
> +static inline uint32_t tpm_cmd_get_size(const void *b)
> +{
> +    return be32_to_cpu(*(const uint32_t *)(b + 2));
> +}
> +
>   #endif /* TPM_TPM_UTIL_H */
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index 6aac9bfe6b..d0e1aac247 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -30,6 +30,7 @@
>   #include "hw/pci/pci_ids.h"
>   #include "sysemu/tpm_backend.h"
>   #include "tpm_int.h"
> +#include "tpm_util.h"
>   
>   #define TPM_TIS_NUM_LOCALITIES      5     /* per spec */
>   #define TPM_TIS_LOCALITY_SHIFT      12
> @@ -216,7 +217,7 @@ static uint8_t tpm_tis_locality_from_addr(hwaddr addr)
>   
>   static uint32_t tpm_tis_get_size_from_buffer(const TPMSizedBuffer *sb)
>   {
> -    return be32_to_cpu(*(uint32_t *)&sb->buffer[2]);
> +    return tpm_cmd_get_size(sb->buffer);
>   }
>   
>   static void tpm_tis_show_buffer(const TPMSizedBuffer *sb, const char *string)

Re: [Qemu-devel] [PATCH 42/42] WIP: add TPM CRB device

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> +
> +static void tpm_crb_realizefn(DeviceState *dev, Error **errp)
> +{
> +    CRBState *s = CRB(dev);
> +    SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
> +
> +    if (!tpm_find()) {
> +        error_setg(errp, "at most one TPM device is permitted");


Shouldn't that be the case if tpm_find() != NULL ?

Re: [Qemu-devel] [PATCH 21/42] tpm: move recv_data_callback to TPM interface

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> Simplify the TPM backend setup, move callback to TPM interface.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   hw/tpm/tpm_int.h             |  3 +++
>   include/sysemu/tpm_backend.h |  6 +-----
>   backends/tpm.c               |  4 +---
>   hw/tpm/tpm_emulator.c        |  3 ++-
>   hw/tpm/tpm_passthrough.c     |  3 ++-
>   hw/tpm/tpm_tis.c             | 11 ++++++-----
>   6 files changed, 15 insertions(+), 15 deletions(-)
>
> diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
> index eb02e7760c..9c045b6691 100644
> --- a/hw/tpm/tpm_int.h
> +++ b/hw/tpm/tpm_int.h
> @@ -29,6 +29,9 @@ typedef struct TPMIf {
>
>   typedef struct TPMIfClass {
>       InterfaceClass parent_class;
> +
> +    /* run in thread pool by backend */
> +    void (*request_completed)(TPMIf *obj);
>   } TPMIfClass;
>
>   #define TPM_STANDARD_CMDLINE_OPTS               \
> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
> index 3bb90be3de..03ea5a3400 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -30,8 +30,6 @@
>   typedef struct TPMBackendClass TPMBackendClass;
>   typedef struct TPMBackend TPMBackend;
>
> -typedef void (TPMRecvDataCB)(TPMState *);
> -
>   typedef struct TPMBackendCmd {
>       uint8_t locty;
>       const uint8_t *in;
> @@ -48,7 +46,6 @@ struct TPMBackend {
>       bool opened;
>       TPMState *tpm_state;
>       GThreadPool *thread_pool;
> -    TPMRecvDataCB *recv_data_callback;
>       bool had_startup_error;
>
>       /* <public> */
> @@ -106,8 +103,7 @@ enum TpmType tpm_backend_get_type(TPMBackend *s);
>    *
>    * Returns 0 on success.
>    */
> -int tpm_backend_init(TPMBackend *s, TPMState *state,
> -                     TPMRecvDataCB *datacb);
> +int tpm_backend_init(TPMBackend *s, TPMState *state);
>
>   /**
>    * tpm_backend_startup_tpm:
> diff --git a/backends/tpm.c b/backends/tpm.c
> index 87c5c09179..5763f6f369 100644
> --- a/backends/tpm.c
> +++ b/backends/tpm.c
> @@ -44,11 +44,9 @@ enum TpmType tpm_backend_get_type(TPMBackend *s)
>       return k->type;
>   }
>
> -int tpm_backend_init(TPMBackend *s, TPMState *state,
> -                     TPMRecvDataCB *datacb)
> +int tpm_backend_init(TPMBackend *s, TPMState *state)
>   {
>       s->tpm_state = state;
> -    s->recv_data_callback = datacb;
>       s->had_startup_error = false;
>
>       return 0;
> diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> index 407ac97651..f04f4e0830 100644
> --- a/hw/tpm/tpm_emulator.c
> +++ b/hw/tpm/tpm_emulator.c
> @@ -176,6 +176,7 @@ static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number,
>   static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
>   {
>       TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
> +    TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpm_state);
>       Error *err = NULL;
>
>       DPRINTF("processing TPM command");
> @@ -190,7 +191,7 @@ static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
>           goto error;
>       }
>
> -    tb->recv_data_callback(tb->tpm_state);
> +    tic->request_completed(TPM_IF(tb->tpm_state));
>       return;
>
>   error:
> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> index 4274164a61..c440aff4b2 100644
> --- a/hw/tpm/tpm_passthrough.c
> +++ b/hw/tpm/tpm_passthrough.c
> @@ -139,13 +139,14 @@ err_exit:
>   static void tpm_passthrough_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
>   {
>       TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
> +    TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpm_state);
>
>       DPRINTF("tpm_passthrough: processing command %p\n", cmd);
>
>       tpm_passthrough_unix_tx_bufs(tpm_pt, cmd->in, cmd->in_len,
>                                    cmd->out, cmd->out_len, &cmd->selftest_done);
>
> -    tb->recv_data_callback(tb->tpm_state);
> +    tic->request_completed(TPM_IF(tb->tpm_state));
>   }
>
>   static void tpm_passthrough_reset(TPMBackend *tb)
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index dbb50043ac..8c5cac5fa5 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -430,11 +430,10 @@ static void tpm_tis_receive_bh(void *opaque)
>                         TPM_TIS_INT_DATA_AVAILABLE | TPM_TIS_INT_STS_VALID);
>   }
>
> -/*
> - * Callback from the TPM to indicate that the response was received.
> - */
> -static void tpm_tis_receive_cb(TPMState *s)
> +static void tpm_tis_request_completed(TPMIf *ti)
>   {
> +    TPMState *s = TPM(ti);
> +
>       bool is_selftest_done = s->cmd.selftest_done;
>       uint8_t locty = s->cmd.locty;
>       uint8_t l;
> @@ -1078,7 +1077,7 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp)
>
>       s->be_driver->fe_model = TPM_MODEL_TPM_TIS;
>
> -    if (tpm_backend_init(s->be_driver, s, tpm_tis_receive_cb)) {
> +    if (tpm_backend_init(s->be_driver, s)) {
>           error_setg(errp, "tpm_tis: backend driver with id %s could not be "
>                      "initialized", s->backend);
>           return;
> @@ -1110,11 +1109,13 @@ static void tpm_tis_initfn(Object *obj)
>   static void tpm_tis_class_init(ObjectClass *klass, void *data)
>   {
>       DeviceClass *dc = DEVICE_CLASS(klass);
> +    TPMIfClass *tc = TPM_IF_CLASS(klass);
>
>       dc->realize = tpm_tis_realizefn;
>       dc->props = tpm_tis_properties;
>       dc->reset = tpm_tis_reset;
>       dc->vmsd  = &vmstate_tpm_tis;
> +    tc->request_completed = tpm_tis_request_completed;
>   }
>
>   static const TypeInfo tpm_tis_info = {

Re: [Qemu-devel] [PATCH 23/42] tpm-tis: no longer expose TPMState

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> Now that there is an interface instead.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   include/sysemu/tpm.h | 2 --
>   hw/tpm/tpm_tis.c     | 4 ++--
>   2 files changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h
> index c8afa179e5..62b073beeb 100644
> --- a/include/sysemu/tpm.h
> +++ b/include/sysemu/tpm.h
> @@ -14,8 +14,6 @@
>
>   #include "qemu/option.h"
>
> -typedef struct TPMState TPMState;
> -
>   int tpm_config_parse(QemuOptsList *opts_list, const char *optarg);
>   int tpm_init(void);
>   void tpm_cleanup(void);
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index c24be57136..b3757bfbda 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -72,7 +72,7 @@ typedef struct TPMLocality {
>       TPMSizedBuffer r_buffer;
>   } TPMLocality;
>
> -struct TPMState {
> +typedef struct TPMState {
>       ISADevice busdev;
>       MemoryRegion mmio;
>
> @@ -95,7 +95,7 @@ struct TPMState {
>       char *backend;
>       TPMBackend *be_driver;
>       TPMVersion be_tpm_version;
> -};
> +} TPMState;
>
>   #define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS)
>

Re: [Qemu-devel] [PATCH 42/42] WIP: add TPM CRB device

[Eduardo Habkost]

On Tue, Oct 10, 2017 at 02:28:19PM -0400, Stefan Berger wrote:
> On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> > +
> > +static void tpm_crb_realizefn(DeviceState *dev, Error **errp)
> > +{
> > +    CRBState *s = CRB(dev);
> > +    SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
> > +
> > +    if (!tpm_find()) {
> > +        error_setg(errp, "at most one TPM device is permitted");
> 
> 
> Shouldn't that be the case if tpm_find() != NULL ?

It's tricky: due to the way it's implemented (using
object_resolve_path_type()) tpm_find() will be able to find @dev
itself, because it is already attached to the device tree, but it
will return NULL if there are multiple TPM devices.

You can see the same pattern being used at
find_vmgenid_dev()/vmgenid_realize() and
fw_cfg_find()/fw_cfg_common_realize().  The difference is that
find_vmgenid_dev() and fw_cfg_find() are explicitly documented
with a "returns NULL unless there is exactly one device" comment,
while tpm_find() is not.

-- 
Eduardo

Re: [Qemu-devel] [PATCH 25/42] tpm-be: report error instead of front-end

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> Backend can give more accurate error description, and lift out the job
> from the frontend.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   include/sysemu/tpm_backend.h | 3 ++-
>   backends/tpm.c               | 3 ++-
>   hw/tpm/tpm_tis.c             | 4 +---
>   3 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
> index dd4fb288ea..51dfc0de9c 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -100,12 +100,13 @@ enum TpmType tpm_backend_get_type(TPMBackend *s);
>    * @s: the backend to initialized
>    * @tpmif: TPM interface
>    * @datacb: callback for sending data to frontend
> + * @errp: a pointer to return the #Error object if an error occurs.
>    *
>    * Initialize the backend with the given variables.
>    *
>    * Returns 0 on success.
>    */
> -int tpm_backend_init(TPMBackend *s, TPMIf *tpmif);
> +int tpm_backend_init(TPMBackend *s, TPMIf *tpmif, Error **errp);
>
>   /**
>    * tpm_backend_startup_tpm:
> diff --git a/backends/tpm.c b/backends/tpm.c
> index 58f823d54c..7b108bd5d8 100644
> --- a/backends/tpm.c
> +++ b/backends/tpm.c
> @@ -54,9 +54,10 @@ enum TpmType tpm_backend_get_type(TPMBackend *s)
>       return k->type;
>   }
>
> -int tpm_backend_init(TPMBackend *s, TPMIf *tpmif)
> +int tpm_backend_init(TPMBackend *s, TPMIf *tpmif, Error **errp)
>   {
>       if (s->tpmif) {
> +        error_setg(errp, "TPM backend '%s' is already initialized", s->id);
>           return -1;
>       }
>
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index 355427ab29..2fbc760730 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -1069,9 +1069,7 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp)
>
>       s->be_driver->fe_model = TPM_MODEL_TPM_TIS;
>
> -    if (tpm_backend_init(s->be_driver, TPM_IF(s))) {
> -        error_setg(errp, "tpm_tis: backend driver with id %s could not be "
> -                   "initialized", s->backend);
> +    if (tpm_backend_init(s->be_driver, TPM_IF(s), errp)) {
>           return;
>       }
>

Re: [Qemu-devel] [PATCH 37/42] tpm: lookup the the TPM interface instead of TIS device

[Eduardo Habkost]

On Tue, Oct 10, 2017 at 12:56:18AM +0200, Marc-André Lureau wrote:
[...]
> -static inline TPMVersion tpm_get_version(void)
> +static inline TPMIf *tpm_find(void)
>  {
> -#ifdef CONFIG_TPM
> -    Object *obj = object_resolve_path_type("", TYPE_TPM_TIS, NULL);
> +    Object *obj = object_resolve_path_type("", TYPE_TPM_IF, NULL);

Considering that tpm_crb_realizefn() will rely on tpm_find()
returning NULL if there are multiple TPM devices, I suggest
adding a "returns NULL unless there is exactly one TPM device"
comment, just like fw_cfg_find() and find_vmgenid_dev()

> +
> +    return TPM_IF(obj);
> +}
[...]

-- 
Eduardo

Re: [Qemu-devel] [PATCH 26/42] tpm-be: ask model to the TPM interface

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> No need to store the mode in the backend, or to let the frontend set
> it itself.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   hw/tpm/tpm_int.h             | 1 +
>   include/sysemu/tpm_backend.h | 1 -
>   backends/tpm.c               | 4 ++--
>   hw/tpm/tpm_tis.c             | 3 +--
>   tpm.c                        | 3 ++-
>   5 files changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
> index 9c49325f03..90e97b9170 100644
> --- a/hw/tpm/tpm_int.h
> +++ b/hw/tpm/tpm_int.h
> @@ -30,6 +30,7 @@ typedef struct TPMIf {
>   typedef struct TPMIfClass {
>       InterfaceClass parent_class;
>
> +    enum TpmModel model;
>       void (*request_completed)(TPMIf *obj);
>   } TPMIfClass;
>
> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
> index 51dfc0de9c..b12ae5b625 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -52,7 +52,6 @@ struct TPMBackend {
>
>       /* <public> */
>       char *id;
> -    enum TpmModel fe_model;
>
>       QLIST_ENTRY(TPMBackend) list;
>   };
> diff --git a/backends/tpm.c b/backends/tpm.c
> index 7b108bd5d8..0c48d18775 100644
> --- a/backends/tpm.c
> +++ b/backends/tpm.c
> @@ -148,9 +148,10 @@ TPMInfo *tpm_backend_query_tpm(TPMBackend *s)
>   {
>       TPMInfo *info = g_new0(TPMInfo, 1);
>       TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
> +    TPMIfClass *tic = TPM_IF_GET_CLASS(s->tpmif);
>
>       info->id = g_strdup(s->id);
> -    info->model = s->fe_model;
> +    info->model = tic->model;
>       if (k->get_tpm_options) {
>           info->options = k->get_tpm_options(s);
>       }
> @@ -204,7 +205,6 @@ static void tpm_backend_instance_init(Object *obj)
>                                tpm_backend_prop_get_opened,
>                                tpm_backend_prop_set_opened,
>                                NULL);
> -    s->fe_model = -1;
>       s->bh = qemu_bh_new(tpm_backend_request_completed_bh, s);
>   }
>
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index 2fbc760730..3c8d246ac8 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -1067,8 +1067,6 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp)
>           return;
>       }
>
> -    s->be_driver->fe_model = TPM_MODEL_TPM_TIS;
> -
>       if (tpm_backend_init(s->be_driver, TPM_IF(s), errp)) {
>           return;
>       }
> @@ -1103,6 +1101,7 @@ static void tpm_tis_class_init(ObjectClass *klass, void *data)
>       dc->props = tpm_tis_properties;
>       dc->reset = tpm_tis_reset;
>       dc->vmsd  = &vmstate_tpm_tis;
> +    tc->model = TPM_MODEL_TPM_TIS;
>       tc->request_completed = tpm_tis_request_completed;
>   }
>
> diff --git a/tpm.c b/tpm.c
> index 45520f555d..ce1543fcb4 100644
> --- a/tpm.c
> +++ b/tpm.c
> @@ -204,9 +204,10 @@ TPMInfoList *qmp_query_tpm(Error **errp)
>       TPMInfoList *info, *head = NULL, *cur_item = NULL;
>
>       QLIST_FOREACH(drv, &tpm_backends, list) {
> -        if (!tpm_models[drv->fe_model]) {
> +        if (!drv->tpmif) {
>               continue;
>           }
> +
>           info = g_new0(TPMInfoList, 1);
>           info->value = tpm_backend_query_tpm(drv);
>

Re: [Qemu-devel] [PATCH 28/42] tpm-passthrough: don't save guessed cancel_path in options

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> The value is later unneeded, and may leak if the free visitor doesn't
> consider it since has_cancel_path is false. And for consistency with
> "path" it shouldn't be returned in get_tpm_options().
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>


> ---
>   hw/tpm/tpm_passthrough.c | 4 +---
>   1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> index 8c002e4da6..048edb1a1a 100644
> --- a/hw/tpm/tpm_passthrough.c
> +++ b/hw/tpm/tpm_passthrough.c
> @@ -226,9 +226,7 @@ static int tpm_passthrough_open_sysfs_cancel(TPMPassthruState *tpm_pt)
>           if (snprintf(path, sizeof(path), "/sys/class/misc/%s/device/cancel",
>                        dev) < sizeof(path)) {
>               fd = qemu_open(path, O_WRONLY);
> -            if (fd >= 0) {
> -                tpm_pt->options->cancel_path = g_strdup(path);
> -            } else {
> +            if (fd < 0) {
>                   error_report("tpm_passthrough: Could not open TPM cancel "
>                                "path %s : %s", path, strerror(errno));
>               }

Re: [Qemu-devel] [PATCH 29/42] tpm-be: update optional function pointers

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> QEMU code doesn't generally have assert() for mandatory
> callbacks/function pointers, probably because the crash is pretty
> obvious. Document the methods instead of going into the code.
>
> Make get_tpm_options() mandatory to implement (since all
> backend implementation have it).
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   include/sysemu/tpm_backend.h | 5 ++++-
>   backends/tpm.c               | 9 +--------
>   2 files changed, 5 insertions(+), 9 deletions(-)
>
> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
> index a893e586ae..594bb50782 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -66,15 +66,18 @@ struct TPMBackendClass {
>
>       TPMBackend *(*create)(QemuOpts *opts, const char *id);
>
> -    /* start up the TPM on the backend */
> +    /* start up the TPM on the backend - optional */
>       int (*startup_tpm)(TPMBackend *t);
>
> +    /* optional */
>       void (*reset)(TPMBackend *t);
>
>       void (*cancel_cmd)(TPMBackend *t);
>
> +    /* optional */
>       bool (*get_tpm_established_flag)(TPMBackend *t);
>
> +    /* optional */
>       int (*reset_tpm_established_flag)(TPMBackend *t, uint8_t locty);
>
>       TPMVersion (*get_tpm_version)(TPMBackend *t);
> diff --git a/backends/tpm.c b/backends/tpm.c
> index 7e636fbc7a..7777467c44 100644
> --- a/backends/tpm.c
> +++ b/backends/tpm.c
> @@ -33,7 +33,6 @@ static void tpm_backend_worker_thread(gpointer data, gpointer user_data)
>       TPMBackend *s = TPM_BACKEND(user_data);
>       TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
>
> -    assert(k->handle_request != NULL);
>       k->handle_request(s, (TPMBackendCmd *)data);
>
>       qemu_bh_schedule(s->bh);
> @@ -114,8 +113,6 @@ void tpm_backend_cancel_cmd(TPMBackend *s)
>   {
>       TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
>
> -    assert(k->cancel_cmd);
> -
>       k->cancel_cmd(s);
>   }
>
> @@ -139,8 +136,6 @@ TPMVersion tpm_backend_get_tpm_version(TPMBackend *s)
>   {
>       TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
>
> -    assert(k->get_tpm_version);
> -
>       return k->get_tpm_version(s);
>   }
>
> @@ -152,9 +147,7 @@ TPMInfo *tpm_backend_query_tpm(TPMBackend *s)
>
>       info->id = g_strdup(s->id);
>       info->model = tic->model;
> -    if (k->get_tpm_options) {
> -        info->options = k->get_tpm_options(s);
> -    }
> +    info->options = k->get_tpm_options(s);
>
>       return info;
>   }

Re: [Qemu-devel] [PATCH 30/42] tpm-passthrough: pass TPMPassthruState to handle_device_opts

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> It doesn't need TPMBackend. Also reorder arguments for consistency.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   hw/tpm/tpm_passthrough.c | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> index 048edb1a1a..9326cbfdc9 100644
> --- a/hw/tpm/tpm_passthrough.c
> +++ b/hw/tpm/tpm_passthrough.c
> @@ -239,9 +239,9 @@ static int tpm_passthrough_open_sysfs_cancel(TPMPassthruState *tpm_pt)
>       return fd;
>   }
>
> -static int tpm_passthrough_handle_device_opts(QemuOpts *opts, TPMBackend *tb)
> +static int
> +tpm_passthrough_handle_device_opts(TPMPassthruState *tpm_pt, QemuOpts *opts)
>   {
> -    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
>       const char *value;
>
>       value = qemu_opt_get(opts, "cancel-path");
> @@ -292,7 +292,7 @@ static TPMBackend *tpm_passthrough_create(QemuOpts *opts, const char *id)
>
>       tb->id = g_strdup(id);
>
> -    if (tpm_passthrough_handle_device_opts(opts, tb)) {
> +    if (tpm_passthrough_handle_device_opts(tpm_pt, opts)) {
>           goto err_exit;
>       }
>

Re: [Qemu-devel] [PATCH 31/42] tpm-backend: move set 'id' to common code

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   include/sysemu/tpm_backend.h |  2 +-
>   hw/tpm/tpm_emulator.c        | 12 +++---------
>   hw/tpm/tpm_passthrough.c     |  9 +++------
>   tpm.c                        |  3 ++-
>   4 files changed, 9 insertions(+), 17 deletions(-)
>
> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
> index 594bb50782..881be97ee3 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -64,7 +64,7 @@ struct TPMBackendClass {
>       /* get a descriptive text of the backend to display to the user */
>       const char *desc;
>
> -    TPMBackend *(*create)(QemuOpts *opts, const char *id);
> +    TPMBackend *(*create)(QemuOpts *opts);
>
>       /* start up the TPM on the backend - optional */
>       int (*startup_tpm)(TPMBackend *t);
> diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> index 36454837b3..315819329b 100644
> --- a/hw/tpm/tpm_emulator.c
> +++ b/hw/tpm/tpm_emulator.c
> @@ -453,22 +453,16 @@ err:
>       return -1;
>   }
>
> -static TPMBackend *tpm_emulator_create(QemuOpts *opts, const char *id)
> +static TPMBackend *tpm_emulator_create(QemuOpts *opts)
>   {
>       TPMBackend *tb = TPM_BACKEND(object_new(TYPE_TPM_EMULATOR));
>
> -    tb->id = g_strdup(id);
> -
>       if (tpm_emulator_handle_device_opts(TPM_EMULATOR(tb), opts)) {
> -        goto err_exit;
> +        object_unref(OBJECT(tb));
> +        return NULL;
>       }
>
>       return tb;
> -
> -err_exit:
> -    object_unref(OBJECT(tb));
> -
> -    return NULL;
>   }
>
>   static TpmTypeOptions *tpm_emulator_get_tpm_options(TPMBackend *tb)
> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> index 9326cbfdc9..7371d50739 100644
> --- a/hw/tpm/tpm_passthrough.c
> +++ b/hw/tpm/tpm_passthrough.c
> @@ -284,13 +284,10 @@ tpm_passthrough_handle_device_opts(TPMPassthruState *tpm_pt, QemuOpts *opts)
>       return 1;
>   }
>
> -static TPMBackend *tpm_passthrough_create(QemuOpts *opts, const char *id)
> +static TPMBackend *tpm_passthrough_create(QemuOpts *opts)
>   {
>       Object *obj = object_new(TYPE_TPM_PASSTHROUGH);
> -    TPMBackend *tb = TPM_BACKEND(obj);
> -    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
> -
> -    tb->id = g_strdup(id);
> +    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(obj);
>
>       if (tpm_passthrough_handle_device_opts(tpm_pt, opts)) {
>           goto err_exit;
> @@ -301,7 +298,7 @@ static TPMBackend *tpm_passthrough_create(QemuOpts *opts, const char *id)
>           goto err_exit;
>       }
>
> -    return tb;
> +    return TPM_BACKEND(obj);
>
>   err_exit:
>       object_unref(obj);
> diff --git a/tpm.c b/tpm.c
> index a46ee5f144..37298f3f03 100644
> --- a/tpm.c
> +++ b/tpm.c
> @@ -129,11 +129,12 @@ static int tpm_init_tpmdev(void *dummy, QemuOpts *opts, Error **errp)
>           return 1;
>       }
>
> -    drv = be->create(opts, id);
> +    drv = be->create(opts);
>       if (!drv) {
>           return 1;
>       }
>
> +    drv->id = g_strdup(id);
>       QLIST_INSERT_HEAD(&tpm_backends, drv, list);
>
>       return 0;

Re: [Qemu-devel] [PATCH 33/42] tpm-passthrough: remove error cleanup from handle_device_opts

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> Clean-up is handled by the create() function.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
>   hw/tpm/tpm_passthrough.c | 15 ++-------------
>   1 file changed, 2 insertions(+), 13 deletions(-)
>
> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> index aa9167e3c6..0806cf86af 100644
> --- a/hw/tpm/tpm_passthrough.c
> +++ b/hw/tpm/tpm_passthrough.c
> @@ -261,27 +261,16 @@ tpm_passthrough_handle_device_opts(TPMPassthruState *tpm_pt, QemuOpts *opts)
>       if (tpm_pt->tpm_fd < 0) {
>           error_report("Cannot access TPM device using '%s': %s",
>                        tpm_pt->tpm_dev, strerror(errno));
> -        goto err_free_parameters;
> +        return -1;
>       }
>
>       if (tpm_util_test_tpmdev(tpm_pt->tpm_fd, &tpm_pt->tpm_version)) {
>           error_report("'%s' is not a TPM device.",
>                        tpm_pt->tpm_dev);
> -        goto err_close_tpmdev;
> +        return -1;
>       }

I would prefer the cleanup to happen in the functions where the state is 
created...

    Stefan

>
>       return 0;
> -
> - err_close_tpmdev:
> -    qemu_close(tpm_pt->tpm_fd);
> -    tpm_pt->tpm_fd = -1;
> -
> - err_free_parameters:
> -    qapi_free_TPMPassthroughOptions(tpm_pt->options);
> -    tpm_pt->options = NULL;
> -    tpm_pt->tpm_dev = NULL;
> -
> -    return 1;
>   }
>
>   static TPMBackend *tpm_passthrough_create(QemuOpts *opts)

Re: [Qemu-devel] [PATCH 34/42] tpm-passthrough: workaround a possible race

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> The TPM backend processing thread has common shared variable race
> issues. (they should not be so easy to reach since guest interaction
> with the device is slow compared to host emulation)
>
> An obvious one is setting op_cancelled from device thread after
> calling write(cancel_fd). The backend thread may return before the
> device thread has set the variable. Instead set it before
> cancellation. Even if the write() failed, the end result is command
> get possibly cancelled (even if cancellation came from external
> sources it doesn't matter much).
>
> It's worth to consider removing the backend processing thread for now.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>


> ---
>   hw/tpm/tpm_passthrough.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> index 0806cf86af..d71d64e8aa 100644
> --- a/hw/tpm/tpm_passthrough.c
> +++ b/hw/tpm/tpm_passthrough.c
> @@ -89,6 +89,7 @@ static int tpm_passthrough_unix_tx_bufs(TPMPassthruState *tpm_pt,
>       bool is_selftest;
>       const struct tpm_resp_hdr *hdr;
>
> +    /* FIXME: protect shared variables or use other sync mechanism */
>       tpm_pt->tpm_op_canceled = false;
>       tpm_pt->tpm_executing = true;
>       *selftest_done = false;
> @@ -178,12 +179,11 @@ static void tpm_passthrough_cancel_cmd(TPMBackend *tb)
>        */
>       if (tpm_pt->tpm_executing) {
>           if (tpm_pt->cancel_fd >= 0) {
> +            tpm_pt->tpm_op_canceled = true;
>               n = write(tpm_pt->cancel_fd, "-", 1);
>               if (n != 1) {
>                   error_report("Canceling TPM command failed: %s",
>                                strerror(errno));

Shouldn't we set it to false here ?


> -            } else {
> -                tpm_pt->tpm_op_canceled = true;
>               }
>           } else {
>               error_report("Cannot cancel TPM command due to missing "

Re: [Qemu-devel] [PATCH 35/42] tpm-tis: simplify header inclusion

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>


> ---
>   hw/tpm/tpm_tis.c | 13 ++++---------
>   1 file changed, 4 insertions(+), 9 deletions(-)
>
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index 3c8d246ac8..e7e8b112e8 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -24,17 +24,12 @@
>
>   #include "qemu/osdep.h"
>   #include "hw/isa/isa.h"
> -#include "sysemu/tpm_backend.h"
> -#include "tpm_int.h"
> -#include "sysemu/block-backend.h"
> -#include "exec/address-spaces.h"
> -#include "hw/hw.h"
> -#include "hw/i386/pc.h"
> -#include "hw/pci/pci_ids.h"
>   #include "qapi/error.h"
> -#include "qemu-common.h"
> -#include "qemu/main-loop.h"
> +
>   #include "hw/acpi/tpm.h"
> +#include "hw/pci/pci_ids.h"
> +#include "sysemu/tpm_backend.h"
> +#include "tpm_int.h"
>
>   #define TPM_TIS_NUM_LOCALITIES      5     /* per spec */
>   #define TPM_TIS_LOCALITY_SHIFT      12

Re: [Qemu-devel] [PATCH 36/42] tpm: rename qemu_find_tpm() -> qemu_find_tpm_be()

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> find_tpm() will be introduced to lookup the TPM device.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>


> ---
>   include/sysemu/tpm_backend.h | 2 +-
>   hw/tpm/tpm_tis.c             | 2 +-
>   tpm.c                        | 2 +-
>   3 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
> index 881be97ee3..d02067e631 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -193,7 +193,7 @@ TPMVersion tpm_backend_get_tpm_version(TPMBackend *s);
>    */
>   TPMInfo *tpm_backend_query_tpm(TPMBackend *s);
>
> -TPMBackend *qemu_find_tpm(const char *id);
> +TPMBackend *qemu_find_tpm_be(const char *id);
>
>   void tpm_register_model(enum TpmModel model);
>
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index e7e8b112e8..954b7b0e5d 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -1055,7 +1055,7 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp)
>   {
>       TPMState *s = TPM(dev);
>
> -    s->be_driver = qemu_find_tpm(s->backend);
> +    s->be_driver = qemu_find_tpm_be(s->backend);
>       if (!s->be_driver) {
>           error_setg(errp, "tpm_tis: backend driver with id %s could not be "
>                      "found", s->backend);
> diff --git a/tpm.c b/tpm.c
> index 37298f3f03..4d6c45a4f2 100644
> --- a/tpm.c
> +++ b/tpm.c
> @@ -71,7 +71,7 @@ static void tpm_display_backend_drivers(void)
>   /*
>    * Find the TPM with the given Id
>    */
> -TPMBackend *qemu_find_tpm(const char *id)
> +TPMBackend *qemu_find_tpm_be(const char *id)
>   {
>       TPMBackend *drv;
>

Re: [Qemu-devel] [PATCH 37/42] tpm: lookup the the TPM interface instead of TIS device

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> This will allow to introduce new devices implementing TPM.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
>   hw/tpm/tpm_int.h     | 19 -------------------
>   include/sysemu/tpm.h | 52 ++++++++++++++++++++++++++++++++++++++--------------
>   hw/i386/acpi-build.c |  2 +-
>   3 files changed, 39 insertions(+), 34 deletions(-)
>
> diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
> index 90e97b9170..86fadc16d3 100644
> --- a/hw/tpm/tpm_int.h
> +++ b/hw/tpm/tpm_int.h
> @@ -15,25 +15,6 @@
>   #include "qemu/osdep.h"
>   #include "qom/object.h"
>
> -#define TYPE_TPM_IF "tpm-if"
> -#define TPM_IF_CLASS(klass) \
> -    OBJECT_CLASS_CHECK(TPMIfClass, (klass), TYPE_TPM_IF)
> -#define TPM_IF_GET_CLASS(obj) \
> -    OBJECT_GET_CLASS(TPMIfClass, (obj), TYPE_TPM_IF)
> -#define TPM_IF(obj) \
> -    INTERFACE_CHECK(TPMIf, (obj), TYPE_TPM_IF)
> -
> -typedef struct TPMIf {
> -    Object parent_obj;
> -} TPMIf;
> -
> -typedef struct TPMIfClass {
> -    InterfaceClass parent_class;
> -
> -    enum TpmModel model;
> -    void (*request_completed)(TPMIf *obj);
> -} TPMIfClass;
> -
>   #define TPM_STANDARD_CMDLINE_OPTS               \
>       { \
>           .name = "type", \
> diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h
> index 62b073beeb..dbd2b0cc7a 100644
> --- a/include/sysemu/tpm.h
> +++ b/include/sysemu/tpm.h
> @@ -12,32 +12,56 @@
>   #ifndef QEMU_TPM_H
>   #define QEMU_TPM_H
>
> -#include "qemu/option.h"
> +#include "qom/object.h"
> +#include "qapi-types.h"
>
> -int tpm_config_parse(QemuOptsList *opts_list, const char *optarg);
> -int tpm_init(void);
> -void tpm_cleanup(void);
> -
> -typedef enum  TPMVersion {
> +typedef enum TPMVersion {
>       TPM_VERSION_UNSPEC = 0,
>       TPM_VERSION_1_2 = 1,
>       TPM_VERSION_2_0 = 2,
>   } TPMVersion;
>
> -TPMVersion tpm_tis_get_tpm_version(Object *obj);
> +#define TYPE_TPM_IF "tpm-if"
> +#define TPM_IF_CLASS(klass)                                 \
> +    OBJECT_CLASS_CHECK(TPMIfClass, (klass), TYPE_TPM_IF)
> +#define TPM_IF_GET_CLASS(obj)                           \
> +    OBJECT_GET_CLASS(TPMIfClass, (obj), TYPE_TPM_IF)
> +#define TPM_IF(obj)                             \
> +    INTERFACE_CHECK(TPMIf, (obj), TYPE_TPM_IF)
> +
> +typedef struct TPMIf {
> +    Object parent_obj;
> +} TPMIf;
> +
> +typedef struct TPMIfClass {
> +    InterfaceClass parent_class;
> +
> +    enum TpmModel model;
> +    void (*request_completed)(TPMIf *obj);
> +} TPMIfClass;
> +
> +int tpm_config_parse(QemuOptsList *opts_list, const char *optarg);
> +int tpm_init(void);
> +void tpm_cleanup(void);
>
>   #define TYPE_TPM_TIS                "tpm-tis"
>
> -static inline TPMVersion tpm_get_version(void)
> +static inline TPMIf *tpm_find(void)
>   {
> -#ifdef CONFIG_TPM
> -    Object *obj = object_resolve_path_type("", TYPE_TPM_TIS, NULL);
> +    Object *obj = object_resolve_path_type("", TYPE_TPM_IF, NULL);
> +
> +    return TPM_IF(obj);
> +}
>
> -    if (obj) {
> -        return tpm_tis_get_tpm_version(obj);
> +TPMVersion tpm_tis_get_tpm_version(Object *obj);
> +
> +static inline TPMVersion tpm_get_version(TPMIf *ti)
> +{
> +    if (!ti) {
> +        return TPM_VERSION_UNSPEC;
>       }
> -#endif
> -    return TPM_VERSION_UNSPEC;
> +
> +    return tpm_tis_get_tpm_version(OBJECT(ti));
>   }
>
>   #endif /* QEMU_TPM_H */
> diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> index 2af37a9129..40371b6f75 100644
> --- a/hw/i386/acpi-build.c
> +++ b/hw/i386/acpi-build.c
> @@ -208,7 +208,7 @@ static void acpi_get_misc_info(AcpiMiscInfo *info)
>       }
>
>       info->has_hpet = hpet_find();
> -    info->tpm_version = tpm_get_version();
> +    info->tpm_version = tpm_get_version(tpm_find());
>       info->pvpanic_port = pvpanic_port();
>       info->applesmc_io_base = applesmc_port();
>   }


Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

Re: [Qemu-devel] [PATCH 38/42] tpm: add TPM interface to lookup TPM version

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> Do not hardcode TPM device model to lookup version, use an interface
> instead.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
>   include/sysemu/tpm.h | 5 ++---
>   hw/tpm/tpm_tis.c     | 5 +++--
>   2 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h
> index dbd2b0cc7a..9439330cf1 100644
> --- a/include/sysemu/tpm.h
> +++ b/include/sysemu/tpm.h
> @@ -38,6 +38,7 @@ typedef struct TPMIfClass {
>
>       enum TpmModel model;
>       void (*request_completed)(TPMIf *obj);
> +    enum TPMVersion (*get_version)(TPMIf *obj);
>   } TPMIfClass;
>
>   int tpm_config_parse(QemuOptsList *opts_list, const char *optarg);
> @@ -53,15 +54,13 @@ static inline TPMIf *tpm_find(void)
>       return TPM_IF(obj);
>   }
>
> -TPMVersion tpm_tis_get_tpm_version(Object *obj);
> -
>   static inline TPMVersion tpm_get_version(TPMIf *ti)
>   {
>       if (!ti) {
>           return TPM_VERSION_UNSPEC;
>       }
>
> -    return tpm_tis_get_tpm_version(OBJECT(ti));
> +    return TPM_IF_GET_CLASS(ti)->get_version(ti);
>   }
>
>   #endif /* QEMU_TPM_H */
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index 954b7b0e5d..6aac9bfe6b 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -989,9 +989,9 @@ static void tpm_tis_realloc_buffer(TPMSizedBuffer *sb)
>   /*
>    * Get the TPMVersion of the backend device being used
>    */
> -TPMVersion tpm_tis_get_tpm_version(Object *obj)
> +static enum TPMVersion tpm_tis_get_tpm_version(TPMIf *ti)
>   {
> -    TPMState *s = TPM(obj);
> +    TPMState *s = TPM(ti);
>
>       return tpm_backend_get_tpm_version(s->be_driver);
>   }
> @@ -1097,6 +1097,7 @@ static void tpm_tis_class_init(ObjectClass *klass, void *data)
>       dc->reset = tpm_tis_reset;
>       dc->vmsd  = &vmstate_tpm_tis;
>       tc->model = TPM_MODEL_TPM_TIS;
> +    tc->get_version = tpm_tis_get_tpm_version;
>       tc->request_completed = tpm_tis_request_completed;
>   }
>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

Re: [Qemu-devel] [PATCH 37/42] tpm: lookup the the TPM interface instead of TIS device

[Stefan Berger]

On 10/10/2017 04:21 PM, Eduardo Habkost wrote:
> On Tue, Oct 10, 2017 at 12:56:18AM +0200, Marc-André Lureau wrote:
> [...]
>> -static inline TPMVersion tpm_get_version(void)
>> +static inline TPMIf *tpm_find(void)
>>   {
>> -#ifdef CONFIG_TPM
>> -    Object *obj = object_resolve_path_type("", TYPE_TPM_TIS, NULL);
>> +    Object *obj = object_resolve_path_type("", TYPE_TPM_IF, NULL);
> Considering that tpm_crb_realizefn() will rely on tpm_find()
> returning NULL if there are multiple TPM devices, I suggest
> adding a "returns NULL unless there is exactly one TPM device"
> comment, just like fw_cfg_find() and find_vmgenid_dev()

I wonder whether the function couldn't have a better name. 
tpm_find_single() ?

    Stefan

>
>> +
>> +    return TPM_IF(obj);
>> +}
> [...]
>

Re: [Qemu-devel] [PATCH 27/42] tpm: remove unused opened code

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
>   include/sysemu/tpm_backend.h | 12 ------------
>   backends/tpm.c               | 42 ------------------------------------------
>   tpm.c                        |  6 ------
>   3 files changed, 60 deletions(-)
>
> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
> index b12ae5b625..a893e586ae 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -81,8 +81,6 @@ struct TPMBackendClass {
>   
>       TpmTypeOptions *(*get_tpm_options)(TPMBackend *t);
>   
> -    void (*opened)(TPMBackend *s, Error **errp);
> -
>       void (*handle_request)(TPMBackend *s, TPMBackendCmd *cmd);
>   };
>   
> @@ -172,16 +170,6 @@ bool tpm_backend_get_tpm_established_flag(TPMBackend *s);
>    */
>   int tpm_backend_reset_tpm_established_flag(TPMBackend *s, uint8_t locty);
>   
> -/**
> - * tpm_backend_open:
> - * @s: the backend to open
> - * @errp: a pointer to return the #Error object if an error occurs.
> - *
> - * This function will open the backend if it is not already open.  Calling this
> - * function on an already opened backend will not result in an error.
> - */
> -void tpm_backend_open(TPMBackend *s, Error **errp);
> -
>   /**
>    * tpm_backend_get_tpm_version:
>    * @s: the backend to call into
> diff --git a/backends/tpm.c b/backends/tpm.c
> index 0c48d18775..7e636fbc7a 100644
> --- a/backends/tpm.c
> +++ b/backends/tpm.c
> @@ -159,52 +159,10 @@ TPMInfo *tpm_backend_query_tpm(TPMBackend *s)
>       return info;
>   }
>   
> -static bool tpm_backend_prop_get_opened(Object *obj, Error **errp)
> -{
> -    TPMBackend *s = TPM_BACKEND(obj);
> -
> -    return s->opened;
> -}
> -
> -void tpm_backend_open(TPMBackend *s, Error **errp)
> -{
> -    object_property_set_bool(OBJECT(s), true, "opened", errp);
> -}
> -
> -static void tpm_backend_prop_set_opened(Object *obj, bool value, Error **errp)
> -{
> -    TPMBackend *s = TPM_BACKEND(obj);
> -    TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
> -    Error *local_err = NULL;
> -
> -    if (value == s->opened) {
> -        return;
> -    }
> -
> -    if (!value && s->opened) {
> -        error_setg(errp, QERR_PERMISSION_DENIED);
> -        return;
> -    }
> -
> -    if (k->opened) {
> -        k->opened(s, &local_err);
> -        if (local_err) {
> -            error_propagate(errp, local_err);
> -            return;
> -        }
> -    }
> -
> -    s->opened = true;
> -}
> -
>   static void tpm_backend_instance_init(Object *obj)
>   {
>       TPMBackend *s = TPM_BACKEND(obj);
>   
> -    object_property_add_bool(obj, "opened",
> -                             tpm_backend_prop_get_opened,
> -                             tpm_backend_prop_set_opened,
> -                             NULL);
>       s->bh = qemu_bh_new(tpm_backend_request_completed_bh, s);
>   }
>   
> diff --git a/tpm.c b/tpm.c
> index ce1543fcb4..a46ee5f144 100644
> --- a/tpm.c
> +++ b/tpm.c
> @@ -134,12 +134,6 @@ static int tpm_init_tpmdev(void *dummy, QemuOpts *opts, Error **errp)
>           return 1;
>       }
>   
> -    tpm_backend_open(drv, &local_err);
> -    if (local_err) {
> -        error_report_err(local_err);
> -        return 1;
> -    }
> -
>       QLIST_INSERT_HEAD(&tpm_backends, drv, list);
>   
>       return 0;

Since nothing is setting the "opened' anymore, would anyone notice 
because this has changed or is something else doing that now? Otherwise 
I don't mind removing it...

      Stefan

Re: [Qemu-devel] [PATCH 33/42] tpm-passthrough: remove error cleanup from handle_device_opts

[Marc-André Lureau]

Hi

----- Original Message -----
> On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> > Clean-up is handled by the create() function.
> >
> > Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> > ---
> >   hw/tpm/tpm_passthrough.c | 15 ++-------------
> >   1 file changed, 2 insertions(+), 13 deletions(-)
> >
> > diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> > index aa9167e3c6..0806cf86af 100644
> > --- a/hw/tpm/tpm_passthrough.c
> > +++ b/hw/tpm/tpm_passthrough.c
> > @@ -261,27 +261,16 @@ tpm_passthrough_handle_device_opts(TPMPassthruState
> > *tpm_pt, QemuOpts *opts)
> >       if (tpm_pt->tpm_fd < 0) {
> >           error_report("Cannot access TPM device using '%s': %s",
> >                        tpm_pt->tpm_dev, strerror(errno));
> > -        goto err_free_parameters;
> > +        return -1;
> >       }
> >
> >       if (tpm_util_test_tpmdev(tpm_pt->tpm_fd, &tpm_pt->tpm_version)) {
> >           error_report("'%s' is not a TPM device.",
> >                        tpm_pt->tpm_dev);
> > -        goto err_close_tpmdev;
> > +        return -1;
> >       }
> 
> I would prefer the cleanup to happen in the functions where the state is
> created...

This is the role for a destructor, no need to worry about local object change cleanup.

I can drop the patch if you feel strongly about it, but I think it's a nice code simplification.

Re: [Qemu-devel] [PATCH 27/42] tpm: remove unused opened code

[Marc-André Lureau]

Hi

----- Original Message -----
> On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> > Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> > ---
> >   include/sysemu/tpm_backend.h | 12 ------------
> >   backends/tpm.c               | 42
> >   ------------------------------------------
> >   tpm.c                        |  6 ------
> >   3 files changed, 60 deletions(-)
> >
> > diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
> > index b12ae5b625..a893e586ae 100644
> > --- a/include/sysemu/tpm_backend.h
> > +++ b/include/sysemu/tpm_backend.h
> > @@ -81,8 +81,6 @@ struct TPMBackendClass {
> >   
> >       TpmTypeOptions *(*get_tpm_options)(TPMBackend *t);
> >   
> > -    void (*opened)(TPMBackend *s, Error **errp);
> > -
> >       void (*handle_request)(TPMBackend *s, TPMBackendCmd *cmd);
> >   };
> >   
> > @@ -172,16 +170,6 @@ bool tpm_backend_get_tpm_established_flag(TPMBackend
> > *s);
> >    */
> >   int tpm_backend_reset_tpm_established_flag(TPMBackend *s, uint8_t locty);
> >   
> > -/**
> > - * tpm_backend_open:
> > - * @s: the backend to open
> > - * @errp: a pointer to return the #Error object if an error occurs.
> > - *
> > - * This function will open the backend if it is not already open.  Calling
> > this
> > - * function on an already opened backend will not result in an error.
> > - */
> > -void tpm_backend_open(TPMBackend *s, Error **errp);
> > -
> >   /**
> >    * tpm_backend_get_tpm_version:
> >    * @s: the backend to call into
> > diff --git a/backends/tpm.c b/backends/tpm.c
> > index 0c48d18775..7e636fbc7a 100644
> > --- a/backends/tpm.c
> > +++ b/backends/tpm.c
> > @@ -159,52 +159,10 @@ TPMInfo *tpm_backend_query_tpm(TPMBackend *s)
> >       return info;
> >   }
> >   
> > -static bool tpm_backend_prop_get_opened(Object *obj, Error **errp)
> > -{
> > -    TPMBackend *s = TPM_BACKEND(obj);
> > -
> > -    return s->opened;
> > -}
> > -
> > -void tpm_backend_open(TPMBackend *s, Error **errp)
> > -{
> > -    object_property_set_bool(OBJECT(s), true, "opened", errp);
> > -}
> > -
> > -static void tpm_backend_prop_set_opened(Object *obj, bool value, Error
> > **errp)
> > -{
> > -    TPMBackend *s = TPM_BACKEND(obj);
> > -    TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
> > -    Error *local_err = NULL;
> > -
> > -    if (value == s->opened) {
> > -        return;
> > -    }
> > -
> > -    if (!value && s->opened) {
> > -        error_setg(errp, QERR_PERMISSION_DENIED);
> > -        return;
> > -    }
> > -
> > -    if (k->opened) {
> > -        k->opened(s, &local_err);
> > -        if (local_err) {
> > -            error_propagate(errp, local_err);
> > -            return;
> > -        }
> > -    }
> > -
> > -    s->opened = true;
> > -}
> > -
> >   static void tpm_backend_instance_init(Object *obj)
> >   {
> >       TPMBackend *s = TPM_BACKEND(obj);
> >   
> > -    object_property_add_bool(obj, "opened",
> > -                             tpm_backend_prop_get_opened,
> > -                             tpm_backend_prop_set_opened,
> > -                             NULL);
> >       s->bh = qemu_bh_new(tpm_backend_request_completed_bh, s);
> >   }
> >   
> > diff --git a/tpm.c b/tpm.c
> > index ce1543fcb4..a46ee5f144 100644
> > --- a/tpm.c
> > +++ b/tpm.c
> > @@ -134,12 +134,6 @@ static int tpm_init_tpmdev(void *dummy, QemuOpts
> > *opts, Error **errp)
> >           return 1;
> >       }
> >   
> > -    tpm_backend_open(drv, &local_err);
> > -    if (local_err) {
> > -        error_report_err(local_err);
> > -        return 1;
> > -    }
> > -
> >       QLIST_INSERT_HEAD(&tpm_backends, drv, list);
> >   
> >       return 0;
> 
> Since nothing is setting the "opened' anymore, would anyone notice
> because this has changed or is something else doing that now? Otherwise
> I don't mind removing it...

Was it ever used? I see the property was added in commit 8f0605cc9caacbcc647a6df9ae541ed2da4b9bb0.

Code adapted from rng backend. But rng backend set "opened" on UserCreatableClass.complete() (TPM backend doesn't, but probably could - I have an experimental patch for that)

I think we can remove it that code safely.

Re: [Qemu-devel] [PATCH 37/42] tpm: lookup the the TPM interface instead of TIS device

[Marc-André Lureau]

Hi

----- Original Message -----
> On 10/10/2017 04:21 PM, Eduardo Habkost wrote:
> > On Tue, Oct 10, 2017 at 12:56:18AM +0200, Marc-André Lureau wrote:
> > [...]
> >> -static inline TPMVersion tpm_get_version(void)
> >> +static inline TPMIf *tpm_find(void)
> >>   {
> >> -#ifdef CONFIG_TPM
> >> -    Object *obj = object_resolve_path_type("", TYPE_TPM_TIS, NULL);
> >> +    Object *obj = object_resolve_path_type("", TYPE_TPM_IF, NULL);
> > Considering that tpm_crb_realizefn() will rely on tpm_find()
> > returning NULL if there are multiple TPM devices, I suggest
> > adding a "returns NULL unless there is exactly one TPM device"
> > comment, just like fw_cfg_find() and find_vmgenid_dev()
> 
> I wonder whether the function couldn't have a better name.
> tpm_find_single() ?
> 

As Eduardo said, there is precedence in QEMU codebase (fw_cfg_find() and find_vmgenid_dev())

I don't think foo_find() is a bad name - it returns NULL if there are multiple foo, which makes sense imho. I'll add the missing comment though.

Re: [Qemu-devel] [PATCH 14/42] tpm: add TPMBackendCmd to hold the request state

[Stefan Berger]

On 10/10/2017 12:16 PM, Marc-André Lureau wrote:
> Hi
>
> ----- Original Message -----
>> On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
>>> This simplifies a bit locality handling, and argument passing, and
>>> could pave the way to queuing requests (if that makes sense).
>> We won't queue requests. The TPM interfaces all send one request and
>> expect the driver to wait until the response comes back.
> Even on different localities? (I am not familiar enough with that part)

Yes, I believe so.

>
>>> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
>> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
>>
>>> ---
>>>    hw/tpm/tpm_int.h             |  1 +
>>>    include/sysemu/tpm_backend.h | 16 +++++++++++++---
>>>    backends/tpm.c               |  6 +++---
>>>    hw/tpm/tpm_emulator.c        | 29 +++++++++++++++--------------
>>>    hw/tpm/tpm_passthrough.c     | 24 +++++-------------------
>>>    hw/tpm/tpm_tis.c             | 18 +++++++++++++-----
>>>    6 files changed, 50 insertions(+), 44 deletions(-)
>>>
>>> diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
>>> index f2f285b3cc..6d7b3dc850 100644
>>> --- a/hw/tpm/tpm_int.h
>>> +++ b/hw/tpm/tpm_int.h
>>> @@ -26,6 +26,7 @@ struct TPMState {
>>>    
>>>        uint8_t     locty_number;
>>>        TPMLocality *locty_data;
>>> +    TPMBackendCmd cmd;
>>>    
>>>        char *backend;
>>>        TPMBackend *be_driver;
>>> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
>>> index 9c83a512e1..3bb90be3de 100644
>>> --- a/include/sysemu/tpm_backend.h
>>> +++ b/include/sysemu/tpm_backend.h
>>> @@ -30,7 +30,16 @@
>>>    typedef struct TPMBackendClass TPMBackendClass;
>>>    typedef struct TPMBackend TPMBackend;
>>>    
>>> -typedef void (TPMRecvDataCB)(TPMState *, bool selftest_done);
>>> +typedef void (TPMRecvDataCB)(TPMState *);
>>> +
>>> +typedef struct TPMBackendCmd {
>>> +    uint8_t locty;
>>> +    const uint8_t *in;
>>> +    uint32_t in_len;
>>> +    uint8_t *out;
>>> +    uint32_t out_len;
>>> +    bool selftest_done;
>>> +} TPMBackendCmd;
>>>    
>>>    struct TPMBackend {
>>>        Object parent;
>>> @@ -76,7 +85,7 @@ struct TPMBackendClass {
>>>    
>>>        void (*opened)(TPMBackend *s, Error **errp);
>>>    
>>> -    void (*handle_request)(TPMBackend *s);
>>> +    void (*handle_request)(TPMBackend *s, TPMBackendCmd *cmd);
>>>    };
>>>    
>>>    /**
>>> @@ -121,11 +130,12 @@ bool tpm_backend_had_startup_error(TPMBackend *s);
>>>    /**
>>>     * tpm_backend_deliver_request:
>>>     * @s: the backend to send the request to
>>> + * @cmd: the command to deliver
>>>     *
>>>     * Send a request to the backend. The backend will then send the request
>>>     * to the TPM implementation.
>>>     */
>>> -void tpm_backend_deliver_request(TPMBackend *s);
>>> +void tpm_backend_deliver_request(TPMBackend *s, TPMBackendCmd *cmd);
>>>    
>>>    /**
>>>     * tpm_backend_reset:
>>> diff --git a/backends/tpm.c b/backends/tpm.c
>>> index 34e82085ec..dc7c831ff8 100644
>>> --- a/backends/tpm.c
>>> +++ b/backends/tpm.c
>>> @@ -25,7 +25,7 @@ static void tpm_backend_worker_thread(gpointer data,
>>> gpointer user_data)
>>>        TPMBackendClass *k  = TPM_BACKEND_GET_CLASS(s);
>>>    
>>>        assert(k->handle_request != NULL);
>>> -    k->handle_request(s);
>>> +    k->handle_request(s, (TPMBackendCmd *)data);
>>>    }
>>>    
>>>    static void tpm_backend_thread_end(TPMBackend *s)
>>> @@ -76,9 +76,9 @@ bool tpm_backend_had_startup_error(TPMBackend *s)
>>>        return s->had_startup_error;
>>>    }
>>>    
>>> -void tpm_backend_deliver_request(TPMBackend *s)
>>> +void tpm_backend_deliver_request(TPMBackend *s, TPMBackendCmd *cmd)
>>>    {
>>> -    g_thread_pool_push(s->thread_pool, NULL, NULL);
>>> +    g_thread_pool_push(s->thread_pool, cmd, NULL);
>>>    }
>>>    
>>>    void tpm_backend_reset(TPMBackend *s)
>>> diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
>>> index 4fe405353a..788ab9876d 100644
>>> --- a/hw/tpm/tpm_emulator.c
>>> +++ b/hw/tpm/tpm_emulator.c
>>> @@ -172,28 +172,29 @@ static int tpm_emulator_set_locality(TPMEmulator
>>> *tpm_emu, uint8_t locty_number)
>>>        return 0;
>>>    }
>>>    
>>> -static void tpm_emulator_handle_request(TPMBackend *tb)
>>> +static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd
>>> *cmd)
>>>    {
>>>        TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
>>> -    TPMLocality *locty = NULL;
>>> -    bool selftest_done = false;
>>>        Error *err = NULL;
>>>    
>>>        DPRINTF("processing TPM command");
>>>    
>>> -    locty = tb->tpm_state->locty_data;
>>> -    if (tpm_emulator_set_locality(tpm_emu,
>>> -                                  tb->tpm_state->locty_number) < 0 ||
>>> -        tpm_emulator_unix_tx_bufs(tpm_emu, locty->w_buffer.buffer,
>>> -                                  locty->w_offset, locty->r_buffer.buffer,
>>> -                                  locty->r_buffer.size, &selftest_done,
>>> -                                  &err) < 0) {
>>> -        tpm_util_write_fatal_error_response(locty->r_buffer.buffer,
>>> -                                            locty->r_buffer.size);
>>> -        error_report_err(err);
>>> +    if (tpm_emulator_set_locality(tpm_emu, tb->tpm_state->locty_number) <
>>> 0) {
>>> +        goto error;
>>> +    }
>>> +
>>> +    if (tpm_emulator_unix_tx_bufs(tpm_emu, cmd->in, cmd->in_len,
>>> +                                  cmd->out, cmd->out_len,
>>> +                                  &cmd->selftest_done, &err) < 0) {
>>> +        goto error;
>>>        }
>>>    
>>> -    tb->recv_data_callback(tb->tpm_state, selftest_done);
>>> +    tb->recv_data_callback(tb->tpm_state);
>>> +    return;
>>> +
>>> +error:
>>> +    tpm_util_write_fatal_error_response(cmd->out, cmd->out_len);
>>> +    error_report_err(err);
>>>    }
>>>    
>>>    static int tpm_emulator_probe_caps(TPMEmulator *tpm_emu)
>>> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
>>> index 0ae4596932..93d72b8e9e 100644
>>> --- a/hw/tpm/tpm_passthrough.c
>>> +++ b/hw/tpm/tpm_passthrough.c
>>> @@ -137,30 +137,16 @@ err_exit:
>>>        return ret;
>>>    }
>>>    
>>> -static int tpm_passthrough_unix_transfer(TPMPassthruState *tpm_pt,
>>> -                                         const TPMLocality *locty_data,
>>> -                                         bool *selftest_done)
>>> -{
>>> -    return tpm_passthrough_unix_tx_bufs(tpm_pt,
>>> -                                        locty_data->w_buffer.buffer,
>>> -                                        locty_data->w_offset,
>>> -                                        locty_data->r_buffer.buffer,
>>> -                                        locty_data->r_buffer.size,
>>> -                                        selftest_done);
>>> -}
>>> -
>>> -static void tpm_passthrough_handle_request(TPMBackend *tb)
>>> +static void tpm_passthrough_handle_request(TPMBackend *tb, TPMBackendCmd
>>> *cmd)
>>>    {
>>>        TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
>>> -    bool selftest_done = false;
>>>    
>>> -    DPRINTF("tpm_passthrough: processing command\n");
>>> +    DPRINTF("tpm_passthrough: processing command %p\n", cmd);
>>>    
>>> -    tpm_passthrough_unix_transfer(tpm_pt,
>>> -                                  tb->tpm_state->locty_data,
>>> -                                  &selftest_done);
>>> +    tpm_passthrough_unix_tx_bufs(tpm_pt, cmd->in, cmd->in_len,
>>> +                                 cmd->out, cmd->out_len,
>>> &cmd->selftest_done);
>>>    
>>> -    tb->recv_data_callback(tb->tpm_state, selftest_done);
>>> +    tb->recv_data_callback(tb->tpm_state);
>>>    }
>>>    
>>>    static void tpm_passthrough_reset(TPMBackend *tb)
>>> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
>>> index 345a4fbee5..ffed7bfaf9 100644
>>> --- a/hw/tpm/tpm_tis.c
>>> +++ b/hw/tpm/tpm_tis.c
>>> @@ -215,7 +215,15 @@ static void tpm_tis_tpm_send(TPMState *s, uint8_t
>>> locty)
>>>         */
>>>        tis->loc[locty].state = TPM_TIS_STATE_EXECUTION;
>>>    
>>> -    tpm_backend_deliver_request(s->be_driver);
>>> +    s->cmd = (TPMBackendCmd) {
>>> +        .locty = locty,
>>> +        .in = s->locty_data->w_buffer.buffer,
>>> +        .in_len = s->locty_data->w_offset,
>>> +        .out = s->locty_data->r_buffer.buffer,
>>> +        .out_len = s->locty_data->r_buffer.size
>>> +    };
>>> +
>>> +    tpm_backend_deliver_request(s->be_driver, &s->cmd);
>>>    }
>>>    
>>>    /* raise an interrupt if allowed */
>>> @@ -352,7 +360,7 @@ static void tpm_tis_receive_bh(void *opaque)
>>>    {
>>>        TPMState *s = opaque;
>>>        TPMTISEmuState *tis = &s->s.tis;
>>> -    uint8_t locty = s->locty_number;
>>> +    uint8_t locty = s->cmd.locty;
>>>    
>>>        tpm_tis_sts_set(&tis->loc[locty],
>>>                        TPM_TIS_STS_VALID | TPM_TIS_STS_DATA_AVAILABLE);
>>> @@ -371,11 +379,11 @@ static void tpm_tis_receive_bh(void *opaque)
>>>    /*
>>>     * Callback from the TPM to indicate that the response was received.
>>>     */
>>> -static void tpm_tis_receive_cb(TPMState *s,
>>> -                               bool is_selftest_done)
>>> +static void tpm_tis_receive_cb(TPMState *s)
>>>    {
>>>        TPMTISEmuState *tis = &s->s.tis;
>>> -    uint8_t locty = s->locty_number;
>>> +    bool is_selftest_done = s->cmd.selftest_done;
>>> +    uint8_t locty = s->cmd.locty;
>>>        uint8_t l;
>>>    
>>>        if (is_selftest_done) {
>>
>>

Re: [Qemu-devel] [PATCH 33/42] tpm-passthrough: remove error cleanup from handle_device_opts

[Stefan Berger]

On 10/10/2017 06:19 PM, Marc-André Lureau wrote:
> Hi
>
> ----- Original Message -----
>> On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
>>> Clean-up is handled by the create() function.
>>>
>>> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
>>> ---
>>>    hw/tpm/tpm_passthrough.c | 15 ++-------------
>>>    1 file changed, 2 insertions(+), 13 deletions(-)
>>>
>>> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
>>> index aa9167e3c6..0806cf86af 100644
>>> --- a/hw/tpm/tpm_passthrough.c
>>> +++ b/hw/tpm/tpm_passthrough.c
>>> @@ -261,27 +261,16 @@ tpm_passthrough_handle_device_opts(TPMPassthruState
>>> *tpm_pt, QemuOpts *opts)
>>>        if (tpm_pt->tpm_fd < 0) {
>>>            error_report("Cannot access TPM device using '%s': %s",
>>>                         tpm_pt->tpm_dev, strerror(errno));
>>> -        goto err_free_parameters;
>>> +        return -1;
>>>        }
>>>
>>>        if (tpm_util_test_tpmdev(tpm_pt->tpm_fd, &tpm_pt->tpm_version)) {
>>>            error_report("'%s' is not a TPM device.",
>>>                         tpm_pt->tpm_dev);
>>> -        goto err_close_tpmdev;
>>> +        return -1;
>>>        }
>> I would prefer the cleanup to happen in the functions where the state is
>> created...
> This is the role for a destructor, no need to worry about local object change cleanup.
>
> I can drop the patch if you feel strongly about it, but I think it's a nice code simplification.
>
I like to see the cleanup code on the bottom...

Re: [Qemu-devel] [PATCH 27/42] tpm: remove unused opened code

[Stefan Berger]

On 10/10/2017 06:27 PM, Marc-André Lureau wrote:
> Hi
>
> ----- Original Message -----
>> On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
>>> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
>>> ---
>>>    include/sysemu/tpm_backend.h | 12 ------------
>>>    backends/tpm.c               | 42
>>>    ------------------------------------------
>>>    tpm.c                        |  6 ------
>>>    3 files changed, 60 deletions(-)
>>>
>>> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
>>> index b12ae5b625..a893e586ae 100644
>>> --- a/include/sysemu/tpm_backend.h
>>> +++ b/include/sysemu/tpm_backend.h
>>> @@ -81,8 +81,6 @@ struct TPMBackendClass {
>>>    
>>>        TpmTypeOptions *(*get_tpm_options)(TPMBackend *t);
>>>    
>>> -    void (*opened)(TPMBackend *s, Error **errp);
>>> -
>>>        void (*handle_request)(TPMBackend *s, TPMBackendCmd *cmd);
>>>    };
>>>    
>>> @@ -172,16 +170,6 @@ bool tpm_backend_get_tpm_established_flag(TPMBackend
>>> *s);
>>>     */
>>>    int tpm_backend_reset_tpm_established_flag(TPMBackend *s, uint8_t locty);
>>>    
>>> -/**
>>> - * tpm_backend_open:
>>> - * @s: the backend to open
>>> - * @errp: a pointer to return the #Error object if an error occurs.
>>> - *
>>> - * This function will open the backend if it is not already open.  Calling
>>> this
>>> - * function on an already opened backend will not result in an error.
>>> - */
>>> -void tpm_backend_open(TPMBackend *s, Error **errp);
>>> -
>>>    /**
>>>     * tpm_backend_get_tpm_version:
>>>     * @s: the backend to call into
>>> diff --git a/backends/tpm.c b/backends/tpm.c
>>> index 0c48d18775..7e636fbc7a 100644
>>> --- a/backends/tpm.c
>>> +++ b/backends/tpm.c
>>> @@ -159,52 +159,10 @@ TPMInfo *tpm_backend_query_tpm(TPMBackend *s)
>>>        return info;
>>>    }
>>>    
>>> -static bool tpm_backend_prop_get_opened(Object *obj, Error **errp)
>>> -{
>>> -    TPMBackend *s = TPM_BACKEND(obj);
>>> -
>>> -    return s->opened;
>>> -}
>>> -
>>> -void tpm_backend_open(TPMBackend *s, Error **errp)
>>> -{
>>> -    object_property_set_bool(OBJECT(s), true, "opened", errp);
>>> -}
>>> -
>>> -static void tpm_backend_prop_set_opened(Object *obj, bool value, Error
>>> **errp)
>>> -{
>>> -    TPMBackend *s = TPM_BACKEND(obj);
>>> -    TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
>>> -    Error *local_err = NULL;
>>> -
>>> -    if (value == s->opened) {
>>> -        return;
>>> -    }
>>> -
>>> -    if (!value && s->opened) {
>>> -        error_setg(errp, QERR_PERMISSION_DENIED);
>>> -        return;
>>> -    }
>>> -
>>> -    if (k->opened) {
>>> -        k->opened(s, &local_err);
>>> -        if (local_err) {
>>> -            error_propagate(errp, local_err);
>>> -            return;
>>> -        }
>>> -    }
>>> -
>>> -    s->opened = true;
>>> -}
>>> -
>>>    static void tpm_backend_instance_init(Object *obj)
>>>    {
>>>        TPMBackend *s = TPM_BACKEND(obj);
>>>    
>>> -    object_property_add_bool(obj, "opened",
>>> -                             tpm_backend_prop_get_opened,
>>> -                             tpm_backend_prop_set_opened,
>>> -                             NULL);
>>>        s->bh = qemu_bh_new(tpm_backend_request_completed_bh, s);
>>>    }
>>>    
>>> diff --git a/tpm.c b/tpm.c
>>> index ce1543fcb4..a46ee5f144 100644
>>> --- a/tpm.c
>>> +++ b/tpm.c
>>> @@ -134,12 +134,6 @@ static int tpm_init_tpmdev(void *dummy, QemuOpts
>>> *opts, Error **errp)
>>>            return 1;
>>>        }
>>>    
>>> -    tpm_backend_open(drv, &local_err);
>>> -    if (local_err) {
>>> -        error_report_err(local_err);
>>> -        return 1;
>>> -    }
>>> -
>>>        QLIST_INSERT_HEAD(&tpm_backends, drv, list);
>>>    
>>>        return 0;
>> Since nothing is setting the "opened' anymore, would anyone notice
>> because this has changed or is something else doing that now? Otherwise
>> I don't mind removing it...
> Was it ever used? I see the property was added in commit 8f0605cc9caacbcc647a6df9ae541ed2da4b9bb0.
>
> Code adapted from rng backend. But rng backend set "opened" on UserCreatableClass.complete() (TPM backend doesn't, but probably could - I have an experimental patch for that)
>
> I think we can remove it that code safely.
>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

Re: [Qemu-devel] [PATCH 00/42] TPM: code cleanup & CRB device

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> Hi,
>
> I accumulated a series of patch doing some TPM code cleanup while
> doing review. I removed some dead code, simplified other parts, and
> tried to isolate implementation of the backend and frontend by using a
> new TPMIf interface. I solved a few issues, and added some FIXME for
> what should be tackled.  Finally, I implemented a simple CRB device
> (tpm 2.0) that is work in progress for now - it works fine with
> passthrough, but swtpm/libtpms with win10 has some issues that need
> more investigations.
>
> seabios CRB support is required for TPM 2.0 & emulation
> (https://mail.coreboot.org/pipermail/seabios/2017-October/011839.html)
>
> Comments/review welcome!

Are you going to post a v2 soon?

    Stefan

Re: [Qemu-devel] [PATCH 00/42] TPM: code cleanup & CRB device

[Marc-André Lureau]

Hi Stefan

----- Original Message -----
> On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> > Hi,
> >
> > I accumulated a series of patch doing some TPM code cleanup while
> > doing review. I removed some dead code, simplified other parts, and
> > tried to isolate implementation of the backend and frontend by using a
> > new TPMIf interface. I solved a few issues, and added some FIXME for
> > what should be tackled.  Finally, I implemented a simple CRB device
> > (tpm 2.0) that is work in progress for now - it works fine with
> > passthrough, but swtpm/libtpms with win10 has some issues that need
> > more investigations.
> >
> > seabios CRB support is required for TPM 2.0 & emulation
> > (https://mail.coreboot.org/pipermail/seabios/2017-October/011839.html)
> >
> > Comments/review welcome!
> 
> Are you going to post a v2 soon?

I was wondering if you would take the patches that you already reviewed for the next pull request. That way v2 would be smaller.

thanks

Re: [Qemu-devel] [PATCH 24/42] tpm-be: call request_completed() out of thread

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> Lift from the backend implementation the responsability to call the
> request_completed() callback outside of thread context. This also
> simplify frontend/interface work, as they no longer need to care
> whether the callback is called from a different thread.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Minor nit below.

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   hw/tpm/tpm_int.h             |  1 -
>   include/sysemu/tpm_backend.h |  1 +
>   backends/tpm.c               | 15 ++++++++++++++-
>   hw/tpm/tpm_emulator.c        |  2 --
>   hw/tpm/tpm_passthrough.c     |  3 ---
>   hw/tpm/tpm_tis.c             | 36 +++++++++++++-----------------------
>   6 files changed, 28 insertions(+), 30 deletions(-)
>
> diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
> index 9c045b6691..9c49325f03 100644
> --- a/hw/tpm/tpm_int.h
> +++ b/hw/tpm/tpm_int.h
> @@ -30,7 +30,6 @@ typedef struct TPMIf {
>   typedef struct TPMIfClass {
>       InterfaceClass parent_class;
>
> -    /* run in thread pool by backend */
>       void (*request_completed)(TPMIf *obj);
>   } TPMIfClass;
>
> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
> index 8d08765b3c..dd4fb288ea 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -48,6 +48,7 @@ struct TPMBackend {
>       bool opened;
>       GThreadPool *thread_pool;
>       bool had_startup_error;
> +    QEMUBH *bh;
>
>       /* <public> */
>       char *id;
> diff --git a/backends/tpm.c b/backends/tpm.c
> index 86f0e7e915..58f823d54c 100644
> --- a/backends/tpm.c
> +++ b/backends/tpm.c
> @@ -18,14 +18,25 @@
>   #include "qapi/qmp/qerror.h"
>   #include "sysemu/tpm.h"
>   #include "qemu/thread.h"
> +#include "qemu/main-loop.h"
> +
> +static void tpm_backend_request_completed_bh(void *opaque)
> +{
> +    TPMBackend *s = TPM_BACKEND(opaque);
> +    TPMIfClass *tic = TPM_IF_GET_CLASS(s->tpmif);
> +
> +    tic->request_completed(s->tpmif);
> +}
>
>   static void tpm_backend_worker_thread(gpointer data, gpointer user_data)
>   {
>       TPMBackend *s = TPM_BACKEND(user_data);
> -    TPMBackendClass *k  = TPM_BACKEND_GET_CLASS(s);
> +    TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);

propagate this to the right place?


>
>       assert(k->handle_request != NULL);
>       k->handle_request(s, (TPMBackendCmd *)data);
> +
> +    qemu_bh_schedule(s->bh);
>   }
>
>   static void tpm_backend_thread_end(TPMBackend *s)
> @@ -193,6 +204,7 @@ static void tpm_backend_instance_init(Object *obj)
>                                tpm_backend_prop_set_opened,
>                                NULL);
>       s->fe_model = -1;
> +    s->bh = qemu_bh_new(tpm_backend_request_completed_bh, s);
>   }
>
>   static void tpm_backend_instance_finalize(Object *obj)
> @@ -202,6 +214,7 @@ static void tpm_backend_instance_finalize(Object *obj)
>       object_unref(OBJECT(s->tpmif));
>       g_free(s->id);
>       tpm_backend_thread_end(s);
> +    qemu_bh_delete(s->bh);
>   }
>
>   static const TypeInfo tpm_backend_info = {
> diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> index 07e7aa4abc..36454837b3 100644
> --- a/hw/tpm/tpm_emulator.c
> +++ b/hw/tpm/tpm_emulator.c
> @@ -176,7 +176,6 @@ static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number,
>   static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
>   {
>       TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
> -    TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpmif);
>       Error *err = NULL;
>
>       DPRINTF("processing TPM command");
> @@ -191,7 +190,6 @@ static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
>           goto error;
>       }
>
> -    tic->request_completed(tb->tpmif);
>       return;
>
>   error:
> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> index 2ad74badca..8c002e4da6 100644
> --- a/hw/tpm/tpm_passthrough.c
> +++ b/hw/tpm/tpm_passthrough.c
> @@ -139,14 +139,11 @@ err_exit:
>   static void tpm_passthrough_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
>   {
>       TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
> -    TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpmif);
>
>       DPRINTF("tpm_passthrough: processing command %p\n", cmd);
>
>       tpm_passthrough_unix_tx_bufs(tpm_pt, cmd->in, cmd->in_len,
>                                    cmd->out, cmd->out_len, &cmd->selftest_done);
> -
> -    tic->request_completed(tb->tpmif);
>   }
>
>   static void tpm_passthrough_reset(TPMBackend *tb)
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index b3757bfbda..355427ab29 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -76,7 +76,6 @@ typedef struct TPMState {
>       ISADevice busdev;
>       MemoryRegion mmio;
>
> -    QEMUBH *bh;
>       uint32_t offset;
>       uint8_t buf[TPM_TIS_BUFFER_MAX];
>
> @@ -411,10 +410,20 @@ static void tpm_tis_prep_abort(TPMState *s, uint8_t locty, uint8_t newlocty)
>       tpm_tis_abort(s, locty);
>   }
>
> -static void tpm_tis_receive_bh(void *opaque)
> +/*
> + * Callback from the TPM to indicate that the response was received.
> + */
> +static void tpm_tis_request_completed(TPMIf *ti)
>   {
> -    TPMState *s = opaque;
> -    uint8_t locty = s->cmd.locty;
> +    TPMState *s = TPM(ti);
> +    uint8_t locty = s->locty_number;
> +    uint8_t l;
> +
> +    if (s->cmd.selftest_done) {
> +        for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
> +            s->loc[locty].sts |= TPM_TIS_STS_SELFTEST_DONE;
> +        }
> +    }
>
>       tpm_tis_sts_set(&s->loc[locty],
>                       TPM_TIS_STS_VALID | TPM_TIS_STS_DATA_AVAILABLE);
> @@ -430,23 +439,6 @@ static void tpm_tis_receive_bh(void *opaque)
>                         TPM_TIS_INT_DATA_AVAILABLE | TPM_TIS_INT_STS_VALID);
>   }
>
> -static void tpm_tis_request_completed(TPMIf *ti)
> -{
> -    TPMState *s = TPM(ti);
> -
> -    bool is_selftest_done = s->cmd.selftest_done;
> -    uint8_t locty = s->cmd.locty;
> -    uint8_t l;
> -
> -    if (is_selftest_done) {
> -        for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
> -            s->loc[locty].sts |= TPM_TIS_STS_SELFTEST_DONE;
> -        }
> -    }
> -
> -    qemu_bh_schedule(s->bh);
> -}
> -
>   /*
>    * Read a byte of response data
>    */
> @@ -1089,8 +1081,6 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp)
>           return;
>       }
>
> -    s->bh = qemu_bh_new(tpm_tis_receive_bh, s);
> -
>       isa_init_irq(&s->busdev, &s->irq, s->irq_num);
>
>       memory_region_add_subregion(isa_address_space(ISA_DEVICE(dev)),

Re: [Qemu-devel] [PATCH 11/42] tpm: remove unused TPMBackendCmd

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> There is only handling of request so far in both backends.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Review-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   include/sysemu/tpm_backend.h |  9 +--------
>   backends/tpm.c               |  7 ++-----
>   hw/tpm/tpm_emulator.c        | 42 ++++++++++++++++--------------------------
>   hw/tpm/tpm_passthrough.c     | 29 ++++++++++-------------------
>   4 files changed, 29 insertions(+), 58 deletions(-)
>
> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
> index b08f985500..7d7ebfc21d 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -32,13 +32,6 @@ typedef struct TPMBackend TPMBackend;
>   
>   typedef void (TPMRecvDataCB)(TPMState *, uint8_t locty, bool selftest_done);
>   
> -typedef enum TPMBackendCmd {
> -    TPM_BACKEND_CMD_INIT = 1,
> -    TPM_BACKEND_CMD_PROCESS_CMD,
> -    TPM_BACKEND_CMD_END,
> -    TPM_BACKEND_CMD_TPM_RESET,
> -} TPMBackendCmd;
> -
>   struct TPMBackend {
>       Object parent;
>   
> @@ -83,7 +76,7 @@ struct TPMBackendClass {
>   
>       void (*opened)(TPMBackend *s, Error **errp);
>   
> -    void (*handle_request)(TPMBackend *s, TPMBackendCmd cmd);
> +    void (*handle_request)(TPMBackend *s);
>   };
>   
>   /**
> diff --git a/backends/tpm.c b/backends/tpm.c
> index dc750d48c9..34e82085ec 100644
> --- a/backends/tpm.c
> +++ b/backends/tpm.c
> @@ -25,13 +25,12 @@ static void tpm_backend_worker_thread(gpointer data, gpointer user_data)
>       TPMBackendClass *k  = TPM_BACKEND_GET_CLASS(s);
>   
>       assert(k->handle_request != NULL);
> -    k->handle_request(s, (TPMBackendCmd)data);
> +    k->handle_request(s);
>   }
>   
>   static void tpm_backend_thread_end(TPMBackend *s)
>   {
>       if (s->thread_pool) {
> -        g_thread_pool_push(s->thread_pool, (gpointer)TPM_BACKEND_CMD_END, NULL);
>           g_thread_pool_free(s->thread_pool, FALSE, TRUE);
>           s->thread_pool = NULL;
>       }
> @@ -64,7 +63,6 @@ int tpm_backend_startup_tpm(TPMBackend *s)
>   
>       s->thread_pool = g_thread_pool_new(tpm_backend_worker_thread, s, 1, TRUE,
>                                          NULL);
> -    g_thread_pool_push(s->thread_pool, (gpointer)TPM_BACKEND_CMD_INIT, NULL);
>   
>       res = k->startup_tpm ? k->startup_tpm(s) : 0;
>   
> @@ -80,8 +78,7 @@ bool tpm_backend_had_startup_error(TPMBackend *s)
>   
>   void tpm_backend_deliver_request(TPMBackend *s)
>   {
> -    g_thread_pool_push(s->thread_pool, (gpointer)TPM_BACKEND_CMD_PROCESS_CMD,
> -                       NULL);
> +    g_thread_pool_push(s->thread_pool, NULL, NULL);
>   }
>   
>   void tpm_backend_reset(TPMBackend *s)
> diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> index bb5a65b492..dadc264182 100644
> --- a/hw/tpm/tpm_emulator.c
> +++ b/hw/tpm/tpm_emulator.c
> @@ -172,39 +172,29 @@ static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number)
>       return 0;
>   }
>   
> -static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd cmd)
> +static void tpm_emulator_handle_request(TPMBackend *tb)
>   {
>       TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
>       TPMLocality *locty = NULL;
>       bool selftest_done = false;
>       Error *err = NULL;
>   
> -    DPRINTF("processing command type %d", cmd);
> -
> -    switch (cmd) {
> -    case TPM_BACKEND_CMD_PROCESS_CMD:
> -        locty = tb->tpm_state->locty_data;
> -        if (tpm_emulator_set_locality(tpm_emu,
> -                                      tb->tpm_state->locty_number) < 0 ||
> -            tpm_emulator_unix_tx_bufs(tpm_emu, locty->w_buffer.buffer,
> -                                      locty->w_offset, locty->r_buffer.buffer,
> -                                      locty->r_buffer.size, &selftest_done,
> -                                      &err) < 0) {
> -            tpm_util_write_fatal_error_response(locty->r_buffer.buffer,
> -                                                locty->r_buffer.size);
> -            error_report_err(err);
> -        }
> -
> -        tb->recv_data_callback(tb->tpm_state, tb->tpm_state->locty_number,
> -                               selftest_done);
> -
> -        break;
> -    case TPM_BACKEND_CMD_INIT:
> -    case TPM_BACKEND_CMD_END:
> -    case TPM_BACKEND_CMD_TPM_RESET:
> -        /* nothing to do */
> -        break;
> +    DPRINTF("processing TPM command");
> +
> +    locty = tb->tpm_state->locty_data;
> +    if (tpm_emulator_set_locality(tpm_emu,
> +                                  tb->tpm_state->locty_number) < 0 ||
> +        tpm_emulator_unix_tx_bufs(tpm_emu, locty->w_buffer.buffer,
> +                                  locty->w_offset, locty->r_buffer.buffer,
> +                                  locty->r_buffer.size, &selftest_done,
> +                                  &err) < 0) {
> +        tpm_util_write_fatal_error_response(locty->r_buffer.buffer,
> +                                            locty->r_buffer.size);
> +        error_report_err(err);
>       }
> +
> +    tb->recv_data_callback(tb->tpm_state, tb->tpm_state->locty_number,
> +                           selftest_done);
>   }
>   
>   static int tpm_emulator_probe_caps(TPMEmulator *tpm_emu)
> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> index d9da99bc8e..5cd988e8a4 100644
> --- a/hw/tpm/tpm_passthrough.c
> +++ b/hw/tpm/tpm_passthrough.c
> @@ -149,29 +149,20 @@ static int tpm_passthrough_unix_transfer(TPMPassthruState *tpm_pt,
>                                           selftest_done);
>   }
>   
> -static void tpm_passthrough_handle_request(TPMBackend *tb, TPMBackendCmd cmd)
> +static void tpm_passthrough_handle_request(TPMBackend *tb)
>   {
>       TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
>       bool selftest_done = false;
>   
> -    DPRINTF("tpm_passthrough: processing command type %d\n", cmd);
> -
> -    switch (cmd) {
> -    case TPM_BACKEND_CMD_PROCESS_CMD:
> -        tpm_passthrough_unix_transfer(tpm_pt,
> -                                      tb->tpm_state->locty_data,
> -                                      &selftest_done);
> -
> -        tb->recv_data_callback(tb->tpm_state,
> -                               tb->tpm_state->locty_number,
> -                               selftest_done);
> -        break;
> -    case TPM_BACKEND_CMD_INIT:
> -    case TPM_BACKEND_CMD_END:
> -    case TPM_BACKEND_CMD_TPM_RESET:
> -        /* nothing to do */
> -        break;
> -    }
> +    DPRINTF("tpm_passthrough: processing command\n");
> +
> +    tpm_passthrough_unix_transfer(tpm_pt,
> +                                  tb->tpm_state->locty_data,
> +                                  &selftest_done);
> +
> +    tb->recv_data_callback(tb->tpm_state,
> +                           tb->tpm_state->locty_number,
> +                           selftest_done);
>   }
>   
>   static void tpm_passthrough_reset(TPMBackend *tb)

Re: [Qemu-devel] [PATCH 08/42] tpm: remove TPMDriverOps

[Stefan Berger]

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> Use TPMBackendClass to hold class methods/fields.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

> ---
>   include/sysemu/tpm_backend.h | 15 +++++----------
>   backends/tpm.c               | 31 ++++++++++++++++---------------
>   hw/tpm/tpm_emulator.c        | 29 ++++++++++++-----------------
>   hw/tpm/tpm_passthrough.c     | 25 +++++++++++--------------
>   tpm.c                        | 20 +++++++++-----------
>   scripts/checkpatch.pl        |  1 -
>   6 files changed, 53 insertions(+), 68 deletions(-)
>
> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
> index 63093551a1..a4288df038 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -29,7 +29,7 @@
>
>   typedef struct TPMBackendClass TPMBackendClass;
>   typedef struct TPMBackend TPMBackend;
> -typedef struct TPMDriverOps TPMDriverOps;
> +
>   typedef void (TPMRecvDataCB)(TPMState *, uint8_t locty, bool selftest_done);
>
>   typedef enum TPMBackendCmd {
> @@ -59,14 +59,6 @@ struct TPMBackend {
>   struct TPMBackendClass {
>       ObjectClass parent_class;
>
> -    const TPMDriverOps *ops;
> -
> -    void (*opened)(TPMBackend *s, Error **errp);
> -
> -    void (*handle_request)(TPMBackend *s, TPMBackendCmd cmd);
> -};
> -
> -struct TPMDriverOps {
>       enum TpmType type;
>       const QemuOptDesc *opts;
>       /* get a descriptive text of the backend to display to the user */
> @@ -90,8 +82,11 @@ struct TPMDriverOps {
>       TPMVersion (*get_tpm_version)(TPMBackend *t);
>
>       TpmTypeOptions *(*get_tpm_options)(TPMBackend *t);
> -};
>
> +    void (*opened)(TPMBackend *s, Error **errp);
> +
> +    void (*handle_request)(TPMBackend *s, TPMBackendCmd cmd);
> +};
>
>   /**
>    * tpm_backend_get_type:
> diff --git a/backends/tpm.c b/backends/tpm.c
> index 37c84b7c66..ca3a78eea8 100644
> --- a/backends/tpm.c
> +++ b/backends/tpm.c
> @@ -41,7 +41,7 @@ enum TpmType tpm_backend_get_type(TPMBackend *s)
>   {
>       TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
>
> -    return k->ops->type;
> +    return k->type;
>   }
>
>   int tpm_backend_init(TPMBackend *s, TPMState *state,
> @@ -53,7 +53,7 @@ int tpm_backend_init(TPMBackend *s, TPMState *state,
>       s->recv_data_callback = datacb;
>       s->had_startup_error = false;
>
> -    return k->ops->init ? k->ops->init(s) : 0;
> +    return k->init ? k->init(s) : 0;
>   }
>
>   int tpm_backend_startup_tpm(TPMBackend *s)
> @@ -68,7 +68,7 @@ int tpm_backend_startup_tpm(TPMBackend *s)
>                                          NULL);
>       g_thread_pool_push(s->thread_pool, (gpointer)TPM_BACKEND_CMD_INIT, NULL);
>
> -    res = k->ops->startup_tpm ? k->ops->startup_tpm(s) : 0;
> +    res = k->startup_tpm ? k->startup_tpm(s) : 0;
>
>       s->had_startup_error = (res != 0);
>
> @@ -90,8 +90,8 @@ void tpm_backend_reset(TPMBackend *s)
>   {
>       TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
>
> -    if (k->ops->reset) {
> -        k->ops->reset(s);
> +    if (k->reset) {
> +        k->reset(s);
>       }
>
>       tpm_backend_thread_end(s);
> @@ -103,34 +103,34 @@ void tpm_backend_cancel_cmd(TPMBackend *s)
>   {
>       TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
>
> -    assert(k->ops->cancel_cmd);
> +    assert(k->cancel_cmd);
>
> -    k->ops->cancel_cmd(s);
> +    k->cancel_cmd(s);
>   }
>
>   bool tpm_backend_get_tpm_established_flag(TPMBackend *s)
>   {
>       TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
>
> -    return k->ops->get_tpm_established_flag ?
> -           k->ops->get_tpm_established_flag(s) : false;
> +    return k->get_tpm_established_flag ?
> +           k->get_tpm_established_flag(s) : false;
>   }
>
>   int tpm_backend_reset_tpm_established_flag(TPMBackend *s, uint8_t locty)
>   {
>       TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
>
> -    return k->ops->reset_tpm_established_flag ?
> -           k->ops->reset_tpm_established_flag(s, locty) : 0;
> +    return k->reset_tpm_established_flag ?
> +           k->reset_tpm_established_flag(s, locty) : 0;
>   }
>
>   TPMVersion tpm_backend_get_tpm_version(TPMBackend *s)
>   {
>       TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
>
> -    assert(k->ops->get_tpm_version);
> +    assert(k->get_tpm_version);
>
> -    return k->ops->get_tpm_version(s);
> +    return k->get_tpm_version(s);
>   }
>
>   TPMInfo *tpm_backend_query_tpm(TPMBackend *s)
> @@ -140,8 +140,9 @@ TPMInfo *tpm_backend_query_tpm(TPMBackend *s)
>
>       info->id = g_strdup(s->id);
>       info->model = s->fe_model;
> -    info->options = k->ops->get_tpm_options ?
> -                    k->ops->get_tpm_options(s) : NULL;
> +    if (k->get_tpm_options) {
> +        info->options = k->get_tpm_options(s);
> +    }
>
>       return info;
>   }
> diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> index 9e24a5f30e..bb5a65b492 100644
> --- a/hw/tpm/tpm_emulator.c
> +++ b/hw/tpm/tpm_emulator.c
> @@ -60,8 +60,6 @@
>
>   #define TPM_EMULATOR_IMPLEMENTS_ALL_CAPS(S, cap) (((S)->caps & (cap)) == (cap))
>
> -static const TPMDriverOps tpm_emulator_driver;
> -
>   /* data structures */
>   typedef struct TPMEmulator {
>       TPMBackend parent;
> @@ -504,20 +502,6 @@ static const QemuOptDesc tpm_emulator_cmdline_opts[] = {
>       { /* end of list */ },
>   };
>
> -static const TPMDriverOps tpm_emulator_driver = {
> -    .type                     = TPM_TYPE_EMULATOR,
> -    .opts                     = tpm_emulator_cmdline_opts,
> -    .desc                     = "TPM emulator backend driver",
> -
> -    .create                   = tpm_emulator_create,
> -    .startup_tpm              = tpm_emulator_startup_tpm,
> -    .cancel_cmd               = tpm_emulator_cancel_cmd,
> -    .get_tpm_established_flag = tpm_emulator_get_tpm_established_flag,
> -    .reset_tpm_established_flag = tpm_emulator_reset_tpm_established_flag,
> -    .get_tpm_version          = tpm_emulator_get_tpm_version,
> -    .get_tpm_options          = tpm_emulator_get_tpm_options,
> -};
> -
>   static void tpm_emulator_inst_init(Object *obj)
>   {
>       TPMEmulator *tpm_emu = TPM_EMULATOR(obj);
> @@ -565,7 +549,18 @@ static void tpm_emulator_inst_finalize(Object *obj)
>   static void tpm_emulator_class_init(ObjectClass *klass, void *data)
>   {
>       TPMBackendClass *tbc = TPM_BACKEND_CLASS(klass);
> -    tbc->ops = &tpm_emulator_driver;
> +
> +    tbc->type = TPM_TYPE_EMULATOR;
> +    tbc->opts = tpm_emulator_cmdline_opts;
> +    tbc->desc = "TPM emulator backend driver";
> +    tbc->create = tpm_emulator_create;
> +    tbc->startup_tpm = tpm_emulator_startup_tpm;
> +    tbc->cancel_cmd = tpm_emulator_cancel_cmd;
> +    tbc->get_tpm_established_flag = tpm_emulator_get_tpm_established_flag;
> +    tbc->reset_tpm_established_flag = tpm_emulator_reset_tpm_established_flag;
> +    tbc->get_tpm_version = tpm_emulator_get_tpm_version;
> +    tbc->get_tpm_options = tpm_emulator_get_tpm_options;
> +
>       tbc->handle_request = tpm_emulator_handle_request;
>   }
>
> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> index f04eab3e63..d9da99bc8e 100644
> --- a/hw/tpm/tpm_passthrough.c
> +++ b/hw/tpm/tpm_passthrough.c
> @@ -365,19 +365,6 @@ static const QemuOptDesc tpm_passthrough_cmdline_opts[] = {
>       { /* end of list */ },
>   };
>
> -static const TPMDriverOps tpm_passthrough_driver = {
> -    .type                     = TPM_TYPE_PASSTHROUGH,
> -    .opts                     = tpm_passthrough_cmdline_opts,
> -    .desc                     = "Passthrough TPM backend driver",
> -    .create                   = tpm_passthrough_create,
> -    .reset                    = tpm_passthrough_reset,
> -    .cancel_cmd               = tpm_passthrough_cancel_cmd,
> -    .get_tpm_established_flag = tpm_passthrough_get_tpm_established_flag,
> -    .reset_tpm_established_flag = tpm_passthrough_reset_tpm_established_flag,
> -    .get_tpm_version          = tpm_passthrough_get_tpm_version,
> -    .get_tpm_options          = tpm_passthrough_get_tpm_options,
> -};
> -
>   static void tpm_passthrough_inst_init(Object *obj)
>   {
>       TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(obj);
> @@ -402,7 +389,17 @@ static void tpm_passthrough_class_init(ObjectClass *klass, void *data)
>   {
>       TPMBackendClass *tbc = TPM_BACKEND_CLASS(klass);
>
> -    tbc->ops = &tpm_passthrough_driver;
> +    tbc->type = TPM_TYPE_PASSTHROUGH;
> +    tbc->opts = tpm_passthrough_cmdline_opts;
> +    tbc->desc = "Passthrough TPM backend driver";
> +    tbc->create = tpm_passthrough_create;
> +    tbc->reset = tpm_passthrough_reset;
> +    tbc->cancel_cmd = tpm_passthrough_cancel_cmd;
> +    tbc->get_tpm_established_flag = tpm_passthrough_get_tpm_established_flag;
> +    tbc->reset_tpm_established_flag =
> +        tpm_passthrough_reset_tpm_established_flag;
> +    tbc->get_tpm_version = tpm_passthrough_get_tpm_version;
> +    tbc->get_tpm_options = tpm_passthrough_get_tpm_options;
>       tbc->handle_request = tpm_passthrough_handle_request;
>   }
>
> diff --git a/tpm.c b/tpm.c
> index 75a589b837..4882501bd7 100644
> --- a/tpm.c
> +++ b/tpm.c
> @@ -32,11 +32,10 @@ void tpm_register_model(enum TpmModel model)
>
>   #ifdef CONFIG_TPM
>
> -static const TPMDriverOps *
> -tpm_driver_find_by_type(enum TpmType type)
> +static const TPMBackendClass *
> +tpm_be_find_by_type(enum TpmType type)
>   {
>       ObjectClass *oc;
> -    TPMBackendClass *bc;
>       char *typename = g_strdup_printf("tpm-%s", TpmType_str(type));
>
>       oc = object_class_by_name(typename);
> @@ -46,8 +45,7 @@ tpm_driver_find_by_type(enum TpmType type)
>           return NULL;
>       }
>
> -    bc = TPM_BACKEND_CLASS(oc);
> -    return bc->ops;
> +    return TPM_BACKEND_CLASS(oc);
>   }
>
>   /*
> @@ -61,11 +59,11 @@ static void tpm_display_backend_drivers(void)
>       fprintf(stderr, "Supported TPM types (choose only one):\n");
>
>       for (i = 0; i < TPM_TYPE__MAX; i++) {
> -        const TPMDriverOps *ops = tpm_driver_find_by_type(i);
> -        if (!ops) {
> +        const TPMBackendClass *bc = tpm_be_find_by_type(i);
> +        if (!bc) {
>               continue;
>           }
> -        fprintf(stderr, "%12s   %s\n", TpmType_str(i), ops->desc);
> +        fprintf(stderr, "%12s   %s\n", TpmType_str(i), bc->desc);
>       }
>       fprintf(stderr, "\n");
>   }
> @@ -92,7 +90,7 @@ static int configure_tpm(QemuOpts *opts)
>   {
>       const char *value;
>       const char *id;
> -    const TPMDriverOps *be;
> +    const TPMBackendClass *be;
>       TPMBackend *drv;
>       Error *local_err = NULL;
>       int i;
> @@ -116,7 +114,7 @@ static int configure_tpm(QemuOpts *opts)
>       }
>
>       i = qapi_enum_parse(&TpmType_lookup, value, -1, NULL);
> -    be = i >= 0 ? tpm_driver_find_by_type(i) : NULL;
> +    be = i >= 0 ? tpm_be_find_by_type(i) : NULL;
>       if (be == NULL) {
>           error_report(QERR_INVALID_PARAMETER_VALUE,
>                        "type", "a TPM backend type");
> @@ -234,7 +232,7 @@ TpmTypeList *qmp_query_tpm_types(Error **errp)
>       TpmTypeList *head = NULL, *prev = NULL, *cur_item;
>
>       for (i = 0; i < TPM_TYPE__MAX; i++) {
> -        if (!tpm_driver_find_by_type(i)) {
> +        if (!tpm_be_find_by_type(i)) {
>               continue;
>           }
>           cur_item = g_new0(TpmTypeList, 1);
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> index 0c41f1212f..c9529df67f 100755
> --- a/scripts/checkpatch.pl
> +++ b/scripts/checkpatch.pl
> @@ -2602,7 +2602,6 @@ sub process {
>   				SCSIBusInfo|
>   				SCSIReqOps|
>   				Spice[A-Z][a-zA-Z0-9]*Interface|
> -				TPMDriverOps|
>   				USBDesc[A-Z][a-zA-Z0-9]*|
>   				VhostOps|
>   				VMStateDescription|

Re: [Qemu-devel] [PATCH 00/42] TPM: code cleanup & CRB device

[Stefan Berger]

On 10/19/2017 10:33 AM, Marc-André Lureau wrote:
> Hi Stefan
>
> ----- Original Message -----
>> On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
>>> Hi,
>>>
>>> I accumulated a series of patch doing some TPM code cleanup while
>>> doing review. I removed some dead code, simplified other parts, and
>>> tried to isolate implementation of the backend and frontend by using a
>>> new TPMIf interface. I solved a few issues, and added some FIXME for
>>> what should be tackled.  Finally, I implemented a simple CRB device
>>> (tpm 2.0) that is work in progress for now - it works fine with
>>> passthrough, but swtpm/libtpms with win10 has some issues that need
>>> more investigations.
>>>
>>> seabios CRB support is required for TPM 2.0 & emulation
>>> (https://mail.coreboot.org/pipermail/seabios/2017-October/011839.html)
>>>
>>> Comments/review welcome!
>> Are you going to post a v2 soon?
> I was wondering if you would take the patches that you already reviewed for the next pull request. That way v2 would be smaller.

I'll take them up to 21/42.

    Stefan

Re: [Qemu-devel] [PATCH 00/42] TPM: code cleanup & CRB device

[Stefan Berger]

On 10/19/2017 10:44 AM, Stefan Berger wrote:
> On 10/19/2017 10:33 AM, Marc-André Lureau wrote:
>> Hi Stefan
>>
>> ----- Original Message -----
>>> On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
>>>> Hi,
>>>>
>>>> I accumulated a series of patch doing some TPM code cleanup while
>>>> doing review. I removed some dead code, simplified other parts, and
>>>> tried to isolate implementation of the backend and frontend by using a
>>>> new TPMIf interface. I solved a few issues, and added some FIXME for
>>>> what should be tackled.  Finally, I implemented a simple CRB device
>>>> (tpm 2.0) that is work in progress for now - it works fine with
>>>> passthrough, but swtpm/libtpms with win10 has some issues that need
>>>> more investigations.
>>>>
>>>> seabios CRB support is required for TPM 2.0 & emulation
>>>> (https://mail.coreboot.org/pipermail/seabios/2017-October/011839.html)
>>>>
>>>> Comments/review welcome!
>>> Are you going to post a v2 soon?
>> I was wondering if you would take the patches that you already 
>> reviewed for the next pull request. That way v2 would be smaller.
>
> I'll take them up to 21/42.

Tested them and it seems to work fine. I'll post later today.

Did you have any more luck with win10 and tpm2 ?

    Stefan

Re: [Qemu-devel] [PATCH 00/42] TPM: code cleanup & CRB device

[Marc-André Lureau]

Hi

----- Original Message -----
> On 10/19/2017 10:44 AM, Stefan Berger wrote:
> > On 10/19/2017 10:33 AM, Marc-André Lureau wrote:
> >> Hi Stefan
> >>
> >> ----- Original Message -----
> >>> On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
> >>>> Hi,
> >>>>
> >>>> I accumulated a series of patch doing some TPM code cleanup while
> >>>> doing review. I removed some dead code, simplified other parts, and
> >>>> tried to isolate implementation of the backend and frontend by using a
> >>>> new TPMIf interface. I solved a few issues, and added some FIXME for
> >>>> what should be tackled.  Finally, I implemented a simple CRB device
> >>>> (tpm 2.0) that is work in progress for now - it works fine with
> >>>> passthrough, but swtpm/libtpms with win10 has some issues that need
> >>>> more investigations.
> >>>>
> >>>> seabios CRB support is required for TPM 2.0 & emulation
> >>>> (https://mail.coreboot.org/pipermail/seabios/2017-October/011839.html)
> >>>>
> >>>> Comments/review welcome!
> >>> Are you going to post a v2 soon?
> >> I was wondering if you would take the patches that you already
> >> reviewed for the next pull request. That way v2 would be smaller.
> >
> > I'll take them up to 21/42.
> 
> Tested them and it seems to work fine. I'll post later today.
> 
> Did you have any more luck with win10 and tpm2 ?

I haven't had time so far to investigate further.

The summary was that Windows refuses to talk with a TPM2/TIS device (it doesn't even shows up in device list), while TPM2/CRB is being recognized and communicated with. However, there are some failure with swtpm/libtpms that are unclear, and will require more verbosity in libtpms. I plan to resume this effort in a few weeks.

Thanks

Re: [Qemu-devel] [PATCH 24/42] tpm-be: call request_completed() out of thread

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> Lift from the backend implementation the responsability to call the
> request_completed() callback outside of thread context. This also

I don't think this is what you are doing here. It's still in thread context.

Something is breaking the TIS interface in this patch. The symptom is 
that SeaBIOS doesn't show its menu anymore.

I have to withdraw my Reviewed-by from this one. It looked sufficiently 
harmless but it's not.

     Stefan

> simplify frontend/interface work, as they no longer need to care
> whether the callback is called from a different thread.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
>   hw/tpm/tpm_int.h             |  1 -
>   include/sysemu/tpm_backend.h |  1 +
>   backends/tpm.c               | 15 ++++++++++++++-
>   hw/tpm/tpm_emulator.c        |  2 --
>   hw/tpm/tpm_passthrough.c     |  3 ---
>   hw/tpm/tpm_tis.c             | 36 +++++++++++++-----------------------
>   6 files changed, 28 insertions(+), 30 deletions(-)
>
> diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
> index 9c045b6691..9c49325f03 100644
> --- a/hw/tpm/tpm_int.h
> +++ b/hw/tpm/tpm_int.h
> @@ -30,7 +30,6 @@ typedef struct TPMIf {
>   typedef struct TPMIfClass {
>       InterfaceClass parent_class;
>
> -    /* run in thread pool by backend */
>       void (*request_completed)(TPMIf *obj);
>   } TPMIfClass;
>
> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
> index 8d08765b3c..dd4fb288ea 100644
> --- a/include/sysemu/tpm_backend.h
> +++ b/include/sysemu/tpm_backend.h
> @@ -48,6 +48,7 @@ struct TPMBackend {
>       bool opened;
>       GThreadPool *thread_pool;
>       bool had_startup_error;
> +    QEMUBH *bh;
>
>       /* <public> */
>       char *id;
> diff --git a/backends/tpm.c b/backends/tpm.c
> index 86f0e7e915..58f823d54c 100644
> --- a/backends/tpm.c
> +++ b/backends/tpm.c
> @@ -18,14 +18,25 @@
>   #include "qapi/qmp/qerror.h"
>   #include "sysemu/tpm.h"
>   #include "qemu/thread.h"
> +#include "qemu/main-loop.h"
> +
> +static void tpm_backend_request_completed_bh(void *opaque)
> +{
> +    TPMBackend *s = TPM_BACKEND(opaque);
> +    TPMIfClass *tic = TPM_IF_GET_CLASS(s->tpmif);
> +
> +    tic->request_completed(s->tpmif);
> +}
>
>   static void tpm_backend_worker_thread(gpointer data, gpointer user_data)
>   {
>       TPMBackend *s = TPM_BACKEND(user_data);
> -    TPMBackendClass *k  = TPM_BACKEND_GET_CLASS(s);
> +    TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
>
>       assert(k->handle_request != NULL);
>       k->handle_request(s, (TPMBackendCmd *)data);
> +
> +    qemu_bh_schedule(s->bh);
>   }
>
>   static void tpm_backend_thread_end(TPMBackend *s)
> @@ -193,6 +204,7 @@ static void tpm_backend_instance_init(Object *obj)
>                                tpm_backend_prop_set_opened,
>                                NULL);
>       s->fe_model = -1;
> +    s->bh = qemu_bh_new(tpm_backend_request_completed_bh, s);
>   }
>
>   static void tpm_backend_instance_finalize(Object *obj)
> @@ -202,6 +214,7 @@ static void tpm_backend_instance_finalize(Object *obj)
>       object_unref(OBJECT(s->tpmif));
>       g_free(s->id);
>       tpm_backend_thread_end(s);
> +    qemu_bh_delete(s->bh);
>   }
>
>   static const TypeInfo tpm_backend_info = {
> diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> index 07e7aa4abc..36454837b3 100644
> --- a/hw/tpm/tpm_emulator.c
> +++ b/hw/tpm/tpm_emulator.c
> @@ -176,7 +176,6 @@ static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number,
>   static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
>   {
>       TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
> -    TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpmif);
>       Error *err = NULL;
>
>       DPRINTF("processing TPM command");
> @@ -191,7 +190,6 @@ static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
>           goto error;
>       }
>
> -    tic->request_completed(tb->tpmif);
>       return;
>
>   error:
> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
> index 2ad74badca..8c002e4da6 100644
> --- a/hw/tpm/tpm_passthrough.c
> +++ b/hw/tpm/tpm_passthrough.c
> @@ -139,14 +139,11 @@ err_exit:
>   static void tpm_passthrough_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
>   {
>       TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
> -    TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpmif);
>
>       DPRINTF("tpm_passthrough: processing command %p\n", cmd);
>
>       tpm_passthrough_unix_tx_bufs(tpm_pt, cmd->in, cmd->in_len,
>                                    cmd->out, cmd->out_len, &cmd->selftest_done);
> -
> -    tic->request_completed(tb->tpmif);
>   }
>
>   static void tpm_passthrough_reset(TPMBackend *tb)
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index b3757bfbda..355427ab29 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -76,7 +76,6 @@ typedef struct TPMState {
>       ISADevice busdev;
>       MemoryRegion mmio;
>
> -    QEMUBH *bh;
>       uint32_t offset;
>       uint8_t buf[TPM_TIS_BUFFER_MAX];
>
> @@ -411,10 +410,20 @@ static void tpm_tis_prep_abort(TPMState *s, uint8_t locty, uint8_t newlocty)
>       tpm_tis_abort(s, locty);
>   }
>
> -static void tpm_tis_receive_bh(void *opaque)
> +/*
> + * Callback from the TPM to indicate that the response was received.
> + */
> +static void tpm_tis_request_completed(TPMIf *ti)
>   {
> -    TPMState *s = opaque;
> -    uint8_t locty = s->cmd.locty;
> +    TPMState *s = TPM(ti);
> +    uint8_t locty = s->locty_number;
> +    uint8_t l;
> +
> +    if (s->cmd.selftest_done) {
> +        for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
> +            s->loc[locty].sts |= TPM_TIS_STS_SELFTEST_DONE;
> +        }
> +    }
>
>       tpm_tis_sts_set(&s->loc[locty],
>                       TPM_TIS_STS_VALID | TPM_TIS_STS_DATA_AVAILABLE);
> @@ -430,23 +439,6 @@ static void tpm_tis_receive_bh(void *opaque)
>                         TPM_TIS_INT_DATA_AVAILABLE | TPM_TIS_INT_STS_VALID);
>   }
>
> -static void tpm_tis_request_completed(TPMIf *ti)
> -{
> -    TPMState *s = TPM(ti);
> -
> -    bool is_selftest_done = s->cmd.selftest_done;
> -    uint8_t locty = s->cmd.locty;
> -    uint8_t l;
> -
> -    if (is_selftest_done) {
> -        for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
> -            s->loc[locty].sts |= TPM_TIS_STS_SELFTEST_DONE;
> -        }
> -    }
> -
> -    qemu_bh_schedule(s->bh);
> -}
> -
>   /*
>    * Read a byte of response data
>    */
> @@ -1089,8 +1081,6 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp)
>           return;
>       }
>
> -    s->bh = qemu_bh_new(tpm_tis_receive_bh, s);
> -
>       isa_init_irq(&s->busdev, &s->irq, s->irq_num);
>
>       memory_region_add_subregion(isa_address_space(ISA_DEVICE(dev)),

Re: [Qemu-devel] [PATCH 24/42] tpm-be: call request_completed() out of thread

[Stefan Berger]

On 10/19/2017 06:02 PM, Stefan Berger wrote:
> On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
>> Lift from the backend implementation the responsability to call the
>> request_completed() callback outside of thread context. This also
>
> I don't think this is what you are doing here. It's still in thread 
> context.
>
> Something is breaking the TIS interface in this patch. The symptom is 
> that SeaBIOS doesn't show its menu anymore.
>
> I have to withdraw my Reviewed-by from this one. It looked 
> sufficiently harmless but it's not.
>
>     Stefan

This here fixes the problem for TIS:

diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index 355427a..cd29925 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -416,7 +416,7 @@ static void tpm_tis_prep_abort(TPMState *s, uint8_t 
locty, uint8_t newlocty)
  static void tpm_tis_request_completed(TPMIf *ti)
  {
      TPMState *s = TPM(ti);
-    uint8_t locty = s->locty_number;
+    uint8_t locty = s->cmd.locty;
      uint8_t l;

      if (s->cmd.selftest_done) {






>
>> simplify frontend/interface work, as they no longer need to care
>> whether the callback is called from a different thread.
>>
>> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
>> ---
>>   hw/tpm/tpm_int.h             |  1 -
>>   include/sysemu/tpm_backend.h |  1 +
>>   backends/tpm.c               | 15 ++++++++++++++-
>>   hw/tpm/tpm_emulator.c        |  2 --
>>   hw/tpm/tpm_passthrough.c     |  3 ---
>>   hw/tpm/tpm_tis.c             | 36 +++++++++++++-----------------------
>>   6 files changed, 28 insertions(+), 30 deletions(-)
>>
>> diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
>> index 9c045b6691..9c49325f03 100644
>> --- a/hw/tpm/tpm_int.h
>> +++ b/hw/tpm/tpm_int.h
>> @@ -30,7 +30,6 @@ typedef struct TPMIf {
>>   typedef struct TPMIfClass {
>>       InterfaceClass parent_class;
>>
>> -    /* run in thread pool by backend */
>>       void (*request_completed)(TPMIf *obj);
>>   } TPMIfClass;
>>
>> diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
>> index 8d08765b3c..dd4fb288ea 100644
>> --- a/include/sysemu/tpm_backend.h
>> +++ b/include/sysemu/tpm_backend.h
>> @@ -48,6 +48,7 @@ struct TPMBackend {
>>       bool opened;
>>       GThreadPool *thread_pool;
>>       bool had_startup_error;
>> +    QEMUBH *bh;
>>
>>       /* <public> */
>>       char *id;
>> diff --git a/backends/tpm.c b/backends/tpm.c
>> index 86f0e7e915..58f823d54c 100644
>> --- a/backends/tpm.c
>> +++ b/backends/tpm.c
>> @@ -18,14 +18,25 @@
>>   #include "qapi/qmp/qerror.h"
>>   #include "sysemu/tpm.h"
>>   #include "qemu/thread.h"
>> +#include "qemu/main-loop.h"
>> +
>> +static void tpm_backend_request_completed_bh(void *opaque)
>> +{
>> +    TPMBackend *s = TPM_BACKEND(opaque);
>> +    TPMIfClass *tic = TPM_IF_GET_CLASS(s->tpmif);
>> +
>> +    tic->request_completed(s->tpmif);
>> +}
>>
>>   static void tpm_backend_worker_thread(gpointer data, gpointer 
>> user_data)
>>   {
>>       TPMBackend *s = TPM_BACKEND(user_data);
>> -    TPMBackendClass *k  = TPM_BACKEND_GET_CLASS(s);
>> +    TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
>>
>>       assert(k->handle_request != NULL);
>>       k->handle_request(s, (TPMBackendCmd *)data);
>> +
>> +    qemu_bh_schedule(s->bh);
>>   }
>>
>>   static void tpm_backend_thread_end(TPMBackend *s)
>> @@ -193,6 +204,7 @@ static void tpm_backend_instance_init(Object *obj)
>>                                tpm_backend_prop_set_opened,
>>                                NULL);
>>       s->fe_model = -1;
>> +    s->bh = qemu_bh_new(tpm_backend_request_completed_bh, s);
>>   }
>>
>>   static void tpm_backend_instance_finalize(Object *obj)
>> @@ -202,6 +214,7 @@ static void tpm_backend_instance_finalize(Object 
>> *obj)
>>       object_unref(OBJECT(s->tpmif));
>>       g_free(s->id);
>>       tpm_backend_thread_end(s);
>> +    qemu_bh_delete(s->bh);
>>   }
>>
>>   static const TypeInfo tpm_backend_info = {
>> diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
>> index 07e7aa4abc..36454837b3 100644
>> --- a/hw/tpm/tpm_emulator.c
>> +++ b/hw/tpm/tpm_emulator.c
>> @@ -176,7 +176,6 @@ static int tpm_emulator_set_locality(TPMEmulator 
>> *tpm_emu, uint8_t locty_number,
>>   static void tpm_emulator_handle_request(TPMBackend *tb, 
>> TPMBackendCmd *cmd)
>>   {
>>       TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
>> -    TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpmif);
>>       Error *err = NULL;
>>
>>       DPRINTF("processing TPM command");
>> @@ -191,7 +190,6 @@ static void 
>> tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
>>           goto error;
>>       }
>>
>> -    tic->request_completed(tb->tpmif);
>>       return;
>>
>>   error:
>> diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
>> index 2ad74badca..8c002e4da6 100644
>> --- a/hw/tpm/tpm_passthrough.c
>> +++ b/hw/tpm/tpm_passthrough.c
>> @@ -139,14 +139,11 @@ err_exit:
>>   static void tpm_passthrough_handle_request(TPMBackend *tb, 
>> TPMBackendCmd *cmd)
>>   {
>>       TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
>> -    TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpmif);
>>
>>       DPRINTF("tpm_passthrough: processing command %p\n", cmd);
>>
>>       tpm_passthrough_unix_tx_bufs(tpm_pt, cmd->in, cmd->in_len,
>>                                    cmd->out, cmd->out_len, 
>> &cmd->selftest_done);
>> -
>> -    tic->request_completed(tb->tpmif);
>>   }
>>
>>   static void tpm_passthrough_reset(TPMBackend *tb)
>> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
>> index b3757bfbda..355427ab29 100644
>> --- a/hw/tpm/tpm_tis.c
>> +++ b/hw/tpm/tpm_tis.c
>> @@ -76,7 +76,6 @@ typedef struct TPMState {
>>       ISADevice busdev;
>>       MemoryRegion mmio;
>>
>> -    QEMUBH *bh;
>>       uint32_t offset;
>>       uint8_t buf[TPM_TIS_BUFFER_MAX];
>>
>> @@ -411,10 +410,20 @@ static void tpm_tis_prep_abort(TPMState *s, 
>> uint8_t locty, uint8_t newlocty)
>>       tpm_tis_abort(s, locty);
>>   }
>>
>> -static void tpm_tis_receive_bh(void *opaque)
>> +/*
>> + * Callback from the TPM to indicate that the response was received.
>> + */
>> +static void tpm_tis_request_completed(TPMIf *ti)
>>   {
>> -    TPMState *s = opaque;
>> -    uint8_t locty = s->cmd.locty;
>> +    TPMState *s = TPM(ti);
>> +    uint8_t locty = s->locty_number;
>> +    uint8_t l;
>> +
>> +    if (s->cmd.selftest_done) {
>> +        for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
>> +            s->loc[locty].sts |= TPM_TIS_STS_SELFTEST_DONE;
>> +        }
>> +    }
>>
>>       tpm_tis_sts_set(&s->loc[locty],
>>                       TPM_TIS_STS_VALID | TPM_TIS_STS_DATA_AVAILABLE);
>> @@ -430,23 +439,6 @@ static void tpm_tis_receive_bh(void *opaque)
>>                         TPM_TIS_INT_DATA_AVAILABLE | 
>> TPM_TIS_INT_STS_VALID);
>>   }
>>
>> -static void tpm_tis_request_completed(TPMIf *ti)
>> -{
>> -    TPMState *s = TPM(ti);
>> -
>> -    bool is_selftest_done = s->cmd.selftest_done;
>> -    uint8_t locty = s->cmd.locty;
>> -    uint8_t l;
>> -
>> -    if (is_selftest_done) {
>> -        for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
>> -            s->loc[locty].sts |= TPM_TIS_STS_SELFTEST_DONE;
>> -        }
>> -    }
>> -
>> -    qemu_bh_schedule(s->bh);
>> -}
>> -
>>   /*
>>    * Read a byte of response data
>>    */
>> @@ -1089,8 +1081,6 @@ static void tpm_tis_realizefn(DeviceState *dev, 
>> Error **errp)
>>           return;
>>       }
>>
>> -    s->bh = qemu_bh_new(tpm_tis_receive_bh, s);
>> -
>>       isa_init_irq(&s->busdev, &s->irq, s->irq_num);
>>
>> memory_region_add_subregion(isa_address_space(ISA_DEVICE(dev)),
>
>

Re: [Qemu-devel] [PATCH 00/42] TPM: code cleanup & CRB device

[Stefan Berger]

On 10/19/2017 01:00 PM, Marc-André Lureau wrote:
> Hi
>
> ----- Original Message -----
>> On 10/19/2017 10:44 AM, Stefan Berger wrote:
>>> On 10/19/2017 10:33 AM, Marc-André Lureau wrote:
>>>> Hi Stefan
>>>>
>>>> ----- Original Message -----
>>>>> On 10/09/2017 06:55 PM, Marc-André Lureau wrote:
>>>>>> Hi,
>>>>>>
>>>>>> I accumulated a series of patch doing some TPM code cleanup while
>>>>>> doing review. I removed some dead code, simplified other parts, and
>>>>>> tried to isolate implementation of the backend and frontend by using a
>>>>>> new TPMIf interface. I solved a few issues, and added some FIXME for
>>>>>> what should be tackled.  Finally, I implemented a simple CRB device
>>>>>> (tpm 2.0) that is work in progress for now - it works fine with
>>>>>> passthrough, but swtpm/libtpms with win10 has some issues that need
>>>>>> more investigations.
>>>>>>
>>>>>> seabios CRB support is required for TPM 2.0 & emulation
>>>>>> (https://mail.coreboot.org/pipermail/seabios/2017-October/011839.html)
>>>>>>
>>>>>> Comments/review welcome!
>>>>> Are you going to post a v2 soon?
>>>> I was wondering if you would take the patches that you already
>>>> reviewed for the next pull request. That way v2 would be smaller.
>>> I'll take them up to 21/42.
>> Tested them and it seems to work fine. I'll post later today.
>>
>> Did you have any more luck with win10 and tpm2 ?
> I haven't had time so far to investigate further.
>
> The summary was that Windows refuses to talk with a TPM2/TIS device (it doesn't even shows up in device list), while TPM2/CRB is being recognized and communicated with. However, there are some failure with swtpm/libtpms that are unclear, and will require more verbosity in libtpms. I plan to resume this effort in a few weeks.

TPM1.2 + TIS seems good.
TPM 2 + CRB seems to have a problem with a key handle 0x81 00 00 01.

    Stefan
> Thanks
>

Re: [Qemu-devel] [PATCH 42/42] WIP: add TPM CRB device

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> tpm_crb is a device for TPM 2.0 Command Response Buffer (CRB)
> Interface as defined in TCG PC Client Platform TPM Profile (PTP)
> Specification Family “2.0” Level 00 Revision 01.03 v22.
>
> The PTP allows device implementation to switch between TIS and CRB
> model at run time, but given that CRB is a simpler device to
> implement, I chose to implement it as a different device.
>
> The device doesn't implement other locality than 0 for now (my laptop
> TPM doesn't either, so I assume this isn't so bad)
>
> The command/reply memory region is statically allocated after the CRB
> registers address TPM_CRB_ADDR_BASE + sizeof(struct crb_regs). I
> wonder if the BIOS could or should allocate it instead, or what size
> to use.
>
> The PTP doesn't specify a particular bus to put the device. I chose to
> add it on the system bus directly, so it could hopefully be used
> easily on a different platform. However, I am not sure this is easily
> done or a smart approach. It fails to init on piix, because
> error_on_sysbus_device() check. Removing this check, the device is
> still functional... We may want to put it on ISA bus instead for now.
>
> Tested with some success with Linux upstream and Windows 10. The
> device is recognized and correctly transmit command/response with
> passthrough/emu, but the swtpm emulator has some issues I need to
> investigate further.

Some keys need to be there and SeaBIOS currently locks the storage 
hierarchy, which it shouldn't. I am not sure whether SeaBIOS should 
create those keys.

Two more things:
- the SeaBIOS menu does not show up when using a TPM 2 with it; I don't 
know why
- the driver should error and terminate when it detects that the backend 
it a TPM 2

Otherwise I have pretty good confidence in this series with that fix to 
22/42 applied. I migrated Linux VMs back and forth on the same host with 
a few additional patches and it seems to work fine.

    Stefan




>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
>   qapi/tpm.json                      |   7 +-
>   include/hw/acpi/tpm.h              |  65 ++++++++
>   include/sysemu/tpm.h               |   3 +
>   hw/i386/acpi-build.c               |  19 +++
>   hw/tpm/tpm_crb.c                   | 320 +++++++++++++++++++++++++++++++++++++
>   default-configs/i386-softmmu.mak   |   1 +
>   default-configs/x86_64-softmmu.mak |   1 +
>   hw/tpm/Makefile.objs               |   1 +
>   8 files changed, 414 insertions(+), 3 deletions(-)
>   create mode 100644 hw/tpm/tpm_crb.c
>
> diff --git a/qapi/tpm.json b/qapi/tpm.json
> index 7093f268fb..12a4509ad6 100644
> --- a/qapi/tpm.json
> +++ b/qapi/tpm.json
> @@ -10,11 +10,12 @@
>   #
>   # An enumeration of TPM models
>   #
> -# @tpm-tis: TPM TIS model
> +# @tpm-tis: TPM TIS model (since 1.5)
> +# @tpm-crb: TPM CRB model (since 2.11)
>   #
>   # Since: 1.5
>   ##
> -{ 'enum': 'TpmModel', 'data': [ 'tpm-tis' ] }
> +{ 'enum': 'TpmModel', 'data': [ 'tpm-tis', 'tpm-crb' ] }
>
>   ##
>   # @query-tpm-models:
> @@ -28,7 +29,7 @@
>   # Example:
>   #
>   # -> { "execute": "query-tpm-models" }
> -# <- { "return": [ "tpm-tis" ] }
> +# <- { "return": [ "tpm-tis", "tpm-crb" ] }
>   #
>   ##
>   { 'command': 'query-tpm-models', 'returns': ['TpmModel'] }
> diff --git a/include/hw/acpi/tpm.h b/include/hw/acpi/tpm.h
> index 6d516c6a7f..c0b9a0ca6e 100644
> --- a/include/hw/acpi/tpm.h
> +++ b/include/hw/acpi/tpm.h
> @@ -16,11 +16,75 @@
>   #ifndef HW_ACPI_TPM_H
>   #define HW_ACPI_TPM_H
>
> +#include "qemu/osdep.h"
> +
>   #define TPM_TIS_ADDR_BASE           0xFED40000
>   #define TPM_TIS_ADDR_SIZE           0x5000
>
>   #define TPM_TIS_IRQ                 5
>
> +struct crb_regs {
> +    union {
> +        uint32_t loc_state;
> +        struct {
> +            unsigned tpm_established:1;
> +            unsigned loc_assigned:1;
> +            unsigned active_locality:3;
> +            unsigned reserved:2;
> +            unsigned tpm_reg_valid_sts:1;
> +        } loc_state_bits;
> +    };
> +    uint32_t reserved1;
> +    uint32_t loc_ctrl;
> +    uint32_t loc_sts;
> +    uint8_t reserved2[32];
> +    union {
> +        uint64_t intf_id;
> +        struct {
> +            unsigned type:4;
> +            unsigned version:4;
> +            unsigned cap_locality:1;
> +            unsigned cap_crb_idle_bypass:1;
> +            unsigned reserved1:1;
> +            unsigned cap_data_xfer_size_support:2;
> +            unsigned cap_fifo:1;
> +            unsigned cap_crb:1;
> +            unsigned cap_if_res:2;
> +            unsigned if_selector:2;
> +            unsigned if_selector_lock:1;
> +            unsigned reserved2:4;
> +            unsigned rid:8;
> +            unsigned vid:16;
> +            unsigned did:16;
> +        } intf_id_bits;
> +    };
> +    uint64_t ctrl_ext;
> +
> +    uint32_t ctrl_req;
> +    union {
> +        uint32_t ctrl_sts;
> +        struct {
> +            unsigned tpm_sts:1;
> +            unsigned tpm_idle:1;
> +            unsigned reserved:30;
> +        } ctrl_sts_bits;
> +    };
> +    uint32_t ctrl_cancel;
> +    uint32_t ctrl_start;
> +    uint32_t ctrl_int_enable;
> +    uint32_t ctrl_int_sts;
> +    uint32_t ctrl_cmd_size;
> +    uint32_t ctrl_cmd_pa_low;
> +    uint32_t ctrl_cmd_pa_high;
> +    uint32_t ctrl_rsp_size;
> +    uint64_t ctrl_rsp_pa;
> +} QEMU_PACKED;
> +
> +#define TPM_CRB_ADDR_BASE           0xFED40000
> +#define TPM_CRB_ADDR_SIZE           0x1000
> +#define TPM_CRB_ADDR_CTRL \
> +    (TPM_CRB_ADDR_BASE + offsetof(struct crb_regs, ctrl_req))
> +
>   #define TPM_LOG_AREA_MINIMUM_SIZE   (64 * 1024)
>
>   #define TPM_TCPA_ACPI_CLASS_CLIENT  0
> @@ -30,5 +94,6 @@
>   #define TPM2_ACPI_CLASS_SERVER      1
>
>   #define TPM2_START_METHOD_MMIO      6
> +#define TPM2_START_METHOD_CRB       7
>
>   #endif /* HW_ACPI_TPM_H */
> diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h
> index 8223ec621c..bdc6bde109 100644
> --- a/include/sysemu/tpm.h
> +++ b/include/sysemu/tpm.h
> @@ -46,9 +46,12 @@ int tpm_init(void);
>   void tpm_cleanup(void);
>
>   #define TYPE_TPM_TIS                "tpm-tis"
> +#define TYPE_TPM_CRB                "tpm-crb"
>
>   #define TPM_IS_TIS(chr)                             \
>       object_dynamic_cast(OBJECT(chr), TYPE_TPM_TIS)
> +#define TPM_IS_CRB(chr)                             \
> +    object_dynamic_cast(OBJECT(chr), TYPE_TPM_CRB)
>
>   static inline TPMIf *tpm_find(void)
>   {
> diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> index ee38b00e31..f9345c75e6 100644
> --- a/hw/i386/acpi-build.c
> +++ b/hw/i386/acpi-build.c
> @@ -2224,6 +2224,22 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
>               aml_append(sb_scope, scope);
>           }
>       }
> +
> +    if (TPM_IS_CRB(tpm_find())) {
> +        dev = aml_device("TPM");
> +        aml_append(dev, aml_name_decl("_HID", aml_string("MSFT0101")));
> +        crs = aml_resource_template();
> +        aml_append(crs, aml_memory32_fixed(TPM_CRB_ADDR_BASE,
> +                                           TPM_CRB_ADDR_SIZE, AML_READ_WRITE));
> +        aml_append(dev, aml_name_decl("_CRS", crs));
> +
> +        method = aml_method("_STA", 0, AML_NOTSERIALIZED);
> +        aml_append(method, aml_return(aml_int(0x0f)));
> +        aml_append(dev, method);
> +
> +        aml_append(sb_scope, dev);
> +    }
> +
>       aml_append(dsdt, sb_scope);
>
>       /* copy AML table into ACPI tables blob and patch header there */
> @@ -2284,6 +2300,9 @@ build_tpm2(GArray *table_data, BIOSLinker *linker)
>       if (TPM_IS_TIS(tpm_find())) {
>           tpm2_ptr->control_area_address = cpu_to_le64(0);
>           tpm2_ptr->start_method = cpu_to_le32(TPM2_START_METHOD_MMIO);
> +    } else if (TPM_IS_CRB(tpm_find())) {
> +        tpm2_ptr->control_area_address = cpu_to_le32(TPM_CRB_ADDR_CTRL);
> +        tpm2_ptr->start_method = cpu_to_le32(TPM2_START_METHOD_CRB);
>       } else {
>           g_warn_if_reached();
>       }
> diff --git a/hw/tpm/tpm_crb.c b/hw/tpm/tpm_crb.c
> new file mode 100644
> index 0000000000..64039ebc8e
> --- /dev/null
> +++ b/hw/tpm/tpm_crb.c
> @@ -0,0 +1,320 @@
> +/*
> + * tpm_crb.c - QEMU's TPM CRB interface emulator
> + *
> + * Copyright (c) 2017 Red Hat, Inc.
> + *
> + * Authors:
> + *   Marc-André Lureau <marcandre.lureau@redhat.com>
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
> + * See the COPYING file in the top-level directory.
> + *
> + * tpm_crb is a device for TPM 2.0 Command Response Buffer (CRB) Interface
> + * as defined in TCG PC Client Platform TPM Profile (PTP) Specification
> + * Family “2.0” Level 00 Revision 01.03 v22
> + */
> +
> +#include "qemu/osdep.h"
> +
> +#include "qemu-common.h"
> +#include "qapi/error.h"
> +#include "hw/sysbus.h"
> +#include "exec/address-spaces.h"
> +
> +#include "hw/pci/pci_ids.h"
> +#include "hw/acpi/tpm.h"
> +#include "sysemu/tpm_backend.h"
> +#include "tpm_int.h"
> +#include "tpm_util.h"
> +
> +typedef struct CRBState {
> +    SysBusDevice parent_obj;
> +
> +    MemoryRegion mmio;
> +    MemoryRegion cmdmem;
> +    char *backend;
> +    TPMBackend *tpmbe;
> +    TPMBackendCmd cmd;
> +    struct crb_regs regs;
> +} CRBState;
> +
> +#define CRB(obj) OBJECT_CHECK(CRBState, (obj), TYPE_TPM_CRB)
> +
> +#define DEBUG_CRB 0
> +
> +#define DPRINTF(fmt, ...) do {                  \
> +        if (DEBUG_CRB) {                        \
> +            printf(fmt, ## __VA_ARGS__);        \
> +        }                                       \
> +    } while (0);
> +
> +#define CRB_ADDR_LOC_STATE offsetof(struct crb_regs, loc_state)
> +#define CRB_ADDR_LOC_CTRL offsetof(struct crb_regs, loc_ctrl)
> +#define CRB_ADDR_CTRL_REQ offsetof(struct crb_regs, ctrl_req)
> +#define CRB_ADDR_CTRL_CANCEL offsetof(struct crb_regs, ctrl_cancel)
> +#define CRB_ADDR_CTRL_START offsetof(struct crb_regs, ctrl_start)
> +
> +#define CRB_INTF_TYPE_CRB_ACTIVE 0b1
> +#define CRB_INTF_VERSION_CRB 0b1
> +#define CRB_INTF_CAP_LOCALITY_0_ONLY 0b0
> +#define CRB_INTF_CAP_IDLE_FAST 0b0
> +#define CRB_INTF_CAP_XFER_SIZE_64 0b11
> +#define CRB_INTF_CAP_FIFO_NOT_SUPPORTED 0b0
> +#define CRB_INTF_CAP_CRB_SUPPORTED 0b1
> +#define CRB_INTF_IF_SELECTOR_CRB 0b1
> +#define CRB_INTF_IF_SELECTOR_UNLOCKED 0b0
> +
> +#define CRB_CTRL_CMD_SIZE (TPM_CRB_ADDR_SIZE - sizeof(struct crb_regs))
> +
> +enum crb_loc_ctrl {
> +    CRB_LOC_CTRL_REQUEST_ACCESS = BIT(0),
> +    CRB_LOC_CTRL_RELINQUISH = BIT(1),
> +    CRB_LOC_CTRL_SEIZE = BIT(2),
> +    CRB_LOC_CTRL_RESET_ESTABLISHMENT_BIT = BIT(3),
> +};
> +
> +enum crb_ctrl_req {
> +    CRB_CTRL_REQ_CMD_READY = BIT(0),
> +    CRB_CTRL_REQ_GO_IDLE = BIT(1),
> +};
> +
> +enum crb_ctrl_sts {
> +    CRB_CTRL_STS_ERROR = BIT(0),
> +    CRB_CTRL_STS_TPM_IDLE = BIT(1),
> +};
> +
> +enum crb_start {
> +    CRB_START_INVOKE = BIT(0),
> +};
> +
> +enum crb_cancel {
> +    CRB_CANCEL_INVOKE = BIT(0),
> +};
> +
> +static const char *addr_desc(unsigned off)
> +{
> +    switch (off) {
> +#define CASE(off)                               \
> +    case offsetof(struct crb_regs, off):        \
> +        return G_STRINGIFY(off)
> +        CASE(loc_state);
> +        CASE(reserved1);
> +        CASE(loc_ctrl);
> +        CASE(loc_sts);
> +        CASE(reserved2);
> +        CASE(intf_id);
> +        CASE(ctrl_ext);
> +        CASE(ctrl_req);
> +        CASE(ctrl_sts);
> +        CASE(ctrl_cancel);
> +        CASE(ctrl_start);
> +        CASE(ctrl_int_enable);
> +        CASE(ctrl_int_sts);
> +        CASE(ctrl_cmd_size);
> +        CASE(ctrl_cmd_pa_low);
> +        CASE(ctrl_cmd_pa_high);
> +        CASE(ctrl_rsp_size);
> +        CASE(ctrl_rsp_pa);
> +#undef CASE
> +    }
> +    return NULL;
> +}
> +
> +static uint64_t tpm_crb_mmio_read(void *opaque, hwaddr addr,
> +                                  unsigned size)
> +{
> +    CRBState *s = CRB(opaque);
> +    DPRINTF("CRB read %lx:%s %u\n", addr, addr_desc(addr), size);
> +
> +    /* all registers are 32-bit aligned */
> +    if (addr % 4) {
> +        return G_MAXUINT64;
> +    }
> +    return ((uint32_t *)&s->regs)[addr / 4];
> +}
> +
> +static void tpm_crb_mmio_write(void *opaque, hwaddr addr,
> +                               uint64_t val, unsigned size)
> +{
> +    CRBState *s = CRB(opaque);
> +    DPRINTF("CRB write %lx:%s %lu %u\n", addr, addr_desc(addr), val, size);
> +
> +    switch (addr) {
> +    case CRB_ADDR_CTRL_REQ:
> +        switch (val) {
> +        case CRB_CTRL_REQ_CMD_READY:
> +            s->regs.ctrl_sts_bits.tpm_idle = 0;
> +            break;
> +        case CRB_CTRL_REQ_GO_IDLE:
> +            s->regs.ctrl_sts_bits.tpm_idle = 1;
> +            break;
> +        }
> +        break;
> +    case CRB_ADDR_CTRL_CANCEL:
> +        if (val == CRB_CANCEL_INVOKE && s->regs.ctrl_start & CRB_START_INVOKE) {
> +            tpm_backend_cancel_cmd(s->tpmbe);
> +        }
> +        break;
> +    case CRB_ADDR_CTRL_START:
> +        if (val == CRB_START_INVOKE &&
> +            !(s->regs.ctrl_start & CRB_START_INVOKE)) {
> +            void *mem = memory_region_get_ram_ptr(&s->cmdmem);
> +
> +            s->regs.ctrl_start |= CRB_START_INVOKE;
> +            s->cmd = (TPMBackendCmd) {
> +                .in = mem,
> +                .in_len = MIN(tpm_cmd_get_size(mem), CRB_CTRL_CMD_SIZE),
> +                .out = mem,
> +                .out_len = CRB_CTRL_CMD_SIZE,
> +            };
> +
> +            tpm_backend_deliver_request(s->tpmbe, &s->cmd);
> +        }
> +        break;
> +    case CRB_ADDR_LOC_CTRL:
> +        switch (val) {
> +        case CRB_LOC_CTRL_RESET_ESTABLISHMENT_BIT:
> +            /* not loc 3 or 4 */
> +            break;
> +        case CRB_LOC_CTRL_RELINQUISH:
> +            break;
> +        case CRB_LOC_CTRL_REQUEST_ACCESS:
> +            s->regs.loc_state_bits.loc_assigned = 1;
> +            s->regs.loc_state_bits.tpm_reg_valid_sts = 1;
> +            break;
> +        }
> +        break;
> +    }
> +}
> +
> +static const MemoryRegionOps tpm_crb_memory_ops = {
> +    .read = tpm_crb_mmio_read,
> +    .write = tpm_crb_mmio_write,
> +    .endianness = DEVICE_LITTLE_ENDIAN,
> +    .valid = {
> +        .min_access_size = 1,
> +        .max_access_size = 4,
> +    },
> +};
> +
> +static void tpm_crb_reset(DeviceState *dev)
> +{
> +    CRBState *s = CRB(dev);
> +
> +    s->regs = (struct crb_regs) {
> +        .intf_id_bits = {
> +            .type = CRB_INTF_TYPE_CRB_ACTIVE,
> +            .version = CRB_INTF_VERSION_CRB,
> +            .cap_locality = CRB_INTF_CAP_LOCALITY_0_ONLY,
> +            .cap_crb_idle_bypass = CRB_INTF_CAP_IDLE_FAST,
> +            .cap_data_xfer_size_support = CRB_INTF_CAP_XFER_SIZE_64,
> +            .cap_fifo = CRB_INTF_CAP_FIFO_NOT_SUPPORTED,
> +            .cap_crb = CRB_INTF_CAP_CRB_SUPPORTED,
> +            .cap_if_res = 0b0,
> +            .if_selector = CRB_INTF_IF_SELECTOR_CRB,
> +            .if_selector_lock = CRB_INTF_IF_SELECTOR_UNLOCKED,
> +            .rid = 0b0001,
> +            .vid = PCI_VENDOR_ID_IBM,
> +            .did = 0b0001,
> +        },
> +        .ctrl_cmd_size = CRB_CTRL_CMD_SIZE,
> +        .ctrl_cmd_pa_low = TPM_CRB_ADDR_BASE + sizeof(struct crb_regs),
> +        .ctrl_rsp_size = CRB_CTRL_CMD_SIZE,
> +        .ctrl_rsp_pa = TPM_CRB_ADDR_BASE + sizeof(struct crb_regs),
> +    };
> +
> +    tpm_backend_reset(s->tpmbe);
> +    tpm_backend_startup_tpm(s->tpmbe);
> +}
> +
> +static void tpm_crb_request_completed(TPMIf *ti)
> +{
> +    CRBState *s = CRB(ti);
> +
> +    s->regs.ctrl_start &= ~CRB_START_INVOKE;
> +    /* TODO, in case of error: s->regs.ctrl_sts = CRB_CTRL_STS_ERROR */
> +}
> +
> +static enum TPMVersion tpm_crb_get_version(TPMIf *ti)
> +{
> +    CRBState *s = CRB(ti);
> +
> +    return tpm_backend_get_tpm_version(s->tpmbe);
> +}
> +
> +static const VMStateDescription vmstate_tpm_crb = {
> +    .name = "tpm-crb",
> +    .unmigratable = 1,
> +};
> +
> +static Property tpm_crb_properties[] = {
> +    DEFINE_PROP_STRING("tpmdev", CRBState, backend),
> +    DEFINE_PROP_END_OF_LIST(),
> +};
> +
> +static void tpm_crb_realizefn(DeviceState *dev, Error **errp)
> +{
> +    CRBState *s = CRB(dev);
> +    SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
> +
> +    if (!tpm_find()) {
> +        error_setg(errp, "at most one TPM device is permitted");
> +        return;
> +    }
> +
> +    s->tpmbe = qemu_find_tpm_be(s->backend);
> +    if (!s->tpmbe) {
> +        error_setg(errp, "tpm-crb: backend driver with id '%s' could not be "
> +                   "found", s->backend);
> +        return;
> +    }
> +
> +    if (tpm_backend_init(s->tpmbe, TPM_IF(s), errp)) {
> +        return;
> +    }
> +
> +    memory_region_init_io(&s->mmio, OBJECT(s), &tpm_crb_memory_ops, s,
> +        "tpm-crb-mmio", sizeof(struct crb_regs));
> +    memory_region_init_ram(&s->cmdmem, OBJECT(s),
> +        "tpm-crb-cmd", CRB_CTRL_CMD_SIZE, errp);
> +
> +    sysbus_init_mmio(sbd, &s->mmio);
> +    sysbus_mmio_map(sbd, 0, TPM_CRB_ADDR_BASE);
> +    /* allocate ram in bios instead? */
> +    memory_region_add_subregion(get_system_memory(),
> +        TPM_CRB_ADDR_BASE + sizeof(struct crb_regs), &s->cmdmem);
> +}
> +
> +static void tpm_crb_class_init(ObjectClass *klass, void *data)
> +{
> +    DeviceClass *dc = DEVICE_CLASS(klass);
> +    TPMIfClass *tc = TPM_IF_CLASS(klass);
> +
> +    dc->realize = tpm_crb_realizefn;
> +    dc->props = tpm_crb_properties;
> +    dc->reset = tpm_crb_reset;
> +    dc->vmsd  = &vmstate_tpm_crb;
> +    dc->user_creatable = true;
> +    tc->model = TPM_MODEL_TPM_CRB;
> +    tc->get_version = tpm_crb_get_version;
> +    tc->request_completed = tpm_crb_request_completed;
> +}
> +
> +static const TypeInfo tpm_crb_info = {
> +    .name = TYPE_TPM_CRB,
> +    .parent = TYPE_SYS_BUS_DEVICE,
> +    .instance_size = sizeof(CRBState),
> +    .class_init  = tpm_crb_class_init,
> +    .interfaces = (InterfaceInfo[]) {
> +        { TYPE_TPM_IF },
> +        { }
> +    }
> +};
> +
> +static void tpm_crb_register(void)
> +{
> +    type_register_static(&tpm_crb_info);
> +    tpm_register_model(TPM_MODEL_TPM_CRB);
> +}
> +
> +type_init(tpm_crb_register)
> diff --git a/default-configs/i386-softmmu.mak b/default-configs/i386-softmmu.mak
> index d2ab2f6655..c10afe953a 100644
> --- a/default-configs/i386-softmmu.mak
> +++ b/default-configs/i386-softmmu.mak
> @@ -36,6 +36,7 @@ CONFIG_APPLESMC=y
>   CONFIG_I8259=y
>   CONFIG_PFLASH_CFI01=y
>   CONFIG_TPM_TIS=$(CONFIG_TPM)
> +CONFIG_TPM_CRB=$(CONFIG_TPM)
>   CONFIG_MC146818RTC=y
>   CONFIG_PCI_PIIX=y
>   CONFIG_WDT_IB700=y
> diff --git a/default-configs/x86_64-softmmu.mak b/default-configs/x86_64-softmmu.mak
> index 9bde2f1c4b..1a6004f3f8 100644
> --- a/default-configs/x86_64-softmmu.mak
> +++ b/default-configs/x86_64-softmmu.mak
> @@ -36,6 +36,7 @@ CONFIG_APPLESMC=y
>   CONFIG_I8259=y
>   CONFIG_PFLASH_CFI01=y
>   CONFIG_TPM_TIS=$(CONFIG_TPM)
> +CONFIG_TPM_CRB=$(CONFIG_TPM)
>   CONFIG_MC146818RTC=y
>   CONFIG_PCI_PIIX=y
>   CONFIG_WDT_IB700=y
> diff --git a/hw/tpm/Makefile.objs b/hw/tpm/Makefile.objs
> index 41f0b7a590..5c98af0de4 100644
> --- a/hw/tpm/Makefile.objs
> +++ b/hw/tpm/Makefile.objs
> @@ -1,3 +1,4 @@
>   common-obj-$(CONFIG_TPM_TIS) += tpm_tis.o
> +common-obj-$(CONFIG_TPM_CRB) += tpm_crb.o
>   common-obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o tpm_util.o
>   common-obj-$(CONFIG_TPM_EMULATOR) += tpm_emulator.o tpm_util.o

Re: [Qemu-devel] [PATCH 42/42] WIP: add TPM CRB device

[Stefan Berger]

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:
> +
> +#define CRB_INTF_TYPE_CRB_ACTIVE 0b1
> +#define CRB_INTF_VERSION_CRB 0b1
> +#define CRB_INTF_CAP_LOCALITY_0_ONLY 0b0
> +#define CRB_INTF_CAP_IDLE_FAST 0b0
> +#define CRB_INTF_CAP_XFER_SIZE_64 0b11
> +#define CRB_INTF_CAP_FIFO_NOT_SUPPORTED 0b0
> +#define CRB_INTF_CAP_CRB_SUPPORTED 0b1
> +#define CRB_INTF_IF_SELECTOR_CRB 0b1
> +#define CRB_INTF_IF_SELECTOR_UNLOCKED 0b0
> +
> +#define CRB_CTRL_CMD_SIZE (TPM_CRB_ADDR_SIZE - sizeof(struct crb_regs))

So this here seems to declare the size of the buffer, which is a bit 
less than 4k now. Theoretically this could cause problems with the TPM 
on the backend side that may assume that there's a buffer of 4k 
available on the interface side. So there can be a mismatch between 
these buffersize if for example one usesCRB with passthrough and the 
host has a TIS with a TPM with full 4k buffersize.

I went through the exercise of extending libtpms and swtpm with commands 
to get and set the buffersize 'swtpm' is suppose to use. 
TPM/TPM2_GetCapability() can be used by a user to read the buffer size 
from the device and that now returns a possibly adjusted buffersize. I 
also modified QEMU to read the buffer size from the backend and have it 
configure the frontend's buffer to use the backend's buffer size. It is 
currently hard coded to 4096 and correct for the TIS.

https://github.com/stefanberger/qemu-tpm/commits/tpm_backend_buffer_size

The problem may only be theoretical since I am not sure whether any 
commands of TPM 2 (where it's relevant for CRB) would return a full 4k 
buffer that the CRB wouldn't be able to pass on to the OS. We have the 
possibility to match up the buffersizes now, though.

     Stefan