From: Stefan Berger <stefanb@linux.ibm.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
linux-integrity@vger.kernel.org
Cc: linux-security-module@vger.kernel.org,
James Bottomley <James.Bottomley@HansenPartnership.com>,
Tomas Winkler <tomas.winkler@intel.com>,
Tadeusz Struk <tadeusz.struk@intel.com>,
Stefan Berger <stefanb@linux.vnet.ibm.com>,
Nayna Jain <nayna@linux.ibm.com>, Peter Huewe <peterhuewe@gmx.de>,
Jason Gunthorpe <jgg@ziepe.ca>, Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v3 08/16] tpm: move tpm_validate_commmand() to tpm2-space.c
Date: Mon, 5 Nov 2018 17:36:03 -0500 [thread overview]
Message-ID: <4d71e3e5-67b6-d9b3-0561-a1221b5d6bbf@linux.ibm.com> (raw)
In-Reply-To: <20181105014552.20262-9-jarkko.sakkinen@linux.intel.com>
On 11/4/18 8:45 PM, Jarkko Sakkinen wrote:
> Move tpm_validate_command() to tpm2-space.c and make it part of the
> tpm2_prepare_space() flow. Make cc resolution as part of the TPM space
> functionality in order to detach it from rest of the tpm_transmit()
> flow.
>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> ---
> drivers/char/tpm/tpm-interface.c | 72 +++++++-------------------------
> drivers/char/tpm/tpm.h | 9 ++--
> drivers/char/tpm/tpm2-space.c | 54 +++++++++++++++++++++---
> 3 files changed, 68 insertions(+), 67 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> index 422e3bb0bd3d..3bf0c51b7b4f 100644
> --- a/drivers/char/tpm/tpm-interface.c
> +++ b/drivers/char/tpm/tpm-interface.c
> @@ -62,47 +62,6 @@ unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
> }
> EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration);
>
> -static int tpm_validate_command(struct tpm_chip *chip,
> - struct tpm_space *space,
> - const u8 *cmd,
> - size_t len)
> -{
> - const struct tpm_input_header *header = (const void *)cmd;
> - int i;
> - u32 cc;
> - u32 attrs;
> - unsigned int nr_handles;
> -
> - if (len < TPM_HEADER_SIZE)
> - return -EINVAL;
> -
> - if (!space)
> - return 0;
> -
> - if (chip->flags & TPM_CHIP_FLAG_TPM2 && chip->nr_commands) {
> - cc = be32_to_cpu(header->ordinal);
> -
> - i = tpm2_find_cc(chip, cc);
> - if (i < 0) {
> - dev_dbg(&chip->dev, "0x%04X is an invalid command\n",
> - cc);
> - return -EOPNOTSUPP;
> - }
> -
> - attrs = chip->cc_attrs_tbl[i];
> - nr_handles =
> - 4 * ((attrs >> TPM2_CC_ATTR_CHANDLES) & GENMASK(2, 0));
> - if (len < TPM_HEADER_SIZE + 4 * nr_handles)
> - goto err_len;
> - }
> -
> - return 0;
> -err_len:
> - dev_dbg(&chip->dev,
> - "%s: insufficient command length %zu", __func__, len);
> - return -EINVAL;
> -}
> -
> static int tpm_request_locality(struct tpm_chip *chip, unsigned int flags)
> {
> int rc;
> @@ -172,20 +131,8 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip,
> u32 count, ordinal;
> unsigned long stop;
>
> - rc = tpm_validate_command(chip, space, buf, bufsiz);
> - if (rc == -EINVAL)
> - return rc;
> - /*
> - * If the command is not implemented by the TPM, synthesize a
> - * response with a TPM2_RC_COMMAND_CODE return for user-space.
> - */
> - if (rc == -EOPNOTSUPP) {
> - header->length = cpu_to_be32(sizeof(*header));
> - header->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS);
> - header->return_code = cpu_to_be32(TPM2_RC_COMMAND_CODE |
> - TSS2_RESMGR_TPM_RC_LAYER);
> - return sizeof(*header);
> - }
> + if (bufsiz < TPM_HEADER_SIZE)
> + return -EINVAL;
>
> if (bufsiz > TPM_BUFSIZE)
> bufsiz = TPM_BUFSIZE;
> @@ -200,7 +147,18 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip,
> return -E2BIG;
> }
>
> - rc = tpm2_prepare_space(chip, space, ordinal, buf);
> + rc = tpm2_prepare_space(chip, space, buf, bufsiz);
> + /*
> + * If the command is not implemented by the TPM, synthesize a
> + * response with a TPM2_RC_COMMAND_CODE return for user-space.
> + */
> + if (rc == -EOPNOTSUPP) {
> + header->length = cpu_to_be32(sizeof(*header));
> + header->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS);
> + header->return_code = cpu_to_be32(TPM2_RC_COMMAND_CODE |
> + TSS2_RESMGR_TPM_RC_LAYER);
> + return sizeof(*header);
> + }
> if (rc)
> return rc;
>
> @@ -251,7 +209,7 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip,
> if (rc)
> tpm2_flush_space(chip);
> else
> - rc = tpm2_commit_space(chip, space, ordinal, buf, &len);
> + rc = tpm2_commit_space(chip, space, buf, &len);
>
> return rc ? rc : len;
> }
> diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
> index 229ac42b644e..8503dd261897 100644
> --- a/drivers/char/tpm/tpm.h
> +++ b/drivers/char/tpm/tpm.h
> @@ -264,6 +264,7 @@ struct tpm_chip {
> #endif /* CONFIG_ACPI */
>
> struct tpm_space work_space;
> + u32 last_cc;
> u32 nr_commands;
> u32 *cc_attrs_tbl;
>
> @@ -580,10 +581,10 @@ int tpm2_find_cc(struct tpm_chip *chip, u32 cc);
> int tpm2_init_space(struct tpm_space *space);
> void tpm2_del_space(struct tpm_chip *chip, struct tpm_space *space);
> void tpm2_flush_space(struct tpm_chip *chip);
> -int tpm2_prepare_space(struct tpm_chip *chip, struct tpm_space *space, u32 cc,
> - u8 *cmd);
> -int tpm2_commit_space(struct tpm_chip *chip, struct tpm_space *space,
> - u32 cc, u8 *buf, size_t *bufsiz);
> +int tpm2_prepare_space(struct tpm_chip *chip, struct tpm_space *space, u8 *cmd,
> + size_t cmdsiz);
> +int tpm2_commit_space(struct tpm_chip *chip, struct tpm_space *space, u8 *buf,
> + size_t *bufsiz);
>
> int tpm_bios_log_setup(struct tpm_chip *chip);
> void tpm_bios_log_teardown(struct tpm_chip *chip);
> diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c
> index 3d5f9577e5de..20c295fadd50 100644
> --- a/drivers/char/tpm/tpm2-space.c
> +++ b/drivers/char/tpm/tpm2-space.c
> @@ -264,14 +264,55 @@ static int tpm2_map_command(struct tpm_chip *chip, u32 cc, u8 *cmd)
> return 0;
> }
>
> -int tpm2_prepare_space(struct tpm_chip *chip, struct tpm_space *space, u32 cc,
> - u8 *cmd)
> +static int tpm_validate_command(struct tpm_chip *chip, struct tpm_space *space,
> + const u8 *cmd, size_t len)
Nit: len -> cmdsiz (like below)
> +{
> + const struct tpm_input_header *header = (const void *)cmd;
> + int i;
> + u32 cc;
> + u32 attrs;
> + unsigned int nr_handles;
> +
> + if (len < TPM_HEADER_SIZE)
> + return -EINVAL;
> +
> + if (chip->nr_commands) {
> + cc = be32_to_cpu(header->ordinal);
> +
> + i = tpm2_find_cc(chip, cc);
> + if (i < 0) {
> + dev_dbg(&chip->dev, "0x%04X is an invalid command\n",
> + cc);
> + return -EOPNOTSUPP;
> + }
> +
> + attrs = chip->cc_attrs_tbl[i];
> + nr_handles =
> + 4 * ((attrs >> TPM2_CC_ATTR_CHANDLES) & GENMASK(2, 0));
> + if (len < TPM_HEADER_SIZE + 4 * nr_handles)
> + goto err_len;
> + }
> +
> + return cc;
> +err_len:
> + dev_dbg(&chip->dev, "%s: insufficient command length %zu", __func__,
> + len);
> + return -EINVAL;
> +}
> +
> +int tpm2_prepare_space(struct tpm_chip *chip, struct tpm_space *space, u8 *cmd,
> + size_t cmdsiz)
> {
> int rc;
> + int cc;
>
> if (!space)
> return 0;
>
> + cc = tpm_validate_command(chip, space, cmd, cmdsiz);
> + if (cc < 0)
> + return cc;
> +
> memcpy(&chip->work_space.context_tbl, &space->context_tbl,
> sizeof(space->context_tbl));
> memcpy(&chip->work_space.session_tbl, &space->session_tbl,
> @@ -291,6 +332,7 @@ int tpm2_prepare_space(struct tpm_chip *chip, struct tpm_space *space, u32 cc,
> return rc;
> }
>
> + chip->last_cc = cc;
> return 0;
> }
>
> @@ -489,8 +531,8 @@ static int tpm2_save_space(struct tpm_chip *chip)
> return 0;
> }
>
> -int tpm2_commit_space(struct tpm_chip *chip, struct tpm_space *space,
> - u32 cc, u8 *buf, size_t *bufsiz)
> +int tpm2_commit_space(struct tpm_chip *chip, struct tpm_space *space, u8 *buf,
> + size_t *bufsiz)
> {
> struct tpm_output_header *header = (void *)buf;
> int rc;
> @@ -498,13 +540,13 @@ int tpm2_commit_space(struct tpm_chip *chip, struct tpm_space *space,
> if (!space)
> return 0;
>
> - rc = tpm2_map_response_header(chip, cc, buf, *bufsiz);
> + rc = tpm2_map_response_header(chip, chip->last_cc, buf, *bufsiz);
> if (rc) {
> tpm2_flush_space(chip);
> goto out;
> }
>
> - rc = tpm2_map_response_body(chip, cc, buf, *bufsiz);
> + rc = tpm2_map_response_body(chip, chip->last_cc, buf, *bufsiz);
> if (rc) {
> tpm2_flush_space(chip);
> goto out;
Rest looks good.
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
next prev parent reply other threads:[~2018-11-05 22:36 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-05 1:45 [PATCH v3 00/16] Remove nested TPM operations Jarkko Sakkinen
2018-11-05 1:45 ` [PATCH v3 01/16] tpm: use tpm_buf in tpm_transmit_cmd() as the IO parameter Jarkko Sakkinen
2018-11-05 21:48 ` Stefan Berger
2018-11-06 5:52 ` Jarkko Sakkinen
2018-11-05 1:45 ` [PATCH v3 02/16] tpm: fix invalid return value in pubek_show() Jarkko Sakkinen
2018-11-05 21:51 ` Stefan Berger
2018-11-05 1:45 ` [PATCH v3 03/16] tpm: return 0 from pcrs_show() when tpm1_pcr_read() fails Jarkko Sakkinen
2018-11-05 21:54 ` Stefan Berger
2018-11-06 5:54 ` Jarkko Sakkinen
2018-11-05 1:45 ` [PATCH v3 04/16] tpm: call tpm2_flush_space() on error in tpm_try_transmit() Jarkko Sakkinen
2018-11-05 22:01 ` Stefan Berger
2018-11-06 5:55 ` Jarkko Sakkinen
2018-11-05 1:45 ` [PATCH v3 05/16] tpm: print tpm2_commit_space() error inside tpm2_commit_space() Jarkko Sakkinen
2018-11-05 22:04 ` Stefan Berger
2018-11-06 5:58 ` Jarkko Sakkinen
2018-11-05 1:45 ` [PATCH v3 06/16] tpm: clean up tpm_try_transmit() error handling flow Jarkko Sakkinen
2018-11-05 22:20 ` Stefan Berger
2018-11-06 6:01 ` Jarkko Sakkinen
2018-11-05 1:45 ` [PATCH v3 07/16] tpm: access command header through struct in tpm_try_transmit() Jarkko Sakkinen
2018-11-05 22:26 ` Stefan Berger
2018-11-06 6:08 ` Jarkko Sakkinen
2018-11-05 1:45 ` [PATCH v3 08/16] tpm: move tpm_validate_commmand() to tpm2-space.c Jarkko Sakkinen
2018-11-05 22:36 ` Stefan Berger [this message]
2018-11-06 6:10 ` Jarkko Sakkinen
2018-11-05 1:45 ` [PATCH v3 09/16] tpm: encapsulate tpm_dev_transmit() Jarkko Sakkinen
2018-11-06 15:17 ` Stefan Berger
2018-11-05 1:45 ` [PATCH v3 10/16] tpm: move TPM space code out of tpm_transmit() Jarkko Sakkinen
2018-11-05 1:45 ` [PATCH v3 12/16] tpm: use tpm_try_get_ops() in tpm-sysfs.c Jarkko Sakkinen
2018-11-05 1:45 ` [PATCH v3 13/16] tpm: remove TPM_TRANSMIT_UNLOCKED flag Jarkko Sakkinen
2018-11-05 1:45 ` [PATCH v3 14/16] tpm: introduce tpm_chip_start() and tpm_chip_stop() Jarkko Sakkinen
2018-11-05 1:45 ` [PATCH v3 15/16] tpm: take TPM chip power gating out of tpm_transmit() Jarkko Sakkinen
2018-11-05 1:45 ` [PATCH v3 16/16] tpm: remove @flags from tpm_transmit() Jarkko Sakkinen
[not found] ` <20181105014552.20262-12-jarkko.sakkinen@linux.intel.com>
2018-11-06 15:25 ` [PATCH v3 11/16] tpm: remove @space " Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4d71e3e5-67b6-d9b3-0561-a1221b5d6bbf@linux.ibm.com \
--to=stefanb@linux.ibm.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=nayna@linux.ibm.com \
--cc=peterhuewe@gmx.de \
--cc=stefanb@linux.vnet.ibm.com \
--cc=tadeusz.struk@intel.com \
--cc=tomas.winkler@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.