* [PATCH v3] char: tpm: Protect tpm_pm_suspend with locks
@ 2022-11-28 19:56 Jason A. Donenfeld
2022-12-02 9:32 ` Thorsten Leemhuis
2022-12-04 17:06 ` Jarkko Sakkinen
0 siblings, 2 replies; 11+ messages in thread
From: Jason A. Donenfeld @ 2022-11-28 19:56 UTC (permalink / raw)
To: Vlastimil Babka, Jarkko Sakkinen, Jan Dąbroś,
linux-integrity, peterhuewe, jgg, gregkh, arnd, rrangel, timvp,
apronin, mw, upstream, linux-kernel, linux-crypto
Cc: Jason A . Donenfeld, stable
From: Jan Dabros <jsd@semihalf.com>
Currently tpm transactions are executed unconditionally in
tpm_pm_suspend() function, which may lead to races with other tpm
accessors in the system. Specifically, the hw_random tpm driver makes
use of tpm_get_random(), and this function is called in a loop from a
kthread, which means it's not frozen alongside userspace, and so can
race with the work done during system suspend:
[ 3.277834] tpm tpm0: tpm_transmit: tpm_recv: error -52
[ 3.278437] tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics
[ 3.278445] CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135
[ 3.278450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014
[ 3.278453] Call Trace:
[ 3.278458] <TASK>
[ 3.278460] dump_stack_lvl+0x34/0x44
[ 3.278471] tpm_tis_status.cold+0x19/0x20
[ 3.278479] tpm_transmit+0x13b/0x390
[ 3.278489] tpm_transmit_cmd+0x20/0x80
[ 3.278496] tpm1_pm_suspend+0xa6/0x110
[ 3.278503] tpm_pm_suspend+0x53/0x80
[ 3.278510] __pnp_bus_suspend+0x35/0xe0
[ 3.278515] ? pnp_bus_freeze+0x10/0x10
[ 3.278519] __device_suspend+0x10f/0x350
Fix this by calling tpm_try_get_ops(), which itself is a wrapper around
tpm_chip_start(), but takes the appropriate mutex.
Signed-off-by: Jan Dabros <jsd@semihalf.com>
Reported-by: Vlastimil Babka <vbabka@suse.cz>
Tested-by: Jason A. Donenfeld <Jason@zx2c4.com>
Tested-by: Vlastimil Babka <vbabka@suse.cz>
Link: https://lore.kernel.org/all/c5ba47ef-393f-1fba-30bd-1230d1b4b592@suse.cz/
Cc: stable@vger.kernel.org
Fixes: e891db1a18bf ("tpm: turn on TPM on suspend for TPM 1.x")
[Jason: reworked commit message, added metadata]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
drivers/char/tpm/tpm-interface.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index 1621ce818705..d69905233aff 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -401,13 +401,14 @@ int tpm_pm_suspend(struct device *dev)
!pm_suspend_via_firmware())
goto suspended;
- if (!tpm_chip_start(chip)) {
+ rc = tpm_try_get_ops(chip);
+ if (!rc) {
if (chip->flags & TPM_CHIP_FLAG_TPM2)
tpm2_shutdown(chip, TPM2_SU_STATE);
else
rc = tpm1_pm_suspend(chip, tpm_suspend_pcr);
- tpm_chip_stop(chip);
+ tpm_put_ops(chip);
}
suspended:
--
2.38.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH v3] char: tpm: Protect tpm_pm_suspend with locks
2022-11-28 19:56 [PATCH v3] char: tpm: Protect tpm_pm_suspend with locks Jason A. Donenfeld
@ 2022-12-02 9:32 ` Thorsten Leemhuis
2022-12-02 9:46 ` Jason A. Donenfeld
2022-12-03 10:25 ` Jason A. Donenfeld
2022-12-04 17:06 ` Jarkko Sakkinen
1 sibling, 2 replies; 11+ messages in thread
From: Thorsten Leemhuis @ 2022-12-02 9:32 UTC (permalink / raw)
To: Jarkko Sakkinen, peterhuewe
Cc: stable, Jason A. Donenfeld, Vlastimil Babka, Jan Dąbroś,
linux-integrity, jgg, gregkh, arnd, rrangel, timvp, apronin, mw,
upstream, linux-kernel, linux-crypto
Hi, this is your Linux kernel regression tracker.
On 28.11.22 20:56, Jason A. Donenfeld wrote:
BTW, many thx for taking care of this Jason!
> From: Jan Dabros <jsd@semihalf.com>
>
> Currently tpm transactions are executed unconditionally in
> tpm_pm_suspend() function, which may lead to races with other tpm
> accessors in the system. Specifically, the hw_random tpm driver makes
> use of tpm_get_random(), and this function is called in a loop from a
> kthread, which means it's not frozen alongside userspace, and so can
> race with the work done during system suspend:
Peter, Jarkko, did you look at this patch or even applied it already to
send it to Linus soon? Doesn't look like it from here, but maybe I
missed something.
Thing is: the linked regression afaics is overdue fixing (for details
see "Prioritize work on fixing regressions" in
https://www.kernel.org/doc/html/latest/process/handling-regressions.html
). Hence if this doesn't make any progress I'll likely have to point
Linus to this patch and suggest to apply it directly if it looks okay
from his perspective.
Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
P.S.: As the Linux kernel's regression tracker I deal with a lot of
reports and sometimes miss something important when writing mails like
this. If that's the case here, don't hesitate to tell me in a public
reply, it's in everyone's interest to set the public record straight.
> [ 3.277834] tpm tpm0: tpm_transmit: tpm_recv: error -52
> [ 3.278437] tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics
> [ 3.278445] CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135
> [ 3.278450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014
> [ 3.278453] Call Trace:
> [ 3.278458] <TASK>
> [ 3.278460] dump_stack_lvl+0x34/0x44
> [ 3.278471] tpm_tis_status.cold+0x19/0x20
> [ 3.278479] tpm_transmit+0x13b/0x390
> [ 3.278489] tpm_transmit_cmd+0x20/0x80
> [ 3.278496] tpm1_pm_suspend+0xa6/0x110
> [ 3.278503] tpm_pm_suspend+0x53/0x80
> [ 3.278510] __pnp_bus_suspend+0x35/0xe0
> [ 3.278515] ? pnp_bus_freeze+0x10/0x10
> [ 3.278519] __device_suspend+0x10f/0x350
>
> Fix this by calling tpm_try_get_ops(), which itself is a wrapper around
> tpm_chip_start(), but takes the appropriate mutex.
>
> Signed-off-by: Jan Dabros <jsd@semihalf.com>
> Reported-by: Vlastimil Babka <vbabka@suse.cz>
> Tested-by: Jason A. Donenfeld <Jason@zx2c4.com>
> Tested-by: Vlastimil Babka <vbabka@suse.cz>
> Link: https://lore.kernel.org/all/c5ba47ef-393f-1fba-30bd-1230d1b4b592@suse.cz/
> Cc: stable@vger.kernel.org
> Fixes: e891db1a18bf ("tpm: turn on TPM on suspend for TPM 1.x")
> [Jason: reworked commit message, added metadata]
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> ---
> drivers/char/tpm/tpm-interface.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> index 1621ce818705..d69905233aff 100644
> --- a/drivers/char/tpm/tpm-interface.c
> +++ b/drivers/char/tpm/tpm-interface.c
> @@ -401,13 +401,14 @@ int tpm_pm_suspend(struct device *dev)
> !pm_suspend_via_firmware())
> goto suspended;
>
> - if (!tpm_chip_start(chip)) {
> + rc = tpm_try_get_ops(chip);
> + if (!rc) {
> if (chip->flags & TPM_CHIP_FLAG_TPM2)
> tpm2_shutdown(chip, TPM2_SU_STATE);
> else
> rc = tpm1_pm_suspend(chip, tpm_suspend_pcr);
>
> - tpm_chip_stop(chip);
> + tpm_put_ops(chip);
> }
>
> suspended:
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v3] char: tpm: Protect tpm_pm_suspend with locks
2022-12-02 9:32 ` Thorsten Leemhuis
@ 2022-12-02 9:46 ` Jason A. Donenfeld
2022-12-02 10:09 ` Jan Dąbroś
2022-12-03 10:25 ` Jason A. Donenfeld
1 sibling, 1 reply; 11+ messages in thread
From: Jason A. Donenfeld @ 2022-12-02 9:46 UTC (permalink / raw)
To: Thorsten Leemhuis
Cc: Jarkko Sakkinen, peterhuewe, stable, Vlastimil Babka,
Jan Dąbroś,
linux-integrity, jgg, gregkh, arnd, rrangel, timvp, apronin, mw,
upstream, linux-kernel, linux-crypto
Thanks for handling this, Thorsten. I had poked Jarkko about this
earlier this week, but he didn't respond. So I'm glad you're on the case
now getting this in somewhere. Probably this should make it to rc8, so
there's still one week left of testing it.
Jason
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v3] char: tpm: Protect tpm_pm_suspend with locks
2022-12-02 9:46 ` Jason A. Donenfeld
@ 2022-12-02 10:09 ` Jan Dąbroś
0 siblings, 0 replies; 11+ messages in thread
From: Jan Dąbroś @ 2022-12-02 10:09 UTC (permalink / raw)
To: Jason A. Donenfeld
Cc: Thorsten Leemhuis, Jarkko Sakkinen, peterhuewe, stable,
Vlastimil Babka, linux-integrity, jgg, gregkh, arnd, rrangel,
timvp, apronin, mw, upstream, linux-kernel, linux-crypto
Hi Jason,
Thanks for taking care of this!
Re 2/3 and 3/3 as you mentioned earlier, will get back to this when I
have some bandwidth and send it separately.
Best Regards,
Jan
pt., 2 gru 2022 o 10:46 Jason A. Donenfeld <Jason@zx2c4.com> napisał(a):
>
> Thanks for handling this, Thorsten. I had poked Jarkko about this
> earlier this week, but he didn't respond. So I'm glad you're on the case
> now getting this in somewhere. Probably this should make it to rc8, so
> there's still one week left of testing it.
>
> Jason
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v3] char: tpm: Protect tpm_pm_suspend with locks
2022-12-02 9:32 ` Thorsten Leemhuis
2022-12-02 9:46 ` Jason A. Donenfeld
@ 2022-12-03 10:25 ` Jason A. Donenfeld
1 sibling, 0 replies; 11+ messages in thread
From: Jason A. Donenfeld @ 2022-12-03 10:25 UTC (permalink / raw)
To: Thorsten Leemhuis, torvalds
Cc: Jarkko Sakkinen, peterhuewe, stable, Vlastimil Babka,
Jan Dąbroś,
linux-integrity, jgg, gregkh, arnd, rrangel, timvp, apronin, mw,
upstream, linux-kernel, linux-crypto
Hi Thorsten / Linus,
On Fri, Dec 02, 2022 at 10:32:31AM +0100, Thorsten Leemhuis wrote:
> Hi, this is your Linux kernel regression tracker.
>
> On 28.11.22 20:56, Jason A. Donenfeld wrote:
>
> BTW, many thx for taking care of this Jason!
>
> > From: Jan Dabros <jsd@semihalf.com>
> >
> > Currently tpm transactions are executed unconditionally in
> > tpm_pm_suspend() function, which may lead to races with other tpm
> > accessors in the system. Specifically, the hw_random tpm driver makes
> > use of tpm_get_random(), and this function is called in a loop from a
> > kthread, which means it's not frozen alongside userspace, and so can
> > race with the work done during system suspend:
>
> Peter, Jarkko, did you look at this patch or even applied it already to
> send it to Linus soon? Doesn't look like it from here, but maybe I
> missed something.
>
> Thing is: the linked regression afaics is overdue fixing (for details
> see "Prioritize work on fixing regressions" in
> https://www.kernel.org/doc/html/latest/process/handling-regressions.html
> ). Hence if this doesn't make any progress I'll likely have to point
> Linus to this patch and suggest to apply it directly if it looks okay
> from his perspective.
I'm very concerned about this. Jan posted the original fix a month ago,
and then it fizzled out. Then I got word of the bug last week and
revived the fix [1], while also figuring out how to reproduce it
together with the reporter. I emailed the tpm maintainers offlist to
poke them, and nobody woke up. And tomorrow is rc8 day. Given that this
patch is pretty simple, has been tested to fix an annoying regression,
and that neither of the three maintainers has popped up this week to get
things rolling, I think we should just commit this now anyway, to make
sure it gets in for rc8. This way there's still a solid week of testing.
I'm in general not a big fan of the "nuclear option" of not waiting for
out to lunch maintainers, but given that it is now December 3, it seems
like the right decision.
[1] https://lore.kernel.org/all/20221128195651.322822-1-Jason@zx2c4.com/
Jason
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v3] char: tpm: Protect tpm_pm_suspend with locks
2022-11-28 19:56 [PATCH v3] char: tpm: Protect tpm_pm_suspend with locks Jason A. Donenfeld
2022-12-02 9:32 ` Thorsten Leemhuis
@ 2022-12-04 17:06 ` Jarkko Sakkinen
2022-12-04 17:10 ` Jarkko Sakkinen
1 sibling, 1 reply; 11+ messages in thread
From: Jarkko Sakkinen @ 2022-12-04 17:06 UTC (permalink / raw)
To: Jason A. Donenfeld
Cc: Vlastimil Babka, Jan Dąbroś,
linux-integrity, peterhuewe, jgg, gregkh, arnd, rrangel, timvp,
apronin, mw, upstream, linux-kernel, linux-crypto, stable
On Mon, Nov 28, 2022 at 08:56:51PM +0100, Jason A. Donenfeld wrote:
> From: Jan Dabros <jsd@semihalf.com>
>
> Currently tpm transactions are executed unconditionally in
> tpm_pm_suspend() function, which may lead to races with other tpm
> accessors in the system. Specifically, the hw_random tpm driver makes
> use of tpm_get_random(), and this function is called in a loop from a
> kthread, which means it's not frozen alongside userspace, and so can
> race with the work done during system suspend:
>
> [ 3.277834] tpm tpm0: tpm_transmit: tpm_recv: error -52
> [ 3.278437] tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics
> [ 3.278445] CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135
> [ 3.278450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014
> [ 3.278453] Call Trace:
> [ 3.278458] <TASK>
> [ 3.278460] dump_stack_lvl+0x34/0x44
> [ 3.278471] tpm_tis_status.cold+0x19/0x20
> [ 3.278479] tpm_transmit+0x13b/0x390
> [ 3.278489] tpm_transmit_cmd+0x20/0x80
> [ 3.278496] tpm1_pm_suspend+0xa6/0x110
> [ 3.278503] tpm_pm_suspend+0x53/0x80
> [ 3.278510] __pnp_bus_suspend+0x35/0xe0
> [ 3.278515] ? pnp_bus_freeze+0x10/0x10
> [ 3.278519] __device_suspend+0x10f/0x350
>
> Fix this by calling tpm_try_get_ops(), which itself is a wrapper around
> tpm_chip_start(), but takes the appropriate mutex.
>
> Signed-off-by: Jan Dabros <jsd@semihalf.com>
> Reported-by: Vlastimil Babka <vbabka@suse.cz>
> Tested-by: Jason A. Donenfeld <Jason@zx2c4.com>
> Tested-by: Vlastimil Babka <vbabka@suse.cz>
> Link: https://lore.kernel.org/all/c5ba47ef-393f-1fba-30bd-1230d1b4b592@suse.cz/
> Cc: stable@vger.kernel.org
> Fixes: e891db1a18bf ("tpm: turn on TPM on suspend for TPM 1.x")
> [Jason: reworked commit message, added metadata]
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> ---
> drivers/char/tpm/tpm-interface.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> index 1621ce818705..d69905233aff 100644
> --- a/drivers/char/tpm/tpm-interface.c
> +++ b/drivers/char/tpm/tpm-interface.c
> @@ -401,13 +401,14 @@ int tpm_pm_suspend(struct device *dev)
> !pm_suspend_via_firmware())
> goto suspended;
>
> - if (!tpm_chip_start(chip)) {
> + rc = tpm_try_get_ops(chip);
> + if (!rc) {
> if (chip->flags & TPM_CHIP_FLAG_TPM2)
> tpm2_shutdown(chip, TPM2_SU_STATE);
> else
> rc = tpm1_pm_suspend(chip, tpm_suspend_pcr);
>
> - tpm_chip_stop(chip);
> + tpm_put_ops(chip);
> }
>
> suspended:
> --
> 2.38.1
>
Hi, sorry for the latency.
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
BR, Jarkko
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v3] char: tpm: Protect tpm_pm_suspend with locks
2022-12-04 17:06 ` Jarkko Sakkinen
@ 2022-12-04 17:10 ` Jarkko Sakkinen
2022-12-04 19:14 ` Jason A. Donenfeld
0 siblings, 1 reply; 11+ messages in thread
From: Jarkko Sakkinen @ 2022-12-04 17:10 UTC (permalink / raw)
To: Jason A. Donenfeld
Cc: Vlastimil Babka, Jan Dąbroś,
linux-integrity, peterhuewe, jgg, gregkh, arnd, rrangel, timvp,
apronin, mw, upstream, linux-kernel, linux-crypto, stable
On Sun, Dec 04, 2022 at 05:06:41PM +0000, Jarkko Sakkinen wrote:
> On Mon, Nov 28, 2022 at 08:56:51PM +0100, Jason A. Donenfeld wrote:
> > From: Jan Dabros <jsd@semihalf.com>
> >
> > Currently tpm transactions are executed unconditionally in
> > tpm_pm_suspend() function, which may lead to races with other tpm
> > accessors in the system. Specifically, the hw_random tpm driver makes
> > use of tpm_get_random(), and this function is called in a loop from a
> > kthread, which means it's not frozen alongside userspace, and so can
> > race with the work done during system suspend:
> >
> > [ 3.277834] tpm tpm0: tpm_transmit: tpm_recv: error -52
> > [ 3.278437] tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics
> > [ 3.278445] CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135
> > [ 3.278450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014
> > [ 3.278453] Call Trace:
> > [ 3.278458] <TASK>
> > [ 3.278460] dump_stack_lvl+0x34/0x44
> > [ 3.278471] tpm_tis_status.cold+0x19/0x20
> > [ 3.278479] tpm_transmit+0x13b/0x390
> > [ 3.278489] tpm_transmit_cmd+0x20/0x80
> > [ 3.278496] tpm1_pm_suspend+0xa6/0x110
> > [ 3.278503] tpm_pm_suspend+0x53/0x80
> > [ 3.278510] __pnp_bus_suspend+0x35/0xe0
> > [ 3.278515] ? pnp_bus_freeze+0x10/0x10
> > [ 3.278519] __device_suspend+0x10f/0x350
> >
> > Fix this by calling tpm_try_get_ops(), which itself is a wrapper around
> > tpm_chip_start(), but takes the appropriate mutex.
> >
> > Signed-off-by: Jan Dabros <jsd@semihalf.com>
> > Reported-by: Vlastimil Babka <vbabka@suse.cz>
> > Tested-by: Jason A. Donenfeld <Jason@zx2c4.com>
> > Tested-by: Vlastimil Babka <vbabka@suse.cz>
> > Link: https://lore.kernel.org/all/c5ba47ef-393f-1fba-30bd-1230d1b4b592@suse.cz/
> > Cc: stable@vger.kernel.org
> > Fixes: e891db1a18bf ("tpm: turn on TPM on suspend for TPM 1.x")
> > [Jason: reworked commit message, added metadata]
> > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> > ---
> > drivers/char/tpm/tpm-interface.c | 5 +++--
> > 1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> > index 1621ce818705..d69905233aff 100644
> > --- a/drivers/char/tpm/tpm-interface.c
> > +++ b/drivers/char/tpm/tpm-interface.c
> > @@ -401,13 +401,14 @@ int tpm_pm_suspend(struct device *dev)
> > !pm_suspend_via_firmware())
> > goto suspended;
> >
> > - if (!tpm_chip_start(chip)) {
> > + rc = tpm_try_get_ops(chip);
> > + if (!rc) {
> > if (chip->flags & TPM_CHIP_FLAG_TPM2)
> > tpm2_shutdown(chip, TPM2_SU_STATE);
> > else
> > rc = tpm1_pm_suspend(chip, tpm_suspend_pcr);
> >
> > - tpm_chip_stop(chip);
> > + tpm_put_ops(chip);
> > }
> >
> > suspended:
> > --
> > 2.38.1
> >
>
> Hi, sorry for the latency.
>
> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git
BR, Jarkko
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v3] char: tpm: Protect tpm_pm_suspend with locks
2022-12-04 17:10 ` Jarkko Sakkinen
@ 2022-12-04 19:14 ` Jason A. Donenfeld
2022-12-08 9:23 ` Jarkko Sakkinen
0 siblings, 1 reply; 11+ messages in thread
From: Jason A. Donenfeld @ 2022-12-04 19:14 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: Vlastimil Babka, Jan Dąbroś,
linux-integrity, peterhuewe, jgg, gregkh, arnd, rrangel, timvp,
apronin, mw, upstream, linux-kernel, linux-crypto, stable
On Sun, Dec 04, 2022 at 05:10:58PM +0000, Jarkko Sakkinen wrote:
> On Sun, Dec 04, 2022 at 05:06:41PM +0000, Jarkko Sakkinen wrote:
> > On Mon, Nov 28, 2022 at 08:56:51PM +0100, Jason A. Donenfeld wrote:
> > > From: Jan Dabros <jsd@semihalf.com>
> > >
> > > Currently tpm transactions are executed unconditionally in
> > > tpm_pm_suspend() function, which may lead to races with other tpm
> > > accessors in the system. Specifically, the hw_random tpm driver makes
> > > use of tpm_get_random(), and this function is called in a loop from a
> > > kthread, which means it's not frozen alongside userspace, and so can
> > > race with the work done during system suspend:
> > >
> > > [ 3.277834] tpm tpm0: tpm_transmit: tpm_recv: error -52
> > > [ 3.278437] tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics
> > > [ 3.278445] CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135
> > > [ 3.278450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014
> > > [ 3.278453] Call Trace:
> > > [ 3.278458] <TASK>
> > > [ 3.278460] dump_stack_lvl+0x34/0x44
> > > [ 3.278471] tpm_tis_status.cold+0x19/0x20
> > > [ 3.278479] tpm_transmit+0x13b/0x390
> > > [ 3.278489] tpm_transmit_cmd+0x20/0x80
> > > [ 3.278496] tpm1_pm_suspend+0xa6/0x110
> > > [ 3.278503] tpm_pm_suspend+0x53/0x80
> > > [ 3.278510] __pnp_bus_suspend+0x35/0xe0
> > > [ 3.278515] ? pnp_bus_freeze+0x10/0x10
> > > [ 3.278519] __device_suspend+0x10f/0x350
> > >
> > > Fix this by calling tpm_try_get_ops(), which itself is a wrapper around
> > > tpm_chip_start(), but takes the appropriate mutex.
> > >
> > > Signed-off-by: Jan Dabros <jsd@semihalf.com>
> > > Reported-by: Vlastimil Babka <vbabka@suse.cz>
> > > Tested-by: Jason A. Donenfeld <Jason@zx2c4.com>
> > > Tested-by: Vlastimil Babka <vbabka@suse.cz>
> > > Link: https://lore.kernel.org/all/c5ba47ef-393f-1fba-30bd-1230d1b4b592@suse.cz/
> > > Cc: stable@vger.kernel.org
> > > Fixes: e891db1a18bf ("tpm: turn on TPM on suspend for TPM 1.x")
> > > [Jason: reworked commit message, added metadata]
> > > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> > > ---
> > > drivers/char/tpm/tpm-interface.c | 5 +++--
> > > 1 file changed, 3 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> > > index 1621ce818705..d69905233aff 100644
> > > --- a/drivers/char/tpm/tpm-interface.c
> > > +++ b/drivers/char/tpm/tpm-interface.c
> > > @@ -401,13 +401,14 @@ int tpm_pm_suspend(struct device *dev)
> > > !pm_suspend_via_firmware())
> > > goto suspended;
> > >
> > > - if (!tpm_chip_start(chip)) {
> > > + rc = tpm_try_get_ops(chip);
> > > + if (!rc) {
> > > if (chip->flags & TPM_CHIP_FLAG_TPM2)
> > > tpm2_shutdown(chip, TPM2_SU_STATE);
> > > else
> > > rc = tpm1_pm_suspend(chip, tpm_suspend_pcr);
> > >
> > > - tpm_chip_stop(chip);
> > > + tpm_put_ops(chip);
> > > }
> > >
> > > suspended:
> > > --
> > > 2.38.1
> > >
> >
> > Hi, sorry for the latency.
> >
> > Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
>
> Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git
Oh thank goodness. You'll send this in for rc8 today?
Jason
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v3] char: tpm: Protect tpm_pm_suspend with locks
2022-12-04 19:14 ` Jason A. Donenfeld
@ 2022-12-08 9:23 ` Jarkko Sakkinen
2022-12-08 10:51 ` Vlastimil Babka
0 siblings, 1 reply; 11+ messages in thread
From: Jarkko Sakkinen @ 2022-12-08 9:23 UTC (permalink / raw)
To: Jason A. Donenfeld
Cc: Vlastimil Babka, Jan Dąbroś,
linux-integrity, peterhuewe, jgg, gregkh, arnd, rrangel, timvp,
apronin, mw, upstream, linux-kernel, linux-crypto, stable
On Sun, Dec 04, 2022 at 08:14:31PM +0100, Jason A. Donenfeld wrote:
> On Sun, Dec 04, 2022 at 05:10:58PM +0000, Jarkko Sakkinen wrote:
> > On Sun, Dec 04, 2022 at 05:06:41PM +0000, Jarkko Sakkinen wrote:
> > > On Mon, Nov 28, 2022 at 08:56:51PM +0100, Jason A. Donenfeld wrote:
> > > > From: Jan Dabros <jsd@semihalf.com>
> > > >
> > > > Currently tpm transactions are executed unconditionally in
> > > > tpm_pm_suspend() function, which may lead to races with other tpm
> > > > accessors in the system. Specifically, the hw_random tpm driver makes
> > > > use of tpm_get_random(), and this function is called in a loop from a
> > > > kthread, which means it's not frozen alongside userspace, and so can
> > > > race with the work done during system suspend:
> > > >
> > > > [ 3.277834] tpm tpm0: tpm_transmit: tpm_recv: error -52
> > > > [ 3.278437] tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics
> > > > [ 3.278445] CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135
> > > > [ 3.278450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014
> > > > [ 3.278453] Call Trace:
> > > > [ 3.278458] <TASK>
> > > > [ 3.278460] dump_stack_lvl+0x34/0x44
> > > > [ 3.278471] tpm_tis_status.cold+0x19/0x20
> > > > [ 3.278479] tpm_transmit+0x13b/0x390
> > > > [ 3.278489] tpm_transmit_cmd+0x20/0x80
> > > > [ 3.278496] tpm1_pm_suspend+0xa6/0x110
> > > > [ 3.278503] tpm_pm_suspend+0x53/0x80
> > > > [ 3.278510] __pnp_bus_suspend+0x35/0xe0
> > > > [ 3.278515] ? pnp_bus_freeze+0x10/0x10
> > > > [ 3.278519] __device_suspend+0x10f/0x350
> > > >
> > > > Fix this by calling tpm_try_get_ops(), which itself is a wrapper around
> > > > tpm_chip_start(), but takes the appropriate mutex.
> > > >
> > > > Signed-off-by: Jan Dabros <jsd@semihalf.com>
> > > > Reported-by: Vlastimil Babka <vbabka@suse.cz>
> > > > Tested-by: Jason A. Donenfeld <Jason@zx2c4.com>
> > > > Tested-by: Vlastimil Babka <vbabka@suse.cz>
> > > > Link: https://lore.kernel.org/all/c5ba47ef-393f-1fba-30bd-1230d1b4b592@suse.cz/
> > > > Cc: stable@vger.kernel.org
> > > > Fixes: e891db1a18bf ("tpm: turn on TPM on suspend for TPM 1.x")
> > > > [Jason: reworked commit message, added metadata]
> > > > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> > > > ---
> > > > drivers/char/tpm/tpm-interface.c | 5 +++--
> > > > 1 file changed, 3 insertions(+), 2 deletions(-)
> > > >
> > > > diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> > > > index 1621ce818705..d69905233aff 100644
> > > > --- a/drivers/char/tpm/tpm-interface.c
> > > > +++ b/drivers/char/tpm/tpm-interface.c
> > > > @@ -401,13 +401,14 @@ int tpm_pm_suspend(struct device *dev)
> > > > !pm_suspend_via_firmware())
> > > > goto suspended;
> > > >
> > > > - if (!tpm_chip_start(chip)) {
> > > > + rc = tpm_try_get_ops(chip);
> > > > + if (!rc) {
> > > > if (chip->flags & TPM_CHIP_FLAG_TPM2)
> > > > tpm2_shutdown(chip, TPM2_SU_STATE);
> > > > else
> > > > rc = tpm1_pm_suspend(chip, tpm_suspend_pcr);
> > > >
> > > > - tpm_chip_stop(chip);
> > > > + tpm_put_ops(chip);
> > > > }
> > > >
> > > > suspended:
> > > > --
> > > > 2.38.1
> > > >
> > >
> > > Hi, sorry for the latency.
> > >
> > > Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
> >
> > Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git
>
> Oh thank goodness. You'll send this in for rc8 today?
for 6.2-rc1
BR, Jarkko
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v3] char: tpm: Protect tpm_pm_suspend with locks
2022-12-08 9:23 ` Jarkko Sakkinen
@ 2022-12-08 10:51 ` Vlastimil Babka
2022-12-10 1:57 ` Jarkko Sakkinen
0 siblings, 1 reply; 11+ messages in thread
From: Vlastimil Babka @ 2022-12-08 10:51 UTC (permalink / raw)
To: Jarkko Sakkinen, Jason A. Donenfeld
Cc: Jan Dąbroś,
linux-integrity, peterhuewe, jgg, gregkh, arnd, rrangel, timvp,
apronin, mw, upstream, linux-kernel, linux-crypto, stable
On 12/8/22 10:23, Jarkko Sakkinen wrote:
> On Sun, Dec 04, 2022 at 08:14:31PM +0100, Jason A. Donenfeld wrote:
>> >
>> > Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git
>>
>> Oh thank goodness. You'll send this in for rc8 today?
>
> for 6.2-rc1
Linus took it directly to rc8, so it would conflict now.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.1-rc8&id=23393c6461422df5bf8084a086ada9a7e17dc2ba
> BR, Jarkko
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v3] char: tpm: Protect tpm_pm_suspend with locks
2022-12-08 10:51 ` Vlastimil Babka
@ 2022-12-10 1:57 ` Jarkko Sakkinen
0 siblings, 0 replies; 11+ messages in thread
From: Jarkko Sakkinen @ 2022-12-10 1:57 UTC (permalink / raw)
To: Vlastimil Babka
Cc: Jason A. Donenfeld, Jan Dąbroś,
linux-integrity, peterhuewe, jgg, gregkh, arnd, rrangel, timvp,
apronin, mw, upstream, linux-kernel, linux-crypto, stable
On Thu, Dec 08, 2022 at 11:51:24AM +0100, Vlastimil Babka wrote:
> On 12/8/22 10:23, Jarkko Sakkinen wrote:
> > On Sun, Dec 04, 2022 at 08:14:31PM +0100, Jason A. Donenfeld wrote:
> >> >
> >> > Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git
> >>
> >> Oh thank goodness. You'll send this in for rc8 today?
> >
> > for 6.2-rc1
>
> Linus took it directly to rc8, so it would conflict now.
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.1-rc8&id=23393c6461422df5bf8084a086ada9a7e17dc2ba
Thanks for the remark!
BR, Jarkko
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2022-12-10 1:57 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-28 19:56 [PATCH v3] char: tpm: Protect tpm_pm_suspend with locks Jason A. Donenfeld
2022-12-02 9:32 ` Thorsten Leemhuis
2022-12-02 9:46 ` Jason A. Donenfeld
2022-12-02 10:09 ` Jan Dąbroś
2022-12-03 10:25 ` Jason A. Donenfeld
2022-12-04 17:06 ` Jarkko Sakkinen
2022-12-04 17:10 ` Jarkko Sakkinen
2022-12-04 19:14 ` Jason A. Donenfeld
2022-12-08 9:23 ` Jarkko Sakkinen
2022-12-08 10:51 ` Vlastimil Babka
2022-12-10 1:57 ` Jarkko Sakkinen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.