From: Hao Wu <hao.wu@rubrik.com>
To: peterhuewe@gmx.de, jarkko.sakkinen@linux.intel.com, jgg@ziepe.ca,
arnd@arndb.de, gregkh@linuxfoundation.org, hamza@hpe.com,
james.l.morris@oracle.com
Cc: linux-integrity@vger.kernel.org, pmenzel@molgen.mpg.de,
kgold@linux.ibm.com, seungyeop.han@rubrik.com,
shrihari.kalkar@rubrik.com, anish.jhaveri@rubrik.com
Subject: Re: [PATCH] Fix Atmel TPM crash caused by too frequent queries
Date: Mon, 14 Sep 2020 19:52:14 -0700 [thread overview]
Message-ID: <E4DE1642-B6A1-4870-92D6-F1CE3BEAD934@rubrik.com> (raw)
In-Reply-To: <20200914061343.79018-1-hao.wu@rubrik.com>
Applied the fix on 5.9-rc4, but it looks like it is not enough to fix the issue. There should be other TPM timing changes since 4.15 (where we have tested and ensure it works). Need to look into it a bit to see what should be the fix in the master branch.
Thanks
Hao
> On Sep 13, 2020, at 11:13 PM, Hao Wu <hao.wu@rubrik.com> wrote:
>
> Since kernel 4.14, we fixed the TPM sleep logic
> from msleep to usleep_range, so that the TPM
> sleeps exactly with TPM_TIMEOUT (=5ms) afterward.
> Before that fix, msleep(5) actually sleeps for
> around 15ms.
> The fix is https://github.com/torvalds/linux/commit/9f3fc7bcddcb51234e23494531f93ab60475e1c3
>
> That fix uncovered that the TPM_TIMEOUT was not properly
> set previously. We recently found the TPM driver in kernel 4.14+
> (including 5.9-rc4) crashes Atmel TPM chips with
> too frequent TPM queries.
>
> The TPM crash signature is
> ```
> $ tpm_sealdata -z
> Tspi_Key_LoadKey failed: 0x00001087 - layer=tddl, code=0087 (135), I/O error
>
> $ sudo dmesg | grep tpm0
> [59154.665549] tpm tpm0: tpm_try_transmit: send(): error -62
> [59154.809532] tpm tpm0: tpm_try_transmit: send(): error -62
> ```
>
> From the error code "-62", it looks similar to another bug
> https://patchwork.kernel.org/patch/10520247/
> where the "TPM_TIMEOUT_USECS_MAX" and "TPM_TIMEOUT_USEC_MIN"
> is too small, which causes TPM get queried too frequently,
> and thus crashes.
>
> This patch fix the TPM_TIMEOUT to 15ms which was
> the actual timeout TPM chips use before the fix
> from msleep to usleep_range. Thus fixed the crash.
>
> Test Plan:
> - Run fixed kernel on system with Atmel TPM chips
> and ensure crash does not happen
> - Run fixed kernel on system with other TPM chips
> (IFX / WEC / STM) ensure not breakages from tpm-tool
> ---
> drivers/char/tpm/tpm.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
> index 947d1db0a5cc..73259ac0a997 100644
> --- a/drivers/char/tpm/tpm.h
> +++ b/drivers/char/tpm/tpm.h
> @@ -37,7 +37,7 @@
> #define TPM_RETRY 50
>
> enum tpm_timeout {
> - TPM_TIMEOUT = 5, /* msecs */
> + TPM_TIMEOUT = 15, /* msecs */
> TPM_TIMEOUT_RETRY = 100, /* msecs */
> TPM_TIMEOUT_RANGE_US = 300, /* usecs */
> TPM_TIMEOUT_POLL = 1, /* msecs */
> --
> 2.17.1
>
next prev parent reply other threads:[~2020-09-15 2:52 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-14 6:13 [PATCH] Fix Atmel TPM crash caused by too frequent queries Hao Wu
2020-09-14 6:17 ` Greg KH
2020-09-15 2:52 ` Hao Wu [this message]
2020-09-26 22:31 Hao Wu
2020-09-26 22:57 ` James Bottomley
2020-09-26 23:10 ` Hao Wu
2020-09-27 18:25 ` James Bottomley
2020-09-28 0:11 ` Hao Wu
2020-09-28 0:15 ` Hao Wu
2020-09-28 1:22 ` James Bottomley
2020-09-28 5:59 ` Hao Wu
2020-09-28 22:11 ` James Bottomley
2020-09-29 4:46 ` Hao Wu
2020-09-30 2:16 ` Jarkko Sakkinen
2020-09-30 14:54 ` James Bottomley
2020-09-30 15:37 ` Jarkko Sakkinen
2020-09-30 20:48 ` James Bottomley
2020-09-30 21:09 ` Jarkko Sakkinen
2020-09-30 22:31 ` James Bottomley
2020-10-01 1:50 ` Jarkko Sakkinen
2020-10-01 4:53 ` James Bottomley
2020-10-01 18:15 ` Nayna
2020-10-01 18:32 ` James Bottomley
2020-10-01 23:04 ` Jarkko Sakkinen
2020-10-17 6:11 ` Hao Wu
2020-10-18 5:09 ` Jarkko Sakkinen
2020-10-18 5:20 ` Hao Wu
2020-11-14 4:39 ` Hao Wu
2020-11-18 21:11 ` Jarkko Sakkinen
2020-11-18 23:23 ` Hao Wu
2021-05-09 6:18 ` Hao Wu
2021-05-09 6:31 ` Hao Wu
2021-05-10 2:17 ` Mimi Zohar
2021-05-10 3:15 ` Hao Wu
2021-05-10 17:28 ` Jarkko Sakkinen
2020-09-28 1:08 ` Jarkko Sakkinen
2020-09-28 6:03 ` Hao Wu
2020-09-28 14:16 ` Jarkko Sakkinen
2020-09-28 17:49 ` Hao Wu
2020-09-28 19:47 ` Jarkko Sakkinen
2020-09-28 20:27 ` Hao Wu
2020-09-30 2:11 ` Jarkko Sakkinen
2020-09-30 3:41 ` Hao Wu
[not found] ` <EA1EE8F8-F054-4E1B-B830-231398D33CB8@rubrik.com>
2020-10-01 14:16 ` Mimi Zohar
2021-06-20 23:18 Hao Wu
2021-06-23 13:35 ` Jarkko Sakkinen
2021-06-24 5:49 ` Hao Wu
2021-06-29 20:06 ` Jarkko Sakkinen
2021-06-30 4:27 ` Hao Wu
2021-06-24 5:33 ` Hao Wu
2021-06-29 20:07 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E4DE1642-B6A1-4870-92D6-F1CE3BEAD934@rubrik.com \
--to=hao.wu@rubrik.com \
--cc=anish.jhaveri@rubrik.com \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=hamza@hpe.com \
--cc=james.l.morris@oracle.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jgg@ziepe.ca \
--cc=kgold@linux.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=pmenzel@molgen.mpg.de \
--cc=seungyeop.han@rubrik.com \
--cc=shrihari.kalkar@rubrik.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).